STIGQter: STIG Summary: MS SQL Server 2014 Database Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 26 Jan 2018:

When supporting applications that require security labeling of data, SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in transmission.

DISA Rule

SV-81895r2_rule

Vulnerability Number

V-67405

Group Title

SRG-APP-000314-DB-000310

Rule Version

SQL4-00-032100

Severity

CAT II

CCI(s)

CCI-002264 - The organization provides the means to associate organization-defined types of security attributes having organization-defined security attribute values with information in transmission.

Weight

Fix Recommendation

Develop SQL or application code or acquire a third party tool to perform data labeling.

Check Contents

If security labeling is not required, this is not a finding.

If security labeling requirements have been specified, but the security labeling is not implemented or does not reliably maintain labels on information in transmission, this is a finding.

Vulnerability Number

V-67405

Documentable

False

Rule Version

SQL4-00-032100

Severity Override Guidance

Check Content Reference

Target Key

2637

When supporting applications that require security labeling of data, SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in transmission.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments