STIGQter STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server must have the SQL Server Integration Services (SSIS) software component removed if it is unused.

DISA Rule

SV-82317r1_rule

Vulnerability Number

V-67827

Group Title

SRG-APP-000141-DB-000091

Rule Version

SQL4-00-016700

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Either using the Start menu or via the command "control.exe", open the Windows Control Panel. Open Programs and Features. Double-click on Microsoft SQL Server 2014. In the dialog box that appears, select Remove. Wait for the Remove wizard to appear.

Select '<< Remove shared features only >>'; click Next. Note: all SQL Server 2014 instances will be affected by this action.

Select Integration Services; click Next.

Follow the remaining prompts, to remove SQL Server Integration Services from SQL Server.

Check Contents

If the SQL Server service "SQL Server Integration Services 12.0" is used and satisfies organizational requirements, this is not a finding.

From a command prompt or the Start menu, using an account with System Administrator Privilege, open services.msc. Look for: "SQL Server Integration Services 12.0".

If the "SQL Server Integration Services 12.0" service exists, this is a finding.

Vulnerability Number

V-67827

Documentable

False

Rule Version

SQL4-00-016700

Severity Override Guidance

If the SQL Server service "SQL Server Integration Services 12.0" is used and satisfies organizational requirements, this is not a finding.

From a command prompt or the Start menu, using an account with System Administrator Privilege, open services.msc. Look for: "SQL Server Integration Services 12.0".

If the "SQL Server Integration Services 12.0" service exists, this is a finding.

Check Content Reference

M

Target Key

2639

Comments