STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

SQL Server must configure Customer Feedback and Error Reporting.

DISA Rule

SV-214026r617437_rule

Vulnerability Number

V-214026

Group Title

SRG-APP-000516-DB-000363

Rule Version

SQL6-D0-016000

Severity

CAT II

CCI(s)

CCI-000366 - The organization implements the security configuration settings.

Weight

Fix Recommendation

To disable participation in the CEIP program, change the value of the following registry keys to zero (0).

To enable participation in the CEIP program, change the value of the following registry keys to one (1).

HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\[InstanceId]\CPE\CustomerFeedback
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\[InstanceId]\CPE\EnableErrorReporting
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\130\CustomerFeedback
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\130\EnableErrorReporting

Check Contents

Launch "Registry Editor"

Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\[InstanceId]\CPE
Review the following values: CustomerFeedback, EnableErrorReporting

Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\130
Review the following values: CustomerFeedback, EnableErrorReporting

If this is a classified system, and any of the above values are not zero (0), this is a finding.

If this is an unclassified system, review the server documentation to determine whether CEIP participation is authorized.

If CEIP participation is not authorized, and any of the above values are one (1), this is a finding.

SQL Server must configure Customer Feedback and Error Reporting.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments