STIGQter: STIG Summary: MS SQL Server 2016 Instance Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:

The SQL Server Browser service must be disabled unless specifically required and approved.

DISA Rule

SV-214042r617437_rule

Vulnerability Number

V-214042

Group Title

SRG-APP-000516-DB-000363

Rule Version

SQL6-D0-017800

Severity

CAT III

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

If SQL Server Browser is needed, document the justification and obtain the appropriate authorization.

Where SQL Server Browser is judged unnecessary, the Service can be disabled.

To disable, in the Services tool, double-click "SQL Server Browser". Set "Startup Type" to "Disabled". If "Service Status" is "Running", click on "Stop". Click on "OK".

Check Contents

If the need for the SQL Server Browser service is documented and authorized, this is not a finding.

Open the Services tool.

Either navigate, via the Windows Start Menu and/or Control Panel, to "Administrative Tools", and select "Services"; or at a command prompt, type "services.msc" and press the "Enter" key.

Scroll to "SQL Server Browser".

If its Startup Type is not shown as "Disabled", this is a finding.

Vulnerability Number

V-214042

Documentable

False

Rule Version

SQL6-D0-017800

Severity Override Guidance

If the need for the SQL Server Browser service is documented and authorized, this is not a finding.

Open the Services tool.

Either navigate, via the Windows Start Menu and/or Control Panel, to "Administrative Tools", and select "Services"; or at a command prompt, type "services.msc" and press the "Enter" key.

Scroll to "SQL Server Browser".

If its Startup Type is not shown as "Disabled", this is a finding.

Check Content Reference

M

Target Key

3993

Comments