Free DISA STIG and SRG Library | Vaulted

V-56697

The operating system must store only encrypted representations of passwords.

Finding ID
SRG-OS-000073-GPOS-00041
Rule ID
SV-70957r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-OS-000073-GPOS-00041
CCI
CCI-000196
Target Key
(None)
Documentable
No
Discussion

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.

Fix Text

Configure the operating system to store only encrypted representations of passwords.

Check Content

Verify the operating system stores only encrypted representations of passwords. If it does not, this is a finding.