7.11 Ensure Triple DES Cipher Suite is configured

Information

Enabling Triple DES Cipher Suites may be required for client compatibility. Enable or disable this cipher suite accordingly.

This item is Not Scored for the following reasons:
- Enabling AES 256/256 is recommended.
- This cipher does not suffer from known practical attacks.

Solution

To enable Triple DES 168/168, ensure the following key is not present or is set to 0xFFFFFFFF.
HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\Triple DES 168/168\Enabled

See Also

https://workbench.cisecurity.org/files/165

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: Windows

Control ID: 86be542124b40c53297d94084d1b10821e1d170e8af89b90ec30c3d564c82c10