STIGQter: STIG Summary: MS SQL Server 2014 Database Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 26 Jan 2018: STIGQter: STIG Summary: MS SQL Server 2014 Database Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 26 Jan 2018:SV-81863r1_rule
V-67373
SRG-APP-000133-DB-000200
SQL4-00-015620
CAT II
10
Run the SQL statements:
USE [master];
GO
ALTER DATABASE <name> SET TRUSTWORTHY OFF;
GO
If the database is owned by an account that is directly or indirectly a member of a fixed (built-in) server role, this is not applicable (NA).
Run the query:
USE <database name>;
GO
SELECT
DB_NAME() AS [Database],
SUSER_SNAME(D.owner_sid) AS [Database Owner],
CASE WHEN D.is_trustworthy_on = 1 THEN 'ON' ELSE 'off' END
AS [Trustworthy]
FROM
sys.databases D
WHERE
D.[name] = DB_NAME()
AND DB_NAME() <> 'msdb'
AND D.is_trustworthy_on = 1;
GO
If the query returns a row indicating that the TRUSTWORTHY setting is OFF, or returns no rows, this is not a finding.
Review the system security plan to determine whether the need for TRUSTWORTHY is documented and approved. If not, this is a finding.
V-67373
False
SQL4-00-015620
If the database is owned by an account that is directly or indirectly a member of a fixed (built-in) server role, this is not applicable (NA).
Run the query:
USE <database name>;
GO
SELECT
DB_NAME() AS [Database],
SUSER_SNAME(D.owner_sid) AS [Database Owner],
CASE WHEN D.is_trustworthy_on = 1 THEN 'ON' ELSE 'off' END
AS [Trustworthy]
FROM
sys.databases D
WHERE
D.[name] = DB_NAME()
AND DB_NAME() <> 'msdb'
AND D.is_trustworthy_on = 1;
GO
If the query returns a row indicating that the TRUSTWORTHY setting is OFF, or returns no rows, this is not a finding.
Review the system security plan to determine whether the need for TRUSTWORTHY is documented and approved. If not, this is a finding.
M
2637