STIGQter: STIG Summary: MS SQL Server 2014 Database Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 26 Jan 2018:

Database Master Key passwords must not be stored in credentials within the database.

DISA Rule

SV-81873r1_rule

Vulnerability Number

V-67383

Group Title

SRG-APP-000231-DB-000154

Rule Version

SQL4-00-024200

Severity

CAT II

CCI(s)

CCI-001199 - The information system protects the confidentiality and/or integrity of organization-defined information at rest.

Weight

Fix Recommendation

Use the stored procedure sp_control_dbmasterkey_password to remove any credentials that
store Database Master Key passwords.
From the query prompt:
EXEC SP_CONTROL_DBMASTERKEY_PASSWORD @db_name = '<database name>', @action
= N'drop'

Check Contents

From the query prompt:
SELECT COUNT(credential_id)
FROM [master].sys.master_key_passwords

If count is not 0, this is a finding.

Vulnerability Number

V-67383

Documentable

False

Rule Version

SQL4-00-024200

Severity Override Guidance

From the query prompt:
SELECT COUNT(credential_id)
FROM [master].sys.master_key_passwords

If count is not 0, this is a finding.

Check Content Reference

Target Key

2637

Database Master Key passwords must not be stored in credentials within the database.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments