STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

SQL Server must generate audit records for all direct access to the database(s).

DISA Rule

SV-214021r617437_rule

Vulnerability Number

V-214021

Group Title

SRG-APP-000508-DB-000358

Rule Version

SQL6-D0-015500

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Weight

10

Fix Recommendation

Check the system documentation for required SQL Server Audits. Remove any Audit filters that exclude or reduce required auditing. Update filters to ensure administrative activity is not excluded.

Check Contents

Determine whether any Server Audits are configured to filter records. From SQL Server Management Studio execute the following query:

SELECT name AS AuditName, predicate AS AuditFilter
FROM sys.server_audits
WHERE predicate IS NOT NULL

If any audits are returned, review the associated filters to determine whether administrative activities are being excluded.

If any audits are configured to exclude administrative activities, this is a finding.

Vulnerability Number

V-214021

Documentable

False

Rule Version

SQL6-D0-015500

Severity Override Guidance

Determine whether any Server Audits are configured to filter records. From SQL Server Management Studio execute the following query:

SELECT name AS AuditName, predicate AS AuditFilter
FROM sys.server_audits
WHERE predicate IS NOT NULL

If any audits are returned, review the associated filters to determine whether administrative activities are being excluded.

If any audits are configured to exclude administrative activities, this is a finding.

Check Content Reference

M

Target Key

3993

Comments