7.13 Ensure AES 256/256 Cipher Suite is enabled - Enabled

Information

AES 256/256 is the most recent and mature cipher suite for protecting the confidentiality and integrity of HTTP traffic. Enabling AES 256/256 is recommended. This is enabled by default on Server 2012 and 2012 R2.

Enabling this cipher will help ensure the confidentiality and integrity of data in transit.

Solution

To enable the AES 256/256 cipher:
1. Ensure that the following key does not exist. If it does exist, you can either delete the key or proceed to step 2.
HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256\
2. If the key exists, ensure the following is set to 0xFFFFFFFF.
HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\AES 256/256\Enabled

See Also

https://workbench.cisecurity.org/files/165

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13

Plugin: Windows

Control ID: 38107133a1e98889955c0c4062fd6e03afece8f783debb6af693ce3be039d25a