STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-213975r617437_rule
V-213975
SRG-APP-000243-DB-000373
SQL6-D0-009800
CAT II
10
Configure SQL Server to effectively protect the private resources of one process or user from unauthorized access by another user or process.
sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
sp_configure 'common criteria compliance enabled', 1;
GO
RECONFIGURE
GO
Review system documentation to determine if Common Criteria Compliance is not required due to potential impact on system performance.
SQL Server Residual Information Protection (RIP) requires a memory allocation to be overwritten with a known pattern of bits before memory is reallocated to a new resource. Meeting the RIP standard can contribute to improved security; however, overwriting the memory allocation can slow performance. After the common criteria compliance enabled option is enabled, the overwriting occurs.
Review the Instance configuration:
SELECT value_in_use
FROM sys.configurations
WHERE name = 'common criteria compliance enabled'
If "value_in_use" is set to "1" this is not a finding.
If "value_in_use" is set to "0" this is a finding.
NOTE: Enabling this feature may impact performance on highly active SQL Server instances. If an exception justifying setting SQL Server Residual Information Protection (RIP) to disabled (value_in_use set to "0") has been documented and approved, then this may be downgraded to a CAT III finding.
V-213975
False
SQL6-D0-009800
Review system documentation to determine if Common Criteria Compliance is not required due to potential impact on system performance.
SQL Server Residual Information Protection (RIP) requires a memory allocation to be overwritten with a known pattern of bits before memory is reallocated to a new resource. Meeting the RIP standard can contribute to improved security; however, overwriting the memory allocation can slow performance. After the common criteria compliance enabled option is enabled, the overwriting occurs.
Review the Instance configuration:
SELECT value_in_use
FROM sys.configurations
WHERE name = 'common criteria compliance enabled'
If "value_in_use" is set to "1" this is not a finding.
If "value_in_use" is set to "0" this is a finding.
NOTE: Enabling this feature may impact performance on highly active SQL Server instances. If an exception justifying setting SQL Server Residual Information Protection (RIP) to disabled (value_in_use set to "0") has been documented and approved, then this may be downgraded to a CAT III finding.
M
3993