STIGQter: STIG Summary: MS SQL Server 2014 Database Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 26 Jan 2018:

When invalid inputs are received, SQL Server must behave in a predictable and documented manner that reflects organizational and system objectives.

DISA Rule

SV-81901r2_rule

Vulnerability Number

V-67411

Group Title

SRG-APP-000447-DB-000393

Rule Version

SQL4-00-035200

Severity

CAT II

CCI(s)

• CCI-002754 - The information system behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

Weight

10

Fix Recommendation

Revise and deploy the source code for database program objects (stored procedures, functions, triggers) and application source code, to implement the documented behavior.

Check Contents

Review system documentation to determine how input errors are to be handled in general and if any special handling is defined for specific circumstances.

Review the source code for database program objects (stored procedures, functions, triggers) and application source code to identify how the system responds to invalid input.

If it does not implement the documented behavior, this is a finding.

Vulnerability Number

V-67411

Documentable

False

Rule Version

SQL4-00-035200

Severity Override Guidance

Review system documentation to determine how input errors are to be handled in general and if any special handling is defined for specific circumstances.

Review the source code for database program objects (stored procedures, functions, triggers) and application source code to identify how the system responds to invalid input.

If it does not implement the documented behavior, this is a finding.

Check Content Reference

M

Target Key

2637

Comments