STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

SQL Server Service Broker endpoint must utilize AES encryption.

DISA Rule

SV-214032r617437_rule

Vulnerability Number

V-214032

Group Title

SRG-APP-000516-DB-000363

Rule Version

SQL6-D0-016600

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

Run the following to enable encryption on the Service Broker endpoint:

ALTER ENDPOINT <EndpointName>
FOR SERVICE_BROKER
(ENCRYPTION = REQUIRED ALGORITHM AES)

Check Contents

If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, and the requirement is documented and authorized, this is not a finding.

If SQL Service Broker is in use, run the following to check for encrypted transmissions:  

SELECT name, type_desc, encryption_algorithm_desc
FROM sys.service_broker_endpoints
WHERE encryption_algorithm != 2

If any records are returned, this is a finding.

Vulnerability Number

V-214032

Documentable

False

Rule Version

SQL6-D0-016600

Severity Override Guidance

If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, and the requirement is documented and authorized, this is not a finding.

If SQL Service Broker is in use, run the following to check for encrypted transmissions:  

SELECT name, type_desc, encryption_algorithm_desc
FROM sys.service_broker_endpoints
WHERE encryption_algorithm != 2

If any records are returned, this is a finding.

Check Content Reference

M

Target Key

3993

Comments