Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-41420 | SQL2-00-021400 | SV-53949r1_rule | Medium |
Description |
---|
This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information. If the data is not encrypted or protected by other means, it is subject to compromise and unauthorized disclosure. |
STIG | Date |
---|---|
Microsoft SQL Server 2012 Database Security Technical Implementation Guide | 2013-11-10 |
Check Text ( C-47955r2_chk ) |
---|
If physical protections are in place for the data, this is not a finding. Ensure the data is encrypted by executing: SELECT * FROM [master].sys.databases For each user database, ensure the Is_encrypted column is set to 1. If it is not set to 1, this is a finding. |
Fix Text (F-46848r2_fix) |
---|
Use encryption to protect the data where physical measures are not being utilized. To enable database encryption, create a master key, create a database encryption key, and protect it by using mechanisms tied to the master key, and then set encryption on. |