STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

SQL Server Mirroring endpoint must utilize AES encryption.

DISA Rule

SV-214031r617437_rule

Vulnerability Number

V-214031

Group Title

SRG-APP-000516-DB-000363

Rule Version

SQL6-D0-016500

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Run the following to enable encryption on the mirroring endpoint:

ALTER ENDPOINT <Endpoint Name>
FOR DATABASE_MIRRORING
(ENCRYPTION = REQUIRED ALGORITHM AES)

Check Contents

If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, and the requirement is documented and authorized, this is not a finding.

If Database Mirroring is in use, run the following to check for encrypted transmissions:  

SELECT name, type_desc, encryption_algorithm_desc
FROM sys.database_mirroring_endpoints
WHERE encryption_algorithm != 2

If any records are returned, this is a finding.

Vulnerability Number

V-214031

Documentable

False

Rule Version

SQL6-D0-016500

Severity Override Guidance

If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, and the requirement is documented and authorized, this is not a finding.

If Database Mirroring is in use, run the following to check for encrypted transmissions:  

SELECT name, type_desc, encryption_algorithm_desc
FROM sys.database_mirroring_endpoints
WHERE encryption_algorithm != 2

If any records are returned, this is a finding.

Check Content Reference

M

Target Key

3993

Comments