STIGQter: STIG Summary: Network Device Management Security Requirements Guide Version: 4 Release: 1 Benchmark Date: 23 Apr 2021:

The network device must transmit only encrypted representations of passwords.

DISA Rule

SV-202065r397525_rule

Vulnerability Number

V-202065

Group Title

SRG-APP-000172

Rule Version

SRG-APP-000172-NDM-000259

Severity

CAT I

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Configure the network device or its associated authentication server to transmit only encrypted representations of passwords.

Check Contents

Determine if the network device or its associated authentication server transmits only encrypted representations of passwords. This requirement may be verified by demonstration or configuration review. If the network device or the associated authentication server transmits unencrypted representations of passwords, this is a finding.

Vulnerability Number

V-202065

Documentable

False

Rule Version

SRG-APP-000172-NDM-000259

Severity Override Guidance

Determine if the network device or its associated authentication server transmits only encrypted representations of passwords. This requirement may be verified by demonstration or configuration review. If the network device or the associated authentication server transmits unencrypted representations of passwords, this is a finding.

Check Content Reference

M

Target Key

2890

Comments