STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Contained databases must use Windows principals.

DISA Rule

SV-213965r617437_rule

Vulnerability Number

V-213965

Group Title

SRG-APP-000164-DB-000401

Rule Version

SQL6-D0-008000

Severity

CAT II

CCI(s)

• CCI-000192 - The information system enforces password complexity by the minimum number of upper case characters used.

Weight

10

Fix Recommendation

Configure the SQL Server contained databases to have users originating from Windows principals. Remove any users not created from Windows principals.

Check Contents

Execute the following query to determine if Contained Databases are used:

SELECT * FROM sys.databases WHERE containment = 1

If any records are returned. Check the server documentation for a list of authorized contained database users. Ensure contained database users are not using SQL Authentication.

EXEC sp_MSforeachdb 'USE [?]; SELECT DB_NAME() AS DatabaseName, * FROM sys.database_principals WHERE authentication_type = 2'

If any records are returned, this is a finding.

Vulnerability Number

V-213965

Documentable

False

Rule Version

SQL6-D0-008000

Severity Override Guidance

Execute the following query to determine if Contained Databases are used:

SELECT * FROM sys.databases WHERE containment = 1

If any records are returned. Check the server documentation for a list of authorized contained database users. Ensure contained database users are not using SQL Authentication.

EXEC sp_MSforeachdb 'USE [?]; SELECT DB_NAME() AS DatabaseName, * FROM sys.database_principals WHERE authentication_type = 2'

If any records are returned, this is a finding.

Check Content Reference

M

Target Key

3993

Comments