======Verify that passwords encrypted ======

The //service password-encryption// global configuration command directs the Cisco IOS software to encrypt the passwords, Challenge Handshake Authentication Protocol (CHAP) secrets, and similar data that are saved in its configuration file. Such encryption is useful in order to prevent casual observers from reading passwords, such as when they look at the screen over the muster of an administrator.

Below example helps in validating 'service password encryption' is enabled using NetYCE Compliance module

===Example config===  

//campus01-b02-access01// and //campus01-b02-access02// are the two reference devices which we are using for this example.  One has password encryption configured and other does not.  

Below command output gives us the information.


==campus01-b02-access01#==
{{:guides:user:compliance:compliance:howto:cpl4_1.png}}

==campus01-b02-access02#==
{{:guides:user:compliance:compliance:howto:cpl4_2_1.png}}


===How its done===

Below are the steps to create new policy.

//Operate -> Compliance -> Policies -> New->//

{{:guides:user:compliance:compliance:howto:cpl4_3.png}}

Click on the Node Group to select the relevant group of devices to add.
Node group named “building2_access” holds the nodes of both the nodes:
{{:guides:user:compliance:compliance:howto:cpl2_4.png}}

//Rule -> New//

{{:guides:user:compliance:compliance:howto:cpl4_5.png}}
{{:guides:user:compliance:compliance:howto:cpl4_6.png}}
{{:guides:user:compliance:compliance:howto:cpl4_7.png}}
{{:guides:user:compliance:compliance:howto:cpl4_8.png}}


===Report/test results:===

Below is how to create reports to see the results of the compliance policies.

//Operate -> Compliance -> Reports -> New -> Report Name “test” -> Report type “Policies” -> Policy Name “Sample 4 : Service Password Encryption” -> Show Report//

{{:guides:user:compliance:compliance:howto:cpl4_10.png}}

This was a simple example to understand how to implement compliance policy to verify password encryption configuration.