Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-2908 | WN08-00-000007 | SV-48066r2_rule | ECCT-1 ECCT-2 | High |
Description |
---|
Unencrypted access to system services may permit user identification and passwords that are being transmitted in clear text to be intercepted. This could provide an intruder access to the network. |
STIG | Date |
---|---|
Windows 8 / 8.1 Security Technical Implementation Guide | 2015-11-30 |
Check Text ( C-44805r4_chk ) |
---|
Verify encryption is required for remote access. If userid and password information are not encrypted, this is a finding. If administrator data is not encrypted, this is a finding. If user data coming from or going outside the enclave is not encrypted, this is a finding. |
Fix Text (F-41204r4_fix) |
---|
Require encryption for remote access. Encryption of userid and password information is always required. Encryption of administrator data is always required. Encryption of user data coming from or going outside the network firewall is required. Encryption of the user data inside the network firewall is also highly recommended. |