STIGQter: STIG Summary: MS SQL Server 2016 Database Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: MS SQL Server 2016 Database Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-213913r508025_rule
V-213913
SRG-APP-000231-DB-000154
SQL6-D0-001800
CAT II
10
Document and implement procedures to safely back up and store the Certificate used for encryption. Include in the procedures methods to establish evidence of backup and storage, and careful, restricted access and restoration of the Certificate. Also, include provisions to store the backup off-site.
BACKUP CERTIFICATE 'CertificateName' TO FILE = 'path_to_file'
WITH PRIVATE KEY (FILE = 'path_to_pvk', ENCRYPTION BY PASSWORD = 'password');
As this requires a password, take care to ensure it is not exposed to unauthorized persons or stored as plain text.
If the application owner and Authorizing Official have determined that encryption of data at rest is not required, this is not a finding.
Review procedures for, and evidence of backup of the Certificate used for encryption in the System Security Plan.
If the procedures or evidence does not exist, this is a finding.
If the procedures do not indicate offline and off-site storage of the Certificate used for encryption, this is a finding.
If procedures do not indicate access restrictions to the Certificate backup, this is a finding.
V-213913
False
SQL6-D0-001800
If the application owner and Authorizing Official have determined that encryption of data at rest is not required, this is not a finding.
Review procedures for, and evidence of backup of the Certificate used for encryption in the System Security Plan.
If the procedures or evidence does not exist, this is a finding.
If the procedures do not indicate offline and off-site storage of the Certificate used for encryption, this is a finding.
If procedures do not indicate access restrictions to the Certificate backup, this is a finding.
M
3992