The Windows Remote Management (WinRM) client must not use Basic authentication.

An XCCDF Rule

Description

Basic authentication uses plain text passwords that could be used to compromise a system.

ID: SV-253416r958510_rule
Version: WN11-CC-000330
Severity: High
References: CCI-000877
Updated: 5 days ago

Remediation Templates

Configure the policy value for Computer Configuration >> Administrative Templates >> Windows Components >> Windows Remote Management (WinRM) >> WinRM Client >> "Allow Basic authentication" to "Disabled".