STIGQter STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

SQL Server must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.

DISA Rule

SV-213969r617437_rule

Vulnerability Number

V-213969

Group Title

SRG-APP-000179-DB-000114

Rule Version

SQL6-D0-008700

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

In Windows, open Administrative Tools >> Local Security Policy. Expand Local Policies >> Security Options. In the right-side pane, double-click on "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."

In the dialog box that appears, if the radio buttons are active, click "Enabled", and then click "Apply". If the radio buttons are grayed out, use Group Policy Management (on the appropriate server for this domain) to enforce the Enabled policy, and deploy it to the server(s) running SQL Server.

Check Contents

In Windows, open Administrative Tools >> Local Security Policy. Expand Local Policies >> Security Options. In the right-side pane, find "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."

If, in the "Security Setting" column, the value is "Disabled," this is a finding.

https://support.microsoft.com/en-us/kb/955720

Vulnerability Number

V-213969

Documentable

False

Rule Version

SQL6-D0-008700

Severity Override Guidance

In Windows, open Administrative Tools >> Local Security Policy. Expand Local Policies >> Security Options. In the right-side pane, find "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."

If, in the "Security Setting" column, the value is "Disabled," this is a finding.

https://support.microsoft.com/en-us/kb/955720

Check Content Reference

M

Target Key

3993

Comments