STIGQter STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server and/or the operating system must protect its audit configuration from unauthorized modification.

DISA Rule

SV-82293r1_rule

Vulnerability Number

V-67803

Group Title

SRG-APP-000122-DB-000203

Rule Version

SQL4-00-014000

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Apply or modify Windows permissions on tools used to view or modify audit log data (to include traces used for audit purposes), to make them accessible by authorized personnel only.

Check Contents

In Windows, review the access permissions to tools used to view or modify audit log data (to include traces used for audit purposes).

If appropriate permissions and access controls to prevent unauthorized changes are not applied to these tools, this is a finding.

Vulnerability Number

V-67803

Documentable

False

Rule Version

SQL4-00-014000

Severity Override Guidance

In Windows, review the access permissions to tools used to view or modify audit log data (to include traces used for audit purposes).

If appropriate permissions and access controls to prevent unauthorized changes are not applied to these tools, this is a finding.

Check Content Reference

M

Target Key

2639

Comments