STIGQter STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server must have the publicly available Northwind sample database removed.

DISA Rule

SV-82307r1_rule

Vulnerability Number

V-67817

Group Title

SRG-APP-000141-DB-000090

Rule Version

SQL4-00-016200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove the publicly available "Northwind" database from SQL Server by running the following script:

USE master;
GO
DROP DATABASE Northwind;
GO

Check Contents

Check SQL Server for the existence of the publicly available "Northwind" database by performing the following query:

SELECT name FROM sysdatabases WHERE name LIKE 'Northwind%';

If the "Northwind" database is present, this is a finding.

Vulnerability Number

V-67817

Documentable

False

Rule Version

SQL4-00-016200

Severity Override Guidance

Check SQL Server for the existence of the publicly available "Northwind" database by performing the following query:

SELECT name FROM sysdatabases WHERE name LIKE 'Northwind%';

If the "Northwind" database is present, this is a finding.

Check Content Reference

M

Target Key

2639

Comments