The Database Master Key encryption password must meet DOD password complexity requirements.

An XCCDF Rule

Description

<VulnDiscussion>Weak passwords may be easily guessed. When passwords are used to encrypt keys used for encryption of sensitive data, then the confidentiality of all data encrypted using that key is at risk.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-213911r879642_rule
Severity: Medium
References: CCI-001199
Updated: 8 months ago

Assign an encryption password to the Database Master Key that is a minimum of 15 characters with at least 1 upper-case character, 1 lower-case character, 1 special character, and 1 numeric character, and at least 8 characters changed from the previous password. 

To change the Database Master Key encryption password: 

USE [database name]; 
ALTER MASTER KEY REGENERATE WITH ENCRYPTION BY PASSWORD = '[new password]'; 
Note: The Database Master Key encryption method should not be changed until the effects are thoroughly reviewed. Changing the master key encryption causes all encryption using the Database Master Key to be decrypted and re-encrypted. This action should not be taken during a high-demand time. Please see the MS SQL Server documentation prior to re-encrypting the Database Master Key for detailed information.

The Database Master Key encryption password must meet DOD password complexity requirements.

Description

Remediation - Manual Procedure