STIGQter STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

Use of credentials and proxies must be restricted to necessary cases only.

DISA Rule

SV-213980r617437_rule

Vulnerability Number

V-213980

Group Title

SRG-APP-000342-DB-000302

Rule Version

SQL6-D0-010500

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Remove any SQL Agent Proxy accounts and credentials that are not authorized.

DROP CREDENTIAL <Credential Name>
GO

USE [msdb]
EXEC sp_delete_proxy @proxy_name = '<Proxy Name>'
GO

Check Contents

Review the server documentation to obtain a listing of accounts used for executing external processes. Execute the following query to obtain a listing of accounts currently configured for use by external processes.

SELECT C.name AS credential_name, C.credential_identity
FROM sys.credentials C
GO

SELECT P.name AS proxy_name, C.name AS credential_name, C.credential_identity
FROM sys.credentials C
JOIN msdb.dbo.sysproxies P ON C.credential_id = P.credential_id
WHERE P.enabled = 1
GO

If any Credentials or SQL Agent Proxy accounts are returned that are not documented and authorized, this is a finding.

Vulnerability Number

V-213980

Documentable

False

Rule Version

SQL6-D0-010500

Severity Override Guidance

Review the server documentation to obtain a listing of accounts used for executing external processes. Execute the following query to obtain a listing of accounts currently configured for use by external processes.

SELECT C.name AS credential_name, C.credential_identity
FROM sys.credentials C
GO

SELECT P.name AS proxy_name, C.name AS credential_name, C.credential_identity
FROM sys.credentials C
JOIN msdb.dbo.sysproxies P ON C.credential_id = P.credential_id
WHERE P.enabled = 1
GO

If any Credentials or SQL Agent Proxy accounts are returned that are not documented and authorized, this is a finding.

Check Content Reference

M

Target Key

3993

Comments