| Checked | Name | Title |
|---|
| ☐ | SV-81877r2_rule | The Service Master Key must be backed up, stored offline and off-site. |
| ☐ | SV-82247r1_rule | The number of concurrent SQL Server sessions for each system account must be limited. |
| ☐ | SV-82249r1_rule | SQL Server authentication and identity management must be integrated with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. |
| ☐ | SV-82251r1_rule | SQL Server must enforce approved authorizations for logical access to server-level system resources in accordance with applicable access control policies. |
| ☐ | SV-82253r1_rule | SQL Server must protect against an individual using a shared account from falsely denying having performed a particular action. |
| ☐ | SV-82255r1_rule | Where SQL Server Trace is in use for auditing purposes, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be traced. |
| ☐ | SV-82257r1_rule | Where SQL Server Audit is in use, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited at the server level. |
| ☐ | SV-82259r2_rule | Where SQL Server Audit is in use, SQL Server must generate audit records when privileges/permissions are retrieved. |
| ☐ | SV-82261r2_rule | Where SQL Server Audit is in use, SQL Server must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. |
| ☐ | SV-82263r1_rule | SQL Server must produce Trace or Audit records containing sufficient information to establish when the events occurred. |
| ☐ | SV-82265r2_rule | SQL Server must produce Trace or Audit records containing sufficient information to establish where the events occurred. |
| ☐ | SV-82267r2_rule | SQL Server must produce Trace or Audit records containing sufficient information to establish the sources (origins) of the events. |
| ☐ | SV-82269r2_rule | SQL Server must produce Trace or Audit records containing sufficient information to establish the outcome (success or failure) of the events. |
| ☐ | SV-82271r2_rule | SQL Server must produce Trace or Audit records containing sufficient information to establish the identity of any user/subject associated with the event. |
| ☐ | SV-82273r1_rule | SQL Server must include organization-defined additional, more detailed information in Trace or Audit records for events identified by type, location, or subject. |
| ☐ | SV-82275r1_rule | Unless it has been determined that availability is paramount, SQL Server must shut down upon the failure of an Audit, or a Trace used for auditing purposes, to include the unavailability of space for more audit/trace log records. |
| ☐ | SV-82277r5_rule | Where availability is paramount, the SQL Server must continue processing (preferably overwriting existing records, oldest first), in the event of lack of space for more Audit/Trace log records; and must keep processing after any failure of an Audit/Trace. |
| ☐ | SV-82279r2_rule | The audit information produced by SQL Server must be protected from unauthorized read access. |
| ☐ | SV-82281r2_rule | The audit information produced by SQL Server must be protected from unauthorized modification. |
| ☐ | SV-82283r2_rule | The audit information produced by SQL Server must be protected from unauthorized deletion. |
| ☐ | SV-82285r2_rule | Audit tools used in, or in conjunction with, SQL Server must be protected from unauthorized access. |
| ☐ | SV-82293r1_rule | SQL Server and/or the operating system must protect its audit configuration from unauthorized modification. |
| ☐ | SV-82295r1_rule | SQL Server and the operating system must protect SQL Server audit features from unauthorized removal. |
| ☐ | SV-82297r1_rule | Software, applications, and configuration files that are part of, or related to, the SQL Server installation must be monitored to discover unauthorized changes. |
| ☐ | SV-82299r1_rule | SQL Server security-relevant configuration settings must be monitored to discover unauthorized changes. |
| ☐ | SV-82301r1_rule | SQL Server software installation account(s) must be restricted to authorized users. |
| ☐ | SV-82303r2_rule | Database software directories, including SQL Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications. |
| ☐ | SV-82305r1_rule | The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to SQL Server, etc.) must be restricted to authorized users. |
| ☐ | SV-82307r1_rule | SQL Server must have the publicly available Northwind sample database removed. |
| ☐ | SV-82309r1_rule | SQL Server must have the publicly available pubs sample database removed. |
| ☐ | SV-82311r1_rule | SQL Server must have the publicly available AdventureWorks sample database removed. |
| ☐ | SV-82313r1_rule | SQL Server must have the SQL Server Data Tools (SSDT) software component removed if it is unused. |
| ☐ | SV-82315r1_rule | SQL Server must have the SQL Server Reporting Services (SSRS) software component removed if it is unused. |
| ☐ | SV-82317r1_rule | SQL Server must have the SQL Server Integration Services (SSIS) software component removed if it is unused. |
| ☐ | SV-82319r1_rule | SQL Server must have the SQL Server Analysis Services (SSAS) software component removed if it is unused. |
| ☐ | SV-82321r1_rule | SQL Server must have the SQL Server Distributed Replay Client software component removed if it is unused. |
| ☐ | SV-82323r1_rule | SQL Server must have the SQL Server Distributed Replay Controller software component removed if it is unused. |
| ☐ | SV-82325r1_rule | SQL Server must have the Full-Text Search software component removed if it is unused. |
| ☐ | SV-82327r1_rule | SQL Server must have the Master Data Services software component removed if it is unused. |
| ☐ | SV-82329r1_rule | SQL Server must have the SQL Server Replication software component removed if it is unused. |
| ☐ | SV-82331r1_rule | SQL Server must have the Data Quality Client software component removed if it is unused. |
| ☐ | SV-82333r1_rule | SQL Server must have the Data Quality Services software component removed if it is unused. |
| ☐ | SV-82335r1_rule | SQL Server must have the Client Tools SDK software component removed if it is unused. |
