Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-41420 | SQL2-00-021400 | SV-53949r4_rule | Medium |
Description |
---|
This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information. If the data is not encrypted, it is subject to compromise and unauthorized disclosure. |
STIG | Date |
---|---|
Microsoft SQL Server 2012 Database Security Technical Implementation Guide | 2016-06-24 |
Check Text ( C-47955r5_chk ) |
---|
Ensure the data is encrypted by executing: USE IF NOT EXISTS ( SELECT 1 FROM sys.dm_database_encryption_keys WHERE DB_NAME(database_id) = DB_NAME() ) SELECT DB_NAME() AS [Database Name], 'No database encryption key present, no encryption' AS [Encryption State] ELSE SELECT DB_NAME(database_id) AS [Database Name], CASE encryption_state WHEN 0 THEN 'No database encryption key present, no encryption' WHEN 1 THEN 'Unencrypted' WHEN 2 THEN 'Encryption in progress' WHEN 3 THEN 'Encrypted' WHEN 4 THEN 'Key change in progress' WHEN 5 THEN 'Decryption in progress' WHEN 6 THEN 'Protection change in progress' END AS [Encryption State] FROM sys.dm_database_encryption_keys WHERE DB_NAME(database_id) = DB_NAME() ; For each user database, ensure that encryption is in effect. If not, this is a finding. |
Fix Text (F-46848r3_fix) |
---|
Use encryption to protect the data. To enable database encryption, create a master key, create a database encryption key, and protect it by using mechanisms tied to the master key, and then set encryption on. |