STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

SQL Server default account [sa] must have its name changed.

DISA Rule

SV-214029r617437_rule

Vulnerability Number

V-214029

Group Title

SRG-APP-000141-DB-000092

Rule Version

SQL6-D0-016300

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Modify the SQL Server's [sa] (system administrator) account by running the following script:

USE master;
GO
ALTER LOGIN [sa] WITH NAME = <new name>
GO

Check Contents

Verify the SQL Server default [sa] (system administrator) account name has been changed by executing the following query:

USE master;
GO
SELECT *
FROM sys.sql_logins
WHERE [name] = 'sa' OR [principal_id] = 1;
GO

If the login account name "SA" or "sa" appears in the query output, this is a finding.

Vulnerability Number

V-214029

Documentable

False

Rule Version

SQL6-D0-016300

Severity Override Guidance

Verify the SQL Server default [sa] (system administrator) account name has been changed by executing the following query:

USE master;
GO
SELECT *
FROM sys.sql_logins
WHERE [name] = 'sa' OR [principal_id] = 1;
GO

If the login account name "SA" or "sa" appears in the query output, this is a finding.

Check Content Reference

M

Target Key

3993

Comments