STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

SQL Server must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

DISA Rule

SV-213971r617437_rule

Vulnerability Number

V-213971

Group Title

SRG-APP-000224-DB-000384

Rule Version

SQL6-D0-009200

Severity

CAT II

CCI(s)

• CCI-001188 - The information system generates unique session identifiers for each session with organization-defined randomness requirements.

Weight

10

Fix Recommendation

Configure Windows to require the use of FIPS compliant algorithms.

Click Start >> Type "Local Security Policy" >> Press Enter >> Expand "Local Policies" >> Select "Security Options" >> Locate "System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing." >> Change the Setting option to "Enabled" >> Restart Windows

Check Contents

Verify that Windows is configured to require the use of FIPS compliant algorithms.

Click Start >> Type "Local Security Policy" >> Press Enter >> Expand "Local Policies" >> Select "Security Options" >> Locate "System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."

If the Security Setting for this option is "Disabled", this is a finding.

Vulnerability Number

V-213971

Documentable

False

Rule Version

SQL6-D0-009200

Severity Override Guidance

Verify that Windows is configured to require the use of FIPS compliant algorithms.

Click Start >> Type "Local Security Policy" >> Press Enter >> Expand "Local Policies" >> Select "Security Options" >> Locate "System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing."

If the Security Setting for this option is "Disabled", this is a finding.

Check Content Reference

M

Target Key

3993

Comments