Microsoft SQL Server 2012 Database Security Technical Implementation Guide

The Microsoft SQL Server 2012 Database Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems. Comments or proposed revisions to this document should be sent via e-mail to the following address: [email protected]

Details

Version / Release: V1R17

Published: 2018-03-01

Updated At: 2018-09-23 19:21:01

Compare/View Releases

Select any two versions of this STIG to compare the individual requirements

Select any old version/release of this STIG to view the previous requirements

Actions

Download

Filter


Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-53265r5_rule SQL2-00-021300 CCI-001199 MEDIUM SQL Server must protect data at rest and ensure confidentiality and integrity of data. This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information. Information at rest refers to the state of information when it is located on a secondar
    SV-53912r4_rule SQL2-00-000300 CCI-002262 MEDIUM SQL Server must maintain and support organization-defined security labels on stored information. Security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects and objects) with respect to safeguarding information. These attributes are typically associated with internal data structures (e.g., r
    SV-53914r4_rule SQL2-00-000400 CCI-002263 MEDIUM SQL Server must maintain and support organization-defined security labels on information in process. Security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects and objects) with respect to safeguarding information. These attributes are typically associated with internal data structures (e.g., r
    SV-53916r4_rule SQL2-00-000500 CCI-002264 MEDIUM SQL Server must maintain and support organization-defined security labels on data in transmission. Security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects and objects) with respect to safeguarding information. These attributes are typically associated with internal data structures (e.g., r
    SV-53917r3_rule SQL2-00-000900 CCI-001427 MEDIUM SQL Server must allow authorized users to associate security labels to information in the database. Security attributes are abstractions representing the basic properties or characteristics of an entity (e.g., subjects and objects) with respect to safeguarding information. These attributes are typically associated with internal data structures (e.g., r
    SV-53918r3_rule SQL2-00-011050 CCI-001693 MEDIUM SQL Server utilizing Discretionary Access Control (DAC) must enforce a policy that limits propagation of access rights. Discretionary Access Control (DAC) is based on the premise that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquire
    SV-53920r4_rule SQL2-00-009200 CCI-000037 MEDIUM SQL Server must be protected from unauthorized access by developers. Applications employ the concept of least privilege for specific duties and information systems (including specific functions, ports, protocols, and services). The concept of least privilege is also applied to information system processes, ensuring that th
    SV-53921r2_rule SQL2-00-009300 CCI-000037 MEDIUM SQL Server must be protected from unauthorized access by developers on shared production/development host systems. Applications employ the concept of least privilege for specific duties and information systems (including specific functions, ports, protocols, and services). The concept of least privilege is also applied to information system processes, ensuring that th
    SV-53922r5_rule SQL2-00-009500 CCI-000037 MEDIUM Administrative privileges, built-in server roles and built-in database roles must be assigned to the DBMS login accounts that require them via custom roles, and not directly. SQL Server must employ the concept of least privilege for specific duties and information systems (including specific functions, ports, protocols, and services). The concept of least privilege is also applied to information system processes, ensuring that
    SV-53925r2_rule SQL2-00-023500 CCI-000366 MEDIUM SQL Server job/batch queues must be reviewed regularly to detect unauthorized SQL Server job submissions. When dealing with unauthorized SQL Server job submissions, it should be noted any unauthorized job submissions to SQL Server job/batch queues can potentially have significant effects on the overall security of the system. If SQL Server were to allow any
    SV-53928r4_rule SQL2-00-011200 CCI-000169 MEDIUM SQL Server must provide audit record generation capability for organization-defined auditable events within the database. Audit records can be generated from various components within the information system (e.g., network interface, hard disk, modem, etc.). From an application perspective, certain specific application functionalities may be audited as well. The list of audi
    SV-53930r4_rule SQL2-00-014900 CCI-001499 MEDIUM SQL Server must be monitored to discover unauthorized changes to functions. When dealing with change control issues, it should be noted, any changes to the hardware, software, and/or firmware components of SQL Server and/or application can potentially have significant effects on the overall security of the system. If SQL Server
    SV-53931r4_rule SQL2-00-015100 CCI-001499 MEDIUM SQL Server must be monitored to discover unauthorized changes to triggers. When dealing with change control issues, it should be noted, any changes to the hardware, software, and/or firmware components of SQL Server and/or application can potentially have significant effects on the overall security of the system. If SQL Server
