| From the query prompt: |
WHERE state = 0
Repeat for each database:
From the query prompt:
USE [database name]
SELECT s.name, k.crypt_type_desc
FROM sys.symmetric_keys s, sys.key_encryptions k
WHERE s.symmetric_key_id = k.key_id
AND k.crypt_type IN ('KSKP', 'ESKS')
AND s.principal_id <> 1
ORDER BY s.name, k.crypt_type_desc
Review any symmetric keys that have been defined against the System Security Plan.
If any keys are defined that are not documented in the System Security Plan, this is a Finding.
Review the System Security Plan to review the encryption mechanism specified for each symmetric key. If the method does not indicate use of certificates, this is a Finding.
If the certificate specified is not a DOD PKI certificate, this is a Finding.