STIGQter STIGQter: STIG Summary: Microsoft SQL Server 2012 Database Instance Security Technical Implementation Guide Version: 1 Release: 18 Benchmark Date: 25 Jan 2019: SQL Server must maintain and support organization-defined security labels on stored information.

DISA Rule

SV-53912r4_rule

Vulnerability Number

V-41389

Group Title

SRG-APP-000006-DB-000183

Rule Version

SQL2-00-000300

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Develop SQL or application code or acquire a third party tool to perform data labeling.

Check Contents

Review system documentation to determine if the labeling of sensitive data is required under organization-defined guidelines.
If the labeling of sensitive data is not required, this is NA.

Obtain system configuration settings to determine how data labeling is being performed. This can be through triggers or some other SQL-developed means or via a third-party tool. Spot check data and ensure the appropriate labels have been applied to stored data.

If the labeling of sensitive data is required and is not being performed, this is a finding.

Vulnerability Number

V-41389

Documentable

False

Rule Version

SQL2-00-000300

Severity Override Guidance

Review system documentation to determine if the labeling of sensitive data is required under organization-defined guidelines.
If the labeling of sensitive data is not required, this is NA.

Obtain system configuration settings to determine how data labeling is being performed. This can be through triggers or some other SQL-developed means or via a third-party tool. Spot check data and ensure the appropriate labels have been applied to stored data.

If the labeling of sensitive data is required and is not being performed, this is a finding.

Check Content Reference

M

Target Key

2560

Comments