STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

Software updates to SQL Server must be tested before being applied to production systems.

DISA Rule

SV-82405r1_rule

Vulnerability Number

V-67915

Group Title

SRG-APP-000456-DB-000390

Rule Version

SQL4-00-035500

Severity

CAT II

CCI(s)

• CCI-002605 - The organization installs security-relevant software updates within an organization-defined time period of the release of the updates.

Weight

10

Fix Recommendation

Institute and adhere to policies and procedures to ensure that SQL Server updates are tested prior to installation on production servers.

Check Contents

Obtain evidence that SQL Server software updates are tested before being applied to production servers, and that any exceptions are approved by the ISSM.

If such evidence cannot be obtained, or the evidence that is obtained indicates a pattern of noncompliance, this is a finding.

Vulnerability Number

V-67915

Documentable

False

Rule Version

SQL4-00-035500

Severity Override Guidance

Obtain evidence that SQL Server software updates are tested before being applied to production servers, and that any exceptions are approved by the ISSM.

If such evidence cannot be obtained, or the evidence that is obtained indicates a pattern of noncompliance, this is a finding.

Check Content Reference

M

Target Key

2639

Comments