STIGQter STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 1 Release: 8 Benchmark Date: 24 Jan 2020: SQL Server Mirroring endpoint must utilize AES encryption.

DISA Rule

SV-94029r1_rule

Vulnerability Number

V-79323

Group Title

SRG-APP-000516-DB-000363

Rule Version

SQL6-D0-016500

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Run the following to enable encryption on the mirroring endpoint:

ALTER ENDPOINT <Endpoint Name>
FOR DATABASE_MIRRORING
(ENCRYPTION = REQUIRED ALGORITHM AES)

Check Contents

If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, and the requirement is documented and authorized, this is not a finding.

If Database Mirroring is in use, run the following to check for encrypted transmissions:  

SELECT name, type_desc, encryption_algorithm_desc
FROM sys.database_mirroring_endpoints
WHERE encryption_algorithm != 2

If any records are returned, this is a finding.

Vulnerability Number

V-79323

Documentable

False

Rule Version

SQL6-D0-016500

Severity Override Guidance

If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, and the requirement is documented and authorized, this is not a finding.

If Database Mirroring is in use, run the following to check for encrypted transmissions:  

SELECT name, type_desc, encryption_algorithm_desc
FROM sys.database_mirroring_endpoints
WHERE encryption_algorithm != 2

If any records are returned, this is a finding.

Check Content Reference

M

Target Key

3219

Comments