STIGQter: STIG Summary: MS SQL Server 2014 Database Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 26 Jan 2018:

When supporting applications that require security labeling of data, SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in process.

DISA Rule

SV-81893r2_rule

Vulnerability Number

V-67403

Group Title

SRG-APP-000313-DB-000309

Rule Version

SQL4-00-032000

Severity

CAT II

CCI(s)

CCI-002263 - The organization provides the means to associate organization-defined types of security attributes having organization-defined security attribute values with information in process.

Weight

Fix Recommendation

Develop SQL or application code or acquire a third party tool to perform data labeling.

Check Contents

If security labeling is not required, this is not a finding.

If security labeling requirements have been specified, but the security labeling is not implemented or does not reliably maintain labels on information in process, this is a finding.

Vulnerability Number

V-67403

Documentable

False

Rule Version

SQL4-00-032000

Severity Override Guidance

Check Content Reference

Target Key

2637

When supporting applications that require security labeling of data, SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in process.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments