STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Ivanti Connect Secure NDM Security Technical Implementation Guide

V-258615

CAT I (High)

The ICS must be configured to transmit only encrypted representations of passwords.

Rule ID

SV-258615r961029_rule

STIG

Ivanti Connect Secure NDM Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-000197

Discussion

Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. This is applicable to the account of last resort which uses a password. Secure password while in transit for admin access.

Check Content

In the ICS Web UI, navigate to System >> Configuration >> Inbound SSL Options.

Under "Allowed SSL and TLS Version", if "Accept only TLS 1.2 (maximize security)" is checked.

Navigate to System >> Configuration >> Outbound SSL Options.

Under "Allowed SSL and TLS Version", if "Accept only TLS 1.2 (maximize security)" is checked.

If the ICS does not transmit only encrypted representations of passwords, this is a finding.

Fix Text

In the ICS Web UI, navigate to System >> Configuration >> Inbound SSL Options.
1. Under "Allowed SSL and TLS Version", check the box for "Accept only TLS 1.2 (maximize security)".
2. Click "Save Changes".
3. Click "Proceed" for acceptance of Cipher Change.

Navigate to System >> Configuration >> Outbound SSL Options.
1. Under "Allowed SSL and TLS Version", check the box for "Accept only TLS 1.2 (maximize security)".
2. Click "Save Changes".
3. Click "Proceed" for acceptance of Cipher Change.