YALE-MSS-9.8: Allow only encrypted network protocols for authentication

Standards Group:
YALE-MSS-9: Authentication and Authorization

Low Risk Endpoint Required Moderate Risk Endpoint Required High Risk Endpoint Required Low Risk Server Required Moderate Risk Server Required High Risk Server Required Low Risk Mobile Device Required Moderate Risk Mobile Device Required High Risk Mobile Device Required Low Risk Network Printer Required Moderate Risk Network Printer Required High Risk Network Printer Required

Details

Details and definitions

Encryption protects the privacy and integrity of authentication credentials.

Guidance

Never send credentials as plaintext via unencrypted channels.

Common means of encrypting communications include, but are not limited to:

Using HTTPS for web traffic
Using end-to-end protocols (e.g., TLS, SSH)
Encrypting credentials locally before transmission over a network

Use industry-standard encryption. Deprecated methods must not be used. Please see guidance from Mozilla for web and SSH servers (https://ssl-config.mozilla.org/, https://infosec.mozilla.org/guidelines/openssh).

YALE-MSS-9.8: Allow only encrypted network protocols for authentication

Standards Group:YALE-MSS-9: Authentication and Authorization

Details

Standards Group:
YALE-MSS-9: Authentication and Authorization