From MS SharePoint 2010 Security Technical Implementation Guide
Part of SRG-APP-000188-COL-000134
Associated with: CCI-002475
When data is written to digital media there is risk of data loss and data compromise. An organizational assessment of risk guides the selection of media and associated information contained on the media requiring restricted access. Organizations need to document in policy and procedures, the media requiring restricted access, individuals authorized to access the media, and the specific measures taken to restrict access. Encryption of data at rest in SQL is required if the data owner deems it necessary.
Each of the following scripts must be run as TSQL queries, replacing string text with suitable replacements. Navigate to the SQL Server Management Console and open a new query window to run the following script. 1. Run this TSQL query below. USE SharePointContentDB GO SELECT {NAME},is_encrypted FROM sys.databases WHERE name='TDE_Testing' GO 2. Mark as a finding if return value is not 1. 3. Mark as not a finding if a third-party solution is used and documented with the IAO.
Data-at-rest encryption is provided by encryption of the SQL 2008 SharePoint database using TDE or a third party solution. Each of the following scripts must be run as TSQL queries and replace string text with suitable replacements. Navigate to the SQL Server Management Console and open a new query window to run the following script. 1. Create the DMK. USE master; GO CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'CrypticTDEpw4CompanyABC'; GO 2. Create the TDE Certificate. USE master; GO CREATE CERTIFICATE CompanyABCtdeCert WITH SUBJECT = 'CompanyABC TDE Certificate'; GO 3. Back up the TDE Certificate. USE master; GO BACKUP CERTIFICATE CompanyABCtdeCert TO FILE = 'C:\Backup\CompanyABCtdeCERT.cer' WITH PRIVATE KEY ( FILE = 'C:\Backup\CompanyABCtdeCert.pvk', ENCRYPTION BY PASSWORD = 'CrypticTDEpw4CompanyABC!'); GO 4. Create the DEK. USE SharePointContentDB; GO CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = AES_256 ENCRYPTION BY SERVER CERTIFICATE CompanyABCtdeCert GO 5. Encrypt the database. USE SharePointContentDB GO ALTER DATABASE SharePointContentDB SET ENCRYPTION ON GO 6. Monitor the progress; once encryption_state is ‘3’, the database is encrypted. USE SharePointContentDB GO SELECT * FROM sys.dm_database_encryption_keys WHERE encryption_state = 3; GO
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer