Navigate

Check: 3.057

windows 7 iavm: 3.057 (in version v1 r32)

Title

Reversible password encryption must be disabled. (Cat II impact)

Discussion

Storing passwords using reversible encryption is essentially the same as storing clear-text versions of the passwords. For this reason, this policy must never be enabled.

Check Content

Analyze the system using the Security Configuration and Analysis snap-in. Expand the Security Configuration and Analysis tree view. Navigate to Account Policies >> Password Policy. If the value for "Store password using reversible encryption" is not disabled, this is a finding.

Fix Text

Configure the policy value for Computer Configuration >> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> "Store password using reversible encryption" to "Disabled".

Additional Identifiers

Rule ID:

Vulnerability ID: V-2372

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-000196	The information system, for password-based authentication, stores only cryptographically-protected passwords.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
IA-5(1)	Password-based Authentication