Outgoing Secure channel traffic is not signed when possible.

Details

Requests sent on the secure channel are authenticated, and sensitive information (such as passwords) is encrypted, but the channel is not integrity checked. If this policy is enabled, all outgoing secure channel traffic should be signed.

Solution

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options -> ‘Domain Member- Digitally sign secure channel data (when possible)’ to ‘Enabled’.

Supportive Information

The following resource is also helpful.

http://iasecontent.disa.mil/stigs/zip/Oct2016/U_Windows_Vista_V6R41_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

800-53|SC-8
800-53|SC-8(1)
CAT|II
CCI|CCI-002418
CCI|CCI-002421
CSCv6|13
Rule-ID|SV-29517r1_rule
STIG-ID|3.042
Vuln-ID|V-1164

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles