STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

SQL Server must maintain a separate execution domain for each executing process.

DISA Rule

SV-213991r617437_rule

Vulnerability Number

V-213991

Group Title

SRG-APP-000431-DB-000388

Rule Version

SQL6-D0-012300

Severity

CAT II

CCI(s)

• CCI-002530 - The information system maintains a separate execution domain for each executing process.

Weight

10

Fix Recommendation

Disable CLR support in SQL Server by executing the following query:

EXEC sp_configure 'clr enabled', 0
GO

RECONFIGURE
GO

Check Contents

Review the server documentation to determine whether use of CLR assemblies is required. Run the following query to determine whether CLR is enabled for the instance:

SELECT name, value, value_in_use
FROM sys.configurations
WHERE name = 'clr enabled'

If "value_in_use" is a "1" and CLR is not required, this is a finding.

Vulnerability Number

V-213991

Documentable

False

Rule Version

SQL6-D0-012300

Severity Override Guidance

Review the server documentation to determine whether use of CLR assemblies is required. Run the following query to determine whether CLR is enabled for the instance:

SELECT name, value, value_in_use
FROM sys.configurations
WHERE name = 'clr enabled'

If "value_in_use" is a "1" and CLR is not required, this is a finding.

Check Content Reference

M

Target Key

3993

Comments