[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-36110-5

Platform: cpe:/o:microsoft:windows_server_2012::r2Date: (C)2015-10-08   (M)2023-07-04



System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing This policy setting determines whether the Transport Layer Security/Secure Sockets Layer (TLS/SSL) Security Provider supports only the TLS_RSA_WITH_3DES_EDE_CBC_SHA cipher suite. Although this policy setting increases security, most public Web sites that are secured with TLS or SSL do not support these algorithms. Client computers that have this policy setting enabled will also be unable to connect to Terminal Services on servers that are not configured to use the FIPS compliant algorithms. Note If you enable this policy setting, computer performance will be slower because the 3DES process is performed on each block of data in the file three times. This policy setting should only be enabled if your organization is required to be FIPS compliant. Important: This setting is recorded in different registry locations depending upon the version of Windows being used. For Windows XP and Windows Server 2003 it is stored at HKLMSystemCurrentControlSetControlLsaFIPSAlgorithmPolicy, with Windows Vista and later versions of Windows it is stored at HKLMSystemCurrentControlSetControlLsaFIPSAlgorithmPolicyEnabled. This means that you must use Windows XP or Windows Server 2003 to edit group policies and security templates which will be applied to computers running Windows XP or Windows Server 2003. However, when editing group policies or security templates which will be applied to computers running Windows Vista or Windows Server 2008 you must use Windows Vista or Windows Server 2008.


Parameter:

[enable/disable]


Technical Mechanism:

(1) GPO: Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options!System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing (2) REG: HKEY_LOCAL_MACHINESystemCurrentControlSetControlLsaFIPSAlgorithmPolicy!Enabled

CCSS Severity:CCSS Metrics:
CCSS Score : 5.9Attack Vector: NETWORK
Exploit Score: 2.2Attack Complexity: HIGH
Impact Score: 3.6Privileges Required: NONE
Severity: MEDIUMUser Interaction: NONE
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NScope: UNCHANGED
 Confidentiality: HIGH
 Integrity: NONE
 Availability: NONE
  

References:
Resource IdReference
SCAP Repo OVAL Definitionoval:org.secpod.oval:def:22808


OVAL    1
oval:org.secpod.oval:def:22808
XCCDF    8
xccdf_org.secpod_benchmark_NIST_800_171_R1_Windows_Server_2012_R2
xccdf_org.secpod_benchmark_SecPod_Windows_2012_R2
xccdf_org.secpod_benchmark_SecPod_Windows_Server_2012_R2
xccdf_org.secpod_benchmark_NIST_800_53_r4_Windows_2012_R2
...

© SecPod Technologies