Database Master Key passwords must not be stored in credentials within the database.

An XCCDF Rule

Details
Profiles

Description

Storage of the Database Master Key password in a database credential allows decryption of sensitive data by privileged users who may not have a need-to-know requirement to access the data.

ID: SV-81873r1_rule
Version: SQL4-00-024200
Severity: Medium
References: CCI-001199
Updated: 23 days ago

Remediation Templates

Use the stored procedure sp_control_dbmasterkey_password to remove any credentials that
store Database Master Key passwords.
From the query prompt:
EXEC SP_CONTROL_DBMASTERKEY_PASSWORD @db_name = '<database name>', @action
= N'drop'

Database Master Key passwords must not be stored in credentials within the database.

Description

Remediation Templates

A Manual Procedure