STIGQter STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server must have the SQL Server Reporting Services (SSRS) software component removed if it is unused.

DISA Rule

SV-82315r1_rule

Vulnerability Number

V-67825

Group Title

SRG-APP-000141-DB-000091

Rule Version

SQL4-00-016600

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Either using the Start menu or via the command "control.exe", open the Windows Control Panel. Open Programs and Features. Double-click on Microsoft SQL Server 2014. In the dialog box that appears, select Remove. Wait for the Remove wizard to appear.

Select the relevant SQL Server instance; click Next.

Select Reporting Services - Native; select Reporting Services Add-in for SharePoint Products if it is present; click Next.

Follow the remaining prompts, to remove SQL Server Reporting Services from SQL Server.

Check Contents

If the SQL Server service "SQL Server Reporting Services (<Instance Name>)" is used and satisfies organizational requirements, this is not a finding.

From a command prompt or the Start menu, using an account with System Administrator Privilege, open services.msc. Look for: "SQL Server Reporting Services (<Instance Name>)".

If the "SQL Server Reporting Services (<Instance Name>)" service exists, this is a finding.

Vulnerability Number

V-67825

Documentable

False

Rule Version

SQL4-00-016600

Severity Override Guidance

If the SQL Server service "SQL Server Reporting Services (<Instance Name>)" is used and satisfies organizational requirements, this is not a finding.

From a command prompt or the Start menu, using an account with System Administrator Privilege, open services.msc. Look for: "SQL Server Reporting Services (<Instance Name>)".

If the "SQL Server Reporting Services (<Instance Name>)" service exists, this is a finding.

Check Content Reference

M

Target Key

2639

Comments