STIGQter STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password lifetime.

DISA Rule

SV-82435r2_rule

Vulnerability Number

V-67945

Group Title

SRG-APP-000164-DB-000401

Rule Version

SQL4-00-038910

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

For each SQL Server Login identified in the Check as out of compliance:
In SQL Server Management Studio Object Explorer, navigate to <SQL Server instance name> >> Security >> Logins >> <login name>. Right-click, select Properties. Select the check box Enforce Password Expiration. Click OK.

Alternatively, for each identified Login, run the statement:
ALTER LOGIN <login name> CHECK_EXPIRATION = ON;

Check Contents

Run the statement:
SELECT
name
FROM
sys.sql_logins
WHERE
type_desc = 'SQL_LOGIN'
AND is_disabled = 0
AND is_expiration_checked = 0;

If no account names are listed, this is not a finding.

For each account name listed, determine whether it is documented as requiring exemption from the standard password lifetime rules, if it is not, this is a finding.

Vulnerability Number

V-67945

Documentable

False

Rule Version

SQL4-00-038910

Severity Override Guidance

Run the statement:
SELECT
name
FROM
sys.sql_logins
WHERE
type_desc = 'SQL_LOGIN'
AND is_disabled = 0
AND is_expiration_checked = 0;

If no account names are listed, this is not a finding.

For each account name listed, determine whether it is documented as requiring exemption from the standard password lifetime rules, if it is not, this is a finding.

Check Content Reference

M

Target Key

2639

Comments