When using command-line tools such as SQLCMD in a mixed-mode authentication environment, users must use a logon method that does not expose the password. This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information.
SQL Server must protect the confidentiality and integrity of all information at rest. The DoD standard for authentication is DoD-approved PKI certificates.Īuthentication based on User ID and Password may be used only when it is not possible to employ a PKI certificate, and. If passwords are used for authentication, SQL Server must transmit only encrypted representations of passwords. PKI certificate-based authentication is performed by requiring the certificate holder to cryptographically prove possession of. The DoD standard for authentication is DoD-approved PKI certificates. SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server. SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to generate and validate cryptographic hashes. The application must implement cryptographic modules adhering to the higher standards. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to provision digital signatures. Findings (MAC III - Administrative Public) Finding ID
0 kommentar(er)
