7.10 Ensure RC4 Cipher Suites is disabled - RC4 128/128

Information

RC4 is a stream cipher that has known practical attacks. It is recommended that RC4 be disabled. The only RC4 cipher enabled by default on Server 2012 and 2012 R2 is RC4 128/128.

The use of RC4 may increase an adversaries ability to read sensitive information sent over SSL/TLS.

Solution

To disable RC4 128/128, ensure the following key is set to 0.
HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 128/128\Enabled

See Also

https://workbench.cisecurity.org/files/165

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: Windows

Control ID: ad457ab4ba0a727fcef82387e6be6ab5950b85315bda0e4d18ed1981ef46a327