Title

Symmetric keys should use a master key, certificate, or asymmetric key to encrypt the key. (Cat II impact)

Discussion

Symmetric keys are vulnerable if the symmetric key encryption is not protected from disclosure. Symmetric keys are well protected by use of either the database or the service master key. Where access by DBA's is not acceptable, use of the application code-signing certificate can be used to provide protection.

Check Content

From the query prompt: SELECT name FROM [master].sys.databases WHERE state = 0 Repeat for each database: From the query prompt: USE [database name] SELECT s.name, k.crypt_type_desc FROM sys.symmetric_keys s, sys.key_encryptions k WHERE s.symmetric_key_id = k.key_id AND k.crypt_type IN ('KSKP', 'ESKS') AND s.principal_id <> 1 ORDER BY s.name, k.crypt_type_desc Review any symmetric keys that have been defined against the System Security Plan. If any keys are defined that are not documented in the System Security Plan, this is a Finding. Review the System Security Plan to review the encryption mechanism specified for each symmetric key. If the method does not indicate use of certificates, this is a Finding. If the certificate specified is not a DOD PKI certificate, this is a Finding.

Fix Text

Configure or alter symmetric keys to encrypt keys with certificates or authorized asymmetric keys: From the query prompt: ALTER SYMMETRIC KEY [key name] ADD ENCRYPTION BY CERTIFICATE [certificate name] ALTER SYMMETRIC KEY [key name] DROP ENCRYPTION BY [password, symmetric key or asymmetric key] The symmetric key must specify a certificate or asymmetric key for encryption. The certificate may be the code-signing certificate used by the application.

Additional Identifiers

Rule ID: SV-23862r2_rule

Vulnerability ID: V-15168

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.