WN12-AC-000009 – Reversible password encryption must be disabled.

Details

Storing passwords using reversible encryption is essentially the same as storing clear-text versions of the passwords. For this reason, this policy must never be enabled.

Solution

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> ‘Store password using reversible encryption’ to ‘Disabled’.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_MS_V3R3_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Windows.

References

800-53|IA-5(1)(c)
CAT|I
CCI|CCI-000196
Rule-ID|SV-225274r569185_rule
STIG-ID|WN12-AC-000009
STIG-Legacy|SV-52880
STIG-Legacy|V-2372
Vuln-ID|V-225274

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles