Free DISA STIG and SRG Library | Vaulted

V-56699

The operating system must transmit only encrypted representations of passwords.

Finding ID
SRG-OS-000074-GPOS-00042
Rule ID
SV-70959r1_rule
Severity
Cat II
CCE
(None)
Group Title
SRG-OS-000074-GPOS-00042
CCI
CCI-000197
Target Key
(None)
Documentable
No
Discussion

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.

Fix Text

Configure the operating system to transmit only encrypted representations of passwords.

Check Content

Verify the operating system transmits only encrypted representations of passwords. If it does not, this is a finding.