STIGQter STIGQter: STIG Summary: Microsoft SQL Server 2012 Database Instance Security Technical Implementation Guide Version: 1 Release: 18 Benchmark Date: 25 Jan 2019: SQL Server must maintain and support organization-defined security labels on information in process.

DISA Rule

SV-53914r4_rule

Vulnerability Number

V-41391

Group Title

SRG-APP-000007-DB-000184

Rule Version

SQL2-00-000400

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Develop SQL or application code or acquire a third party tool to perform data labeling.

Check Contents

Review system documentation to determine if the labeling of sensitive data is required under organization-defined guidelines.

If the labeling of sensitive data is not required, this is NA.

Obtain system configuration settings to determine how data labeling is being performed. This can be through triggers or some other SQL-developed means or via a third-party tool.

If the labeling of sensitive information in process is not being performed, this is a finding.

Vulnerability Number

V-41391

Documentable

False

Rule Version

SQL2-00-000400

Severity Override Guidance

Review system documentation to determine if the labeling of sensitive data is required under organization-defined guidelines.

If the labeling of sensitive data is not required, this is NA.

Obtain system configuration settings to determine how data labeling is being performed. This can be through triggers or some other SQL-developed means or via a third-party tool.

If the labeling of sensitive information in process is not being performed, this is a finding.

Check Content Reference

M

Target Key

2560

Comments