Disable non-secure protocols

When a basic user logs in to the management server through IIS, the Management Client will use any protocol available.Milestone recommends that you always implement the latest version of the Transport Layer Security (TLS, currently 1.2) (https://datatracker.ietf.org/wg/tls/charter/), and disable all improper cipher suites and obsolete versions of SSL/TLS protocols. Perform actions to block non-secure protocols at the OS level. This prevents the Management Client from using protocols that are not secure. The OS determines the protocol to use.

The protocols used depend on the deployment. If in doubt, contact Milestone Support.

Learn more

The following control(s) provide additional guidance:

• NIST 800-53 AC-17 Remote Access (Disable Unused Protocols)
• NIST 800-53 CM-6 Configuration Settings
• NIST 800-53 CM-7 Least Functionality