Back

Configure the "Allow unencrypted traffic" to organizational standards.


CONTROL ID
08383
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Configure network protection settings to organizational standards., CC ID: 07601

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Configure the "Allow unencrypted traffic" setting to "Disabled". (86ED6AA8-7007-4B98-9277-1986E1A76789, Win8 Computer Security Compliance, 1.0)
  • Configure the "Allow unencrypted traffic" setting to "Disabled". (33A232B6-2C16-4215-97B0-65430A4A3C94, Win8 Computer Security Compliance, 1.0)
  • Configure the "Allow unencrypted traffic" setting to "Disabled". (81714A57-8A4A-4EA5-AF68-A0781FB288A5, Win8 Computer Security Compliance, 1.0)
  • Configure the "Allow unencrypted traffic" setting to "Disabled". (23A5460D-D7A2-4FED-81A4-E492608B2642, Win8 Computer Security Compliance, 1.0)
  • Configure the "Allow unencrypted traffic" setting to "Disabled". (935E721F-60E1-4AC6-9D26-F3B4C787044E, Win8 Computer Security Compliance, 1.0)
  • Configure the "Allow unencrypted traffic" setting to "Disabled". (04C377D0-E79D-425C-A7FF-0891CB8564E9, Win8 Computer Security Compliance, 1.0)
  • (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled' Description: This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network. The recommended state for this setting is: `Disabled`. Rationale: Encryp… (18.9.97.2.3, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 1)
  • (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled' Description: This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network. The recommended state for this setting is: `Disabled`. Rationale: Encrypti… (18.9.97.1.2, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 1)
  • (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled' Description: This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network. The recommended state for this setting is: `Disabled`. Rationale: Encryp… (18.9.97.2.3, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 2)
  • (L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled' Description: This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network. The recommended state for this setting is: `Disabled`. Rationale: Encrypti… (18.9.97.1.2, CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 2)
  • Title: Set 'Allow unencrypted traffic' to 'Disabled' Description: This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM client sends and receives un… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.4.6.5_Set_Allow_unencrypted_traffic_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.4.6.5.1_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Set 'Allow unencrypted traffic' to 'Disabled' Description: This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM client sends and receives un… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.4.6.5_Set_Allow_unencrypted_traffic_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.4.6.5.2_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Set 'Allow unencrypted traffic' to 'Disabled' Description: This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM client sends and receives une… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.4.6.6_Set_Allow_unencrypted_traffic_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.4.6.6.1_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Set 'Allow unencrypted traffic' to 'Disabled' Description: This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM client sends and receives une… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.4.6.6_Set_Allow_unencrypted_traffic_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.4.6.6.2_, The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0)
  • Title: Set 'Allow unencrypted traffic' to 'Disabled' Description: This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM client sends and receives une… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.4.6.6_Set_Allow_unencrypted_traffic_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.4.6.6.1_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Set 'Allow unencrypted traffic' to 'Disabled' Description: This policy setting allows you to manage whether the Windows Remote Management (WinRM) client sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM client sends and receives une… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.4.6.6_Set_Allow_unencrypted_traffic_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.4.6.6.2_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Set 'Allow unencrypted traffic' to 'Disabled' Description: This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM client sends and receives un… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.4.6.5_Set_Allow_unencrypted_traffic_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.4.6.5.2_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • Title: Set 'Allow unencrypted traffic' to 'Disabled' Description: This policy setting allows you to manage whether the Windows Remote Management (WinRM) service sends and receives unencrypted messages over the network. If you enable this policy setting, the WinRM client sends and receives un… (Rule: xccdf_org.cisecurity.benchmarks_rule_1.2.4.6.5_Set_Allow_unencrypted_traffic_to_Disabled Artifact Expression: xccdf_org.cisecurity.benchmarks_ae_1.2.4.6.5.1_, The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0)
  • The "Allow unencrypted traffic" machine setting should be configured correctly for the WinRM client. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Client\Allow unencrypted traffic HKEY_LOCAL_MACHINE\Software\Policies… (CCE-11954-5, Common Configuration Enumeration List, Combined XML: Microsoft Windows Server 2008 R2, 5.20130214)
  • The "Allow unencrypted traffic" machine setting should be configured correctly for the WinRM service. Technical Mechanisms: Computer Configuration\Administrative Templates\Windows Components\Windows Remote Management (WinRM)\WinRM Service\Allow unencrypted traffic HKEY_LOCAL_MACHINE\Software\Polici… (CCE-11290-4, Common Configuration Enumeration List, Combined XML: Microsoft Windows Server 2008 R2, 5.20130214)
  • The "WPD Devices: Deny read access" machine setting should be configured correctly. Technical Mechanisms: Computer Configuration\Administrative Templates\System\Removable Storage Access\WPD Devices: Deny read access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6AC… (CCE-11974-3, Common Configuration Enumeration List, Combined XML: Microsoft Windows Server 2008 R2, 5.20130214)
  • The "WPD Devices: Deny write access" machine setting should be configured correctly. Technical Mechanisms: Computer Configuration\Administrative Templates\System\Removable Storage Access\WPD Devices: Deny write access HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\RemovableStorageDevices\{6… (CCE-11070-0, Common Configuration Enumeration List, Combined XML: Microsoft Windows Server 2008 R2, 5.20130214)