STIGQter STIGQter: STIG Summary: MS SQL Server 2014 Database Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 26 Jan 2018:

Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.

DISA Rule

SV-81879r1_rule

Vulnerability Number

V-67389

Group Title

SRG-APP-000243-DB-000128

Rule Version

SQL4-00-021800

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Create and document a process for moving data from production to development/test systems and follow the process.

Modify any code used for moving data from production to development/test systems to ensure copies of production data are not left in unsecured locations.

Check Contents

Verify there are proper procedures in place for the transfer of development/test data from production. Review any scripts or code that exists for the movement of production data to development/test and verify copies of production data are not left in unprotected locations.

If there is no documented procedure for data movement from production to development/test, this is a finding.

If data movement code that copies from production to development/test does exist and leaves any copies of production data in unprotected locations, this is a finding.

Vulnerability Number

V-67389

Documentable

False

Rule Version

SQL4-00-021800

Severity Override Guidance

Verify there are proper procedures in place for the transfer of development/test data from production. Review any scripts or code that exists for the movement of production data to development/test and verify copies of production data are not left in unprotected locations.

If there is no documented procedure for data movement from production to development/test, this is a finding.

If data movement code that copies from production to development/test does exist and leaves any copies of production data in unprotected locations, this is a finding.

Check Content Reference

M

Target Key

2637

Comments