STIGQter: STIG Summary: Windows 2008 Member Server Security Technical Implementation Guide Version: 6 Release: 43 Benchmark Date: 26 Jul 2019: Unencrypted remote access is permitted to system services.

DISA Rule

SV-29696r1_rule

Vulnerability Number

V-2908

Group Title

Unencrypted Remote Access

Rule Version

3.061

Severity

CAT I

CCI(s)

• CCI-000068 - The information system implements cryptographic mechanisms to protect the confidentiality of remote access sessions.

Weight

10

Fix Recommendation

Encryption of userid and password information is required.

Encryption of the user data inside the network firewall is also highly recommended.

Encryption of user data coming from or going outside the network firewall is required.

Encryption for administrator data is always required.

Refer to the Enclave Security STIG section on “FTP and Telnet,” for detailed information on its use.

Check Contents

Interview the IAO to ensure that encryption of userid and password information is required, and data is encrypted according to DoD policy.

If the user account used for unencrypted remote access within the enclave (premise router) has administrator privileges, then this is a finding.

If userid and password information used for remote access to system services from outside the enclave is not encrypted, then this is a finding.

Vulnerability Number

V-2908

Documentable

False

Rule Version

3.061

Severity Override Guidance

Interview the IAO to ensure that encryption of userid and password information is required, and data is encrypted according to DoD policy.

If the user account used for unencrypted remote access within the enclave (premise router) has administrator privileges, then this is a finding.

If userid and password information used for remote access to system services from outside the enclave is not encrypted, then this is a finding.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1340

Comments