SQL2-00-019601 - SQL Server databases in the unclassified environment, containing sensitive information, must be encrypted using approved cryptography.

Information

Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data.

Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data.

Data files that are not encrypted are vulnerable to theft. When data files are not encrypted, they can be copied and opened on a separate system. The data can be compromised without the information owner's knowledge that the theft has even taken place.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure SQL Server to encrypt sensitive data stored in each database. Use only NIST-certified cryptography to provide encryption.

Item Details

Audit Name: DISA STIG SQL Server 2012 DB Instance Security v1r20

Category: SYSTEM AND COMMUNICATIONS PROTECTION

Plugin: MS_SQLDB

Control ID: f3c3d4ee414f673174ed67e973e6368f1d805784562e02e3161436f46412f847

Detections

Analytics

SQL2-00-019601 - SQL Server databases in the unclassified environment, containing sensitive information, must be encrypted using approved cryptography.

Information

Solution

See Also

Item Details