STIGQter: STIG Summary: MS SQL Server 2016 Database Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in transmission.

DISA Rule

SV-213920r508025_rule

Vulnerability Number

V-213920

Group Title

SRG-APP-000314-DB-000310

Rule Version

SQL6-D0-002700

Severity

CAT II

CCI(s)

• CCI-002264 - The organization provides the means to associate organization-defined types of security attributes having organization-defined security attribute values with information in transmission.

Weight

10

Fix Recommendation

Deploy SQL Server Row-Level Security (see link below) or a third-party software, or add custom data structures, data elements and application code, to provide reliable security labeling of information in transmission.

https://msdn.microsoft.com/en-us/library/dn765131.aspx

Check Contents

If security labeling is not required, this is not a finding.

If security labeling requirements have been specified, but neither a third-party solution nor a SQL Server Row-Level security solution is implemented that reliably maintains labels on information in transmission, this is a finding.

Vulnerability Number

V-213920

Documentable

False

Rule Version

SQL6-D0-002700

Severity Override Guidance

If security labeling is not required, this is not a finding.

If security labeling requirements have been specified, but neither a third-party solution nor a SQL Server Row-Level security solution is implemented that reliably maintains labels on information in transmission, this is a finding.

Check Content Reference

M

Target Key

3992

Comments