|Platform: win2012r2||Date: (C)2015-10-08 (M)2017-10-26|
System cryptography: Force strong key protection for user keys stored on the computer
This policy setting determines whether users' private keys (such as their S-MIME keys) require a password to be used. If you configure this policy setting so that users must provide a password?distinct from their domain password?every time that they use a key, then it will be more difficult for an attacker to access locally stored keys, even an attacker who discovers logon passwords.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options!System cryptography: Force strong key protection for user keys stored on the computer
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Cryptography!ForceKeyProtection
|SCAP Repo OVAL Definition||oval:org.secpod.oval:def:27427|