Symmetric Key encryption


Job details

Name: Symmetric Key encryption
Platform: Sqlserver
Category: Security
Premium package: Security and compliance package
Description: Checks that only AES_128, AES_192, and AES_256 symmetric key encryption algorithms are in use.
Long description: Checks that only AES_128, AES_192, and AES_256 symmetric key encryption algorithms are in use. Algorithms DES, DESX, RC2, RC4 and RC4_128 are considered weak and should no longer be used.
Version: 1.2
Default schedule: 30 1 1 *
Requires engine install: Yes
Compatibility tag: .[type=‘instance’ & databasetype=‘sqlserver’]/instance[maj_version > ‘2005′ & hasengine=‘YES’ & eng_inst_priv = 0 & (engine_edition = ‘Microsoft SQL Server’ engine_edition = ‘Azure SQL Managed Instance’)]

Parameters

Name Default value Description
return status 1 Return status value (ALARM – 2, WARNING – 1, or OK – 0) when weak symmetric key encryption is in use.
history threshold 365 The maximum number of days to keep statistics for in the historic tables.

Job Summary

SELECT name, algorithm_desc FROM sys.symmetric_keys WHERE algorithm_desc NOT IN ('AES_128', 'AES_192', 'AES_256')

Job Implementation Details and Dependencies

Report Templates and Output

Monitoring and Compliance

Additional Notes