STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Default demonstration and sample databases, database objects, and applications must be removed.

DISA Rule

SV-213954r617437_rule

Vulnerability Number

V-213954

Group Title

SRG-APP-000141-DB-000090

Rule Version

SQL6-D0-006900

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Remove all demonstration or sample databases from production instances.

Check Contents

Review the server documentation, if this system is identified as a development or test system, this check is Not Applicable.

If this system is identified as production, gather a listing of databases from the server and look for any matching the following general demonstration database names:

pubs
Northwind
AdventureWorks
WorldwideImporters

If any of these databases exist, this is a finding.

Vulnerability Number

V-213954

Documentable

False

Rule Version

SQL6-D0-006900

Severity Override Guidance

Review the server documentation, if this system is identified as a development or test system, this check is Not Applicable.

If this system is identified as production, gather a listing of databases from the server and look for any matching the following general demonstration database names:

pubs
Northwind
AdventureWorks
WorldwideImporters

If any of these databases exist, this is a finding.

Check Content Reference

M

Target Key

3993

Comments