The ICS must be configured to transmit only encrypted representations of passwords.

An XCCDF Rule

Description

<VulnDiscussion>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. This is applicable to the account of last resort which uses a password. Secure password while in transit for admin access.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-258615r961029_rule
Severity: High
References: CCI-000197
Updated: 16 days ago

In the ICS Web UI, navigate to System >> Configuration >> Inbound SSL Options.
1. Under "Allowed SSL and TLS Version", check the box for "Accept only TLS 1.2 (maximize security)".
2. Click "Save Changes".
3. Click "Proceed" for acceptance of Cipher Change.

Navigate to System >> Configuration >> Outbound SSL Options.1. Under "Allowed SSL and TLS Version", check the box for "Accept only TLS 1.2 (maximize security)".
2. Click "Save Changes".
3. Click "Proceed" for acceptance of Cipher Change.

The ICS must be configured to transmit only encrypted representations of passwords.

Description

Remediation - Manual Procedure