UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

SQL Server, when providing remote access capabilities, must utilize organization-defined cryptography to protect the confidentiality of data passing over remote access sessions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-41309 SQL2-00-001300 SV-53791r1_rule Medium
Description
Remote access is any access to an organizational information system by a user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet). The session data traversing the remote connection could be intercepted and compromised. Cryptography provides a means to secure the remote connection to prevent unauthorized access to the data traversing the remote access connection, thereby providing a degree of confidentiality. The encryption strength of mechanism is selected based on the security categorization of the information traversing the remote connection. Databases that accept remote connections must use approved cryptography to prevent disclosure of data being passed via an unsecure network. If approved cryptography is not used, data can be intercepted or compromised.
STIG Date
Microsoft SQL Server 2012 Database Instance Security Technical Implementation Guide 2014-01-17

Details

Check Text ( C-47878r2_chk )
From a Command Prompt, open SQL Server Configuration Manager by typing sqlservermanager11.msc, and pressing [ENTER].

Navigate to SQL Server Configuration Manager >> SQL Server Network Configuration. Right click on Protocols for [NAME OF INSTANCE], where [NAME OF INSTANCE] is a placeholder for the SQL Server instance name, and click on Properties.

On the Flags tab, if Force Encryption is set to YES, examine the certificate used on the Certificate tab.

If it is a DoD Certificate, this is not a finding.

If Force Encryption is set to NO, or a DoD Certificate is not utilized, this is a finding.
Fix Text (F-46700r2_fix)
Configure SQL Server to encrypt data passing over remote connections.

From a Command Prompt, open SQL Server Configuration Manager by typing sqlservermanager11.msc, and pressing [ENTER].

Navigate to SQL Server Configuration Manager >> SQL Server Network Configuration. Right click on Protocols for [NAME OF INSTANCE], where [NAME OF INSTANCE] is a placeholder for the SQL Server instance name, and click on Properties.

On the Flags tab, set Force Encryption to YES, and provide a DoD certificate on the Certificate tab.