STIGQter STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server must have the SQL Server Distributed Replay Controller software component removed if it is unused.

DISA Rule

SV-82323r1_rule

Vulnerability Number

V-67833

Group Title

SRG-APP-000141-DB-000091

Rule Version

SQL4-00-016810

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Either using the Start menu or via the command "control.exe", open the Windows Control Panel. Open Programs and Features. Double-click on Microsoft SQL Server 2014. In the dialog box that appears, select Remove. Wait for the Remove wizard to appear.

Select '<< Remove shared features only >>'; click Next. (Note: all instances of SQL Server 2012 or higher may be affected by this action.)

Select Distributed Replay Controller; click Next.

Follow the remaining prompts, to remove Distributed Replay Controller from SQL Server.

Check Contents

If the SQL Server service "SQL Server Distributed Replay Controller" is used and satisfies organizational requirements, this is not a finding.

From a command prompt or the Start menu, using an account with System Administrator Privilege, open services.msc. Look for: "SQL Server Distributed Replay Controller".

If the "SQL Server Distributed Replay Controller" service exists, this is a finding.

Vulnerability Number

V-67833

Documentable

False

Rule Version

SQL4-00-016810

Severity Override Guidance

If the SQL Server service "SQL Server Distributed Replay Controller" is used and satisfies organizational requirements, this is not a finding.

From a command prompt or the Start menu, using an account with System Administrator Privilege, open services.msc. Look for: "SQL Server Distributed Replay Controller".

If the "SQL Server Distributed Replay Controller" service exists, this is a finding.

Check Content Reference

M

Target Key

2639

Comments