7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databases - greater than or equal to 2048 in non-system databases

Information

Microsoft Best Practices recommend to use at least a 2048-bit encryption algorithm for asymmetric keys.

Rationale:

The RSA_2048 encryption algorithm for asymmetric keys in SQL Server is the highest bit-level provided and therefore the most secure available choice (other choices are RSA_512 and RSA_1024).

Solution

Refer to Microsoft SQL Server Books Online ALTER ASYMMETRIC KEY entry: http://msdn.microsoft.com/en-us/library/ms187311.aspx

Impact:

The higher-bit level may result in slower performance, but reduces the likelihood of an attacker breaking the key.

Encrypted data cannot be compressed, but compressed data can be encrypted. If you use compression, you should compress data before encrypting it.

Default Value:

none

See Also

https://workbench.cisecurity.org/files/2945

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8, CSCv6|14.2, CSCv7|14.4

Plugin: MS_SQLDB

Control ID: 3e20f28158d8e7e8ea59bdc96f548919bcb33b38fbd7cac393e187e8bb8ecfe5