STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-213942r617437_rule
V-213942
SRG-APP-000109-DB-000049
SQL6-D0-005600
CAT II
10
If SQL Server Audit is in use, configure SQL Server Audit to shut SQL Server down upon audit failure, to include running out of space for audit logs.
Run this T-SQL script for each identified audit:
ALTER SERVER AUDIT [AuditNameHere] WITH (STATE = OFF);
GO
ALTER SERVER AUDIT [AuditNameHere] WITH (ON_FAILURE = SHUTDOWN);
GO
ALTER SERVER AUDIT [AuditNameHere] WITH (STATE = ON);
GO
If the system documentation indicates that availability takes precedence over audit trail completeness, this is not applicable (NA).
If SQL Server Audit is in use, review the defined server audits by running the statement:
SELECT * FROM sys.server_audits;
By observing the [name] and [is_state_enabled] columns, identify the row or rows in use.
If the [on_failure_desc] is "SHUTDOWN SERVER INSTANCE" on this/these row(s), this is not a finding. Otherwise, this is a finding.
V-213942
False
SQL6-D0-005600
If the system documentation indicates that availability takes precedence over audit trail completeness, this is not applicable (NA).
If SQL Server Audit is in use, review the defined server audits by running the statement:
SELECT * FROM sys.server_audits;
By observing the [name] and [is_state_enabled] columns, identify the row or rows in use.
If the [on_failure_desc] is "SHUTDOWN SERVER INSTANCE" on this/these row(s), this is not a finding. Otherwise, this is a finding.
M
3993