1.1.6 Ensure 'Store passwords using reversible encryption' into 'Disabled'

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

This policy setting determines whether the operating system stores passwords in a way that uses reversible encryption, which provides support for application protocols that require knowledge of the user's password for authentication purposes.

Passwords that are stored with reversible encryption are essentially the same as plaintext versions of the passwords.

The recommended state for this setting is: 'Disabled'.

Solution

To establish the recommended configuration via GP, set the following UI path to 'Disabled':

Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy\Store passwords using reversible encryption

See Also

https://workbench.cisecurity.org/files/1941

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv6|16.5

Plugin: Windows

Control ID: fe041119be532923f610c22a5ed8937e4dea1b9f13120d1b882441980d34dd3d