DoD STIGs – V-32535

Overview:

Title: The DBMS must employ cryptographic mechanisms preventing the unauthorized disclosure of information at rest unless the data is otherwise protected by alternative physical measures.

Vulnerability ID: V-32535

STIG ID:

IA Controls: None

Severity: medium

Description: This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information. Information at rest refers to the state of information when it is located on a secondary storage device (e.g., disk drive, tape drive) within an organizational information system. Alternative physical protection measures include protected distribution systems.

Check Text: Check DBMS settings to determine whether cryptographic mechanisms are used to prevent the unauthorized disclosure of information at rest. Determine whether physical measures are being used instead of cryptographic mechanisms. If neither cryptographic nor physical measures are being utilized, this is a finding.

Fix Text: Configure DBMS to use cryptographic mechanisms to prevent unauthorized disclosure of information at rest where physical measures are not being utilized.

[divider]

Interpreting V-32535:

Coming Soon!

Return to the DoD STIGs – Database Security Requirements Guide

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.