WN25-DC-000140 - Windows Server 2025 must use separate, NSA-approved (Type 1) cryptography to protect the directory data in transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data.

Information

Directory data that is not appropriately encrypted is subject to compromise. Commercial-grade encryption does not provide adequate protection when the classification level of directory data in transit is higher than the level of the network.

Solution

Configure NSA-approved (Type 1) cryptography to protect the directory data in transit for directory service implementations at a classified confidentiality level that transfer replication data through a network cleared to a lower level than the data.

Item Details

Audit Name: DISA Microsoft Windows Server 2025 STIG v1r1

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Plugin: Windows

Control ID: 6c9404d6fe9a759b5856fc95f3c334b12098beeadae85aa956250b1289fb641a

Detections

Analytics

WN25-DC-000140 - Windows Server 2025 must use separate, NSA-approved (Type 1) cryptography to protect the directory data in transit for directory service implementations at a classified confidentiality level when replication data traverses a network cleared to a lower level than the data.

Information

Solution

See Also

Item Details