STIGQter STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

SQL Server must generate audit records when unsuccessful attempts to delete privileges/permissions occur.

DISA Rule

SV-214008r617437_rule

Vulnerability Number

V-214008

Group Title

SRG-APP-000499-DB-000331

Rule Version

SQL6-D0-014200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Add the following events to the SQL Server Audit that is being used for the STIG compliant audit.

DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
DATABASE_OWNERSHIP_CHANGE_GROUP
DATABASE_PERMISSION_CHANGE_GROUP
DATABASE_ROLE_MEMBER_CHANGE_GROUP
SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
SERVER_OBJECT_OWNERSHIP_CHANGE_GROUP
SERVER_OBJECT_PERMISSION_CHANGE_GROUP
SERVER_PERMISSION_CHANGE_GROUP
SERVER_ROLE_MEMBER_CHANGE_GROUP

See the supplemental file "SQL 2016 Audit.sql".

Reference:
https://msdn.microsoft.com/en-us/library/cc280663.aspx

Check Contents

Check the SQL Server Audit being used for the STIG compliant audit.

If the following events are not included, this is a finding.

DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
DATABASE_OWNERSHIP_CHANGE_GROUP
DATABASE_PERMISSION_CHANGE_GROUP
DATABASE_ROLE_MEMBER_CHANGE_GROUP
SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
SERVER_OBJECT_OWNERSHIP_CHANGE_GROUP
SERVER_OBJECT_PERMISSION_CHANGE_GROUP
SERVER_PERMISSION_CHANGE_GROUP
SERVER_ROLE_MEMBER_CHANGE_GROUP

Reference:
https://msdn.microsoft.com/en-us/library/cc280663.aspx

Vulnerability Number

V-214008

Documentable

False

Rule Version

SQL6-D0-014200

Severity Override Guidance

Check the SQL Server Audit being used for the STIG compliant audit.

If the following events are not included, this is a finding.

DATABASE_OBJECT_OWNERSHIP_CHANGE_GROUP
DATABASE_OBJECT_PERMISSION_CHANGE_GROUP
DATABASE_OWNERSHIP_CHANGE_GROUP
DATABASE_PERMISSION_CHANGE_GROUP
DATABASE_ROLE_MEMBER_CHANGE_GROUP
SCHEMA_OBJECT_OWNERSHIP_CHANGE_GROUP
SCHEMA_OBJECT_PERMISSION_CHANGE_GROUP
SERVER_OBJECT_OWNERSHIP_CHANGE_GROUP
SERVER_OBJECT_PERMISSION_CHANGE_GROUP
SERVER_PERMISSION_CHANGE_GROUP
SERVER_ROLE_MEMBER_CHANGE_GROUP

Reference:
https://msdn.microsoft.com/en-us/library/cc280663.aspx

Check Content Reference

M

Target Key

3993

Comments