The ICS must be configured to transmit only encrypted representations of passwords.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-258615 | IVCS-NM-000450 | SV-258615r961029_rule | CCI-000197 | high |
| Description | ||||
| Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. This is applicable to the account of last resort which uses a password. Secure password while in transit for admin access. | ||||
| STIG | Date | |||
| Ivanti Connect Secure NDM Security Technical Implementation Guide | 2024-09-16 | |||
Related Frameworks
6 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
IA-5(1)
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1714 mappings
3.5.10
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.7
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.8
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
3.5.9
1.00
- DISA · 2 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-000197
1.00
- DISA · 2 · disa_xccdf · related
Details
Check Text (C-258615r961029_chk)
In the ICS Web UI, navigate to System >> Configuration >> Inbound SSL Options.
Under "Allowed SSL and TLS Version", if "Accept only TLS 1.2 (maximize security)" is checked.
Navigate to System >> Configuration >> Outbound SSL Options.
Under "Allowed SSL and TLS Version", if "Accept only TLS 1.2 (maximize security)" is checked.
If the ICS does not transmit only encrypted representations of passwords, this is a finding.
Fix Text (F-62264r930532_fix)
In the ICS Web UI, navigate to System >> Configuration >> Inbound SSL Options.
1. Under "Allowed SSL and TLS Version", check the box for "Accept only TLS 1.2 (maximize security)".
2. Click "Save Changes".
3. Click "Proceed" for acceptance of Cipher Change.
Navigate to System >> Configuration >> Outbound SSL Options.
1. Under "Allowed SSL and TLS Version", check the box for "Accept only TLS 1.2 (maximize security)".
2. Click "Save Changes".
3. Click "Proceed" for acceptance of Cipher Change.