STIGQter: STIG Summary: Video Services Policy STIG Version: 1 Release: 11 Benchmark Date: 24 Apr 2020:

The VTC system and components must not display passwords in clear text.

DISA Rule

SV-18862r3_rule

Vulnerability Number

V-17688

Group Title

RTS-VTC 2022

Rule Version

RTS-VTC 2022.00

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Implement the VTC system and components to not display passwords in clear text. If existing devices do not support this behavior, upgrade as soon as possible.

Check Contents

Review site documentation to confirm the VTC system and components does not display passwords in clear text when logging onto a VTU locally or remotely. If the VTC system or any components do display passwords in clear text, this is a finding.

Note: During APL testing, this is a finding in the event this requirement is not supported by the VTU.

Vulnerability Number

V-17688

Documentable

False

Rule Version

RTS-VTC 2022.00

Severity Override Guidance

Review site documentation to confirm the VTC system and components does not display passwords in clear text when logging onto a VTU locally or remotely. If the VTC system or any components do display passwords in clear text, this is a finding.

Note: During APL testing, this is a finding in the event this requirement is not supported by the VTU.

Check Content Reference

M

Responsibility

Information Assurance Officer

Target Key

1418

Comments