STIGQter: STIG Summary: Database Security Requirements Guide Version: 3 Release: 1 Benchmark Date: 22 Jan 2021:

If passwords are used for authentication, the DBMS must transmit only encrypted representations of passwords.

DISA Rule

SV-206557r617447_rule

Vulnerability Number

V-206557

Group Title

SRG-APP-000172

Rule Version

SRG-APP-000172-DB-000075

Severity

CAT II

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Configure encryption for transmission of passwords across the network. If the database does not provide encryption for logon events natively, employ encryption at the OS or network level.

Ensure passwords remain encrypted from source to destination.

Check Contents

Review configuration settings for encrypting passwords in transit across the network. If passwords are not encrypted, this is a finding.

If it is determined that passwords are passed unencrypted at any point along the transmission path between the source and destination, this is a finding.

Vulnerability Number

V-206557

Documentable

False

Rule Version

SRG-APP-000172-DB-000075

Severity Override Guidance

Review configuration settings for encrypting passwords in transit across the network. If passwords are not encrypted, this is a finding.

If it is determined that passwords are passed unencrypted at any point along the transmission path between the source and destination, this is a finding.

Check Content Reference

M

Target Key

2902

Comments