WN12-AC-000009 - Reversible password encryption must be disabled.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Storing passwords using reversible encryption is essentially the same as storing clear-text versions of the passwords. For this reason, this policy must never be enabled.

Solution

Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy -> 'Store password using reversible encryption' to 'Disabled'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_Windows_2012_and_2012_R2_MS_V3R1_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(c), CAT|I, CCI|CCI-000196, CSCv6|16.5, CSCv6|16.13, CSCv6|16.14, Rule-ID|SV-225274r569185_rule, STIG-ID|WN12-AC-000009, STIG-Legacy|SV-52880, STIG-Legacy|V-2372, Vuln-ID|V-225274

Plugin: Windows

Control ID: 18b596b90b0979b0a2f735c2af061761297d79537afcd4899a2303d18912cecc