SQL2-00-019601 - SQL Server databases in the unclassified environment, containing sensitive information, must be encrypted using approved cryptography.

Information

Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data.

Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data.

Data files that are not encrypted are vulnerable to theft. When data files are not encrypted, they can be copied and opened on a separate system. The data can be compromised without the information owner's knowledge that the theft has even taken place.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure SQL Server to encrypt sensitive data stored in each database. Use only NIST-certified cryptography to provide encryption.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2012_V1R20_STIG.zip

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-13, CAT|II, CCI|CCI-002450, Rule-ID|SV-68097r2_rule, STIG-ID|SQL2-00-019601, Vuln-ID|V-53877

Plugin: MS_SQLDB

Control ID: 0faf521fac092b599427abc69e69487baa8d97813afab7c7dc81a1cff75d7c17