Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-2908 | WN08-00-000007 | SV-48066r1_rule | ECCT-1 ECCT-2 | High |
Description |
---|
Unencrypted access to system services may permit an intruder to intercept user identification and passwords that are being transmitted in clear text. This could give an intruder unlimited access to the network. |
STIG | Date |
---|---|
Windows 8 / 8.1 Security Technical Implementation Guide | 2014-06-27 |
Check Text ( C-44805r1_chk ) |
---|
Interview the IAO to ensure that encryption of userid and password information is required, and data is encrypted according to DoD policy. If the user account used for unencrypted remote access within the enclave (premise router) has administrator privileges, this is a finding. If userid and password information used for remote access to system services from outside the enclave is not encrypted, this is a finding. |
Fix Text (F-41204r1_fix) |
---|
Ensure the following are met during remote access: Encrypt userid and password information. Encrypt user data coming from or going outside the network firewall. (Encrypting user data within the firewall is also highly recommended.) Encrypt administrator data. |