STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server must have the SQL Server Replication software component removed if it is unused.

DISA Rule

SV-82329r1_rule

Vulnerability Number

V-67839

Group Title

SRG-APP-000141-DB-000091

Rule Version

SQL4-00-016826

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Either using the Start menu or via the command "control.exe", open the Windows Control Panel. Open Programs and Features. Double-click on Microsoft SQL Server 2014. In the dialog box that appears, select Remove. Wait for the Remove wizard to appear.

Select the relevant SQL Server instance; click Next.

Select SQL Server Replication; click Next.

Follow the remaining prompts, to remove SQL Server Replication from SQL Server.

Check Contents

If the SQL Server Replication feature is used and satisfies organizational requirements, this is not a finding.

In SQL Server Management Studio, Object Explorer, expand the instance. Right-click Replication >> New >> Publication.

If the Publication Wizard appears, with no error message, this is a finding.

Right-click Replication >> New >> Subscription.

If the Subscription Wizard appears, with no error message, this is a finding.

Vulnerability Number

V-67839

Documentable

False

Rule Version

SQL4-00-016826

Severity Override Guidance

If the SQL Server Replication feature is used and satisfies organizational requirements, this is not a finding.

In SQL Server Management Studio, Object Explorer, expand the instance. Right-click Replication >> New >> Publication.

If the Publication Wizard appears, with no error message, this is a finding.

Right-click Replication >> New >> Subscription.

If the Subscription Wizard appears, with no error message, this is a finding.

Check Content Reference

M

Target Key

2639

Comments