Symmetric Keys on User Databases
This rule checks whether keys that have a length of less than 128 bytes do not use the RC2 or RC4 encryption algorithm.
Best Practices Recommendations
Use AES 128 bit or larger to create symmetric keys for data encryption. If AES is not supported by your operating system, use 3DES.