STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020: STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:SV-82301r1_rule
V-67811
SRG-APP-000133-DB-000198
SQL4-00-015400
CAT II
10
From a Command Prompt, open lusrmgr.msc. Navigate to Users >> right-click individual user >> Properties >> Member Of.
Configure SQL Server & OS settings and access controls, to restrict user access to objects and data that the user is authorized to view or interact with.
Develop, document, and implement procedures to restrict use of the DBMS software installation account.
Check system documentation for policy and procedures to restrict use of the SQL Server software installation account.
Check OS settings to determine whether users are restricted from accessing SQL Server objects and data they are not authorized to access by checking the local OS user accounts.
From a Command Prompt, open lusrmgr.msc. Navigate to Users >> right-click individual user >> Properties >> Member Of.
If appropriate access controls for all users are not implemented to restrict access to only authorized users and to restrict the access of those users to objects and data they are authorized, this is a finding.
Review procedures for controlling and granting access to use of the SQL Server software installation account.
If access or use of this account is not restricted to the minimum number of personnel required, or unauthorized access to this account has been granted, this is a finding.
V-67811
False
SQL4-00-015400
Check system documentation for policy and procedures to restrict use of the SQL Server software installation account.
Check OS settings to determine whether users are restricted from accessing SQL Server objects and data they are not authorized to access by checking the local OS user accounts.
From a Command Prompt, open lusrmgr.msc. Navigate to Users >> right-click individual user >> Properties >> Member Of.
If appropriate access controls for all users are not implemented to restrict access to only authorized users and to restrict the access of those users to objects and data they are authorized, this is a finding.
Review procedures for controlling and granting access to use of the SQL Server software installation account.
If access or use of this account is not restricted to the minimum number of personnel required, or unauthorized access to this account has been granted, this is a finding.
M
2639