    SV-53933r4_rule SQL2-00-015200 CCI-001499 MEDIUM SQL Server must be monitored to discover unauthorized changes to stored procedures. When dealing with change control issues, it should be noted, any changes to the hardware, software, and/or firmware components of SQL Server and/or application can potentially have significant effects on the overall security of the system. If SQL Server
    SV-53935r2_rule SQL2-00-015600 CCI-001499 MEDIUM Database objects must be owned by accounts authorized for ownership. SQL Server database ownership is a higher level privilege that grants full rights to everything in that database, including the right to grant privileges to others. SQL Server requires that the owner of a database object be a user, and only one user can b
    SV-53937r2_rule SQL2-00-016900 CCI-000381 MEDIUM Unused database components and database objects must be removed. Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions). It is det
    SV-53939r5_rule SQL2-00-019300 CCI-002262 MEDIUM SQL Server must encrypt information stored in the database. When data is written to digital media, such as hard drives, mobile computers, external/removable hard drives, personal digital assistants, flash/thumb drives, etc., there is risk of data loss and/or compromise. An organizational assessment of risk guides
    SV-53940r5_rule SQL2-00-019500 CCI-001144 MEDIUM SQL Server must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. Cryptography is only as strong as the encryption modules/algorithms employed to encrypt the data. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. Use of cryptography to provide confidentiali
    SV-53944r3_rule SQL2-00-024100 CCI-001199 MEDIUM The Database Master Key must be encrypted by the Service Master Key where required. When not encrypted by the Service Master Key, system administrators or application administrators may access and use the Database Master Key to view sensitive data that they are not authorized to view. Where alternate encryption means are not feasible, en
    SV-53945r2_rule SQL2-00-024200 CCI-001199 MEDIUM Database Master Key passwords must not be stored in credentials within the database. Storage of the Database Master Key password in a database credential allows decryption of sensitive data by privileged users who may not have a need-to-know requirement to access the data.
    SV-53946r5_rule SQL2-00-024300 CCI-001199 MEDIUM Symmetric keys (other than the database master key) must use a DoD certificate to encrypt the key. Data within the database is protected by use of encryption. The symmetric keys are critical for this process. If the symmetric keys were to be compromised the data could be disclosed to unauthorized personnel.true
    SV-53949r6_rule SQL2-00-021400 CCI-002476 MEDIUM SQL Server must employ cryptographic mechanisms preventing the unauthorized disclosure of information at rest. This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information. If the data is not encrypted, it is subject to compromise and unauthorized disclosure.
    SV-53950r2_rule SQL2-00-021800 CCI-001090 MEDIUM SQL Server must prevent unauthorized and unintended information transfer via shared system resources. The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on behalf of a prior user/role) from being available to any current
    SV-53951r2_rule SQL2-00-022000 CCI-001092 MEDIUM SQL Server must protect against or limit the effects of the organization-defined types of Denial of Service (DoS) attacks. Application management includes the ability to control the number of users and user sessions utilizing an application. Limiting the number of allowed users, and sessions per user, is helpful in limiting risks related to DoS attacks. This requirement addr
    SV-53953r3_rule SQL2-00-022500 CCI-001310 MEDIUM SQL Server must check the validity of data inputs. Invalid user input occurs when a user inserts data or characters into an application’s data entry fields and the application is unprepared to process that data. This results in unanticipated application behavior potentially leading to an application or
    SV-75113r1_rule SQL2-00-015620 CCI-001499 MEDIUM In a database owned by a login not having administrative privileges at the instance level, the database property TRUSTWORTHY must be OFF unless required and authorized. SQL Server's fixed (built-in) server roles, especially [sysadmin], have powerful capabilities that could cause great harm if misused, so their use must be tightly controlled. The SQL Server instance uses each database's TRUSTWORTHY property to guard agai
    SV-75233r1_rule SQL2-00-015610 CCI-001499 MEDIUM In a database owned by [sa], or by any other login having administrative privileges at the instance level, the database property TRUSTWORTHY must be OFF. SQL Server's fixed (built-in) server roles, especially [sysadmin], have powerful capabilities that could cause great harm if misused, so their use must be tightly controlled. The SQL Server instance uses each database's TRUSTWORTHY property to guard agai
    SV-85249r2_rule SQL2-00-017510 CCI-000553 LOW Appropriate staff must be alerted when the amount of storage space used by the SQL Server transaction log file(s) exceeds an organization-defined value. It is important for the appropriate personnel to be aware if the system is at risk of failing to record transaction log data. The transaction log is the heart of a SQL Server database. If it fails, processing will stop. It must always have enough avail