| ☐ | SV-82337r1_rule | SQL Server must have the Management Tools software component removed if it is unused. |
| ☐ | SV-82339r1_rule | SQL Server must have the Filestream feature disabled if it is unused. |
| ☐ | SV-82341r2_rule | Unused database components that are integrated in SQL Server and cannot be uninstalled must be disabled. |
| ☐ | SV-82343r1_rule | The SQL Server default account [sa] must be disabled. |
| ☐ | SV-82345r1_rule | SQL Server default account [sa] must have its name changed. |
| ☐ | SV-82347r1_rule | Access to xp_cmdshell must be disabled, unless specifically required and approved. |
| ☐ | SV-82349r1_rule | SQL Server must be configured to prohibit or restrict the use of unauthorized network protocols. |
| ☐ | SV-82351r1_rule | SQL Server and Windows must be configured to prohibit or restrict the use of unauthorized network ports. |
| ☐ | SV-82353r1_rule | SQL Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). |
| ☐ | SV-82357r2_rule | Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. |
| ☐ | SV-82359r1_rule | When using command-line tools such as SQLCMD in a mixed-mode authentication environment, users must use a logon method that does not expose the password. |
| ☐ | SV-82361r1_rule | SQL Server must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations. |
| ☐ | SV-82363r1_rule | SQL Server must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users). |
| ☐ | SV-82365r1_rule | SQL Server must be configured to separate user functionality (including user interface services) from database management functionality. |
| ☐ | SV-82369r1_rule | SQL Server must isolate security functions from nonsecurity functions. |
| ☐ | SV-82371r1_rule | Access to database files must be limited to relevant processes and to authorized, administrative users. |
| ☐ | SV-82373r1_rule | SQL Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect. |
| ☐ | SV-82375r1_rule | SQL Server must prevent non-privileged users from executing privileged functionality, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. |
| ☐ | SV-82377r2_rule | Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. |
| ☐ | SV-82379r1_rule | SQL Server must utilize centralized management of the content captured in audit records generated by all components of the DBMS. |
| ☐ | SV-82381r1_rule | SQL Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. |
| ☐ | SV-82383r1_rule | SQL Server, the operating system, or the storage system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity. |
| ☐ | SV-82385r2_rule | SQL Server or software monitoring SQL Server must provide an immediate real-time alert to appropriate support staff of all audit log failures. |
| ☐ | SV-82387r1_rule | SQL Server must produce time stamps that can be mapped to Coordinated Universal Time (UTC, formerly GMT). |
| ☐ | SV-82389r1_rule | SQL Server must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. |
| ☐ | SV-82391r1_rule | SQL Server and Windows must enforce access restrictions associated with changes to the configuration of the SQL Server instance or database(s). |
| ☐ | SV-82393r3_rule | SQL Server must produce Trace or Audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s). |
| ☐ | SV-82395r1_rule | SQL Server must disable communication protocols not required for operation. |
| ☐ | SV-82397r1_rule | SQL Server must implement and/or support cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components. |
| ☐ | SV-82399r1_rule | The confidentiality and integrity of information managed by SQL Server must be maintained during preparation for transmission. |
| ☐ | SV-82401r1_rule | The confidentiality and integrity of information managed by SQL Server must be maintained during reception. |
| ☐ | SV-82403r1_rule | Security-relevant software updates to SQL Server must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). |
| ☐ | SV-82405r1_rule | Software updates to SQL Server must be tested before being applied to production systems. |
| ☐ | SV-82407r2_rule | SQL Server must produce Trace or Audit records when security objects are accessed. |
| ☐ | SV-82409r2_rule | SQL Server must produce Trace or Audit records when unsuccessful attempts to access security objects occur. |
| ☐ | SV-82411r2_rule | SQL Server must generate Trace or Audit records when privileges/permissions are added. |
| ☐ | SV-82413r2_rule | SQL Server must generate Trace or Audit records when unsuccessful attempts to add privileges/permissions occur. |
| ☐ | SV-82415r2_rule | SQL Server must generate Trace or Audit records when privileges/permissions are deleted. |
| ☐ | SV-82417r2_rule | SQL Server must generate Trace or Audit records when unsuccessful attempts to delete privileges/permissions occur. |
| ☐ | SV-82419r2_rule | SQL Server must generate Trace or Audit records when successful logons or connections occur. |
| ☐ | SV-82421r2_rule | SQL Server must generate Trace or Audit records when unsuccessful logons or connection attempts occur. |
| ☐ | SV-82423r2_rule | SQL Server must generate Trace or Audit records for all privileged activities or other system-level access. |
| ☐ | SV-82425r2_rule | SQL Server must generate Trace or Audit records when unsuccessful attempts to execute privileged activities or other system-level access occur. |
| ☐ | SV-82427r2_rule | SQL Server must generate Trace or Audit records when logoffs or disconnections occur. |
| ☐ | SV-82429r1_rule | SQL Server must generate Trace or Audit records when concurrent logons/connections by the same user from different workstations occur. |
| ☐ | SV-82431r1_rule | SQL Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. |
| ☐ | SV-82433r1_rule | If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password complexity. |
| ☐ | SV-82435r2_rule | If SQL Server authentication, using passwords, is employed, SQL Server must enforce the DoD standards for password lifetime. |
| ☐ | SV-85245r1_rule | The SQL Server Browser service must be disabled if its use is not necessary.. |
STIGQter: STIG Summary: