STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server must have the publicly available AdventureWorks sample database removed.

DISA Rule

SV-82311r1_rule

Vulnerability Number

V-67821

Group Title

SRG-APP-000141-DB-000090

Rule Version

SQL4-00-016310

Severity

CAT II

CCI(s)

• CCI-000381 - The organization configures the information system to provide only essential capabilities.

Weight

10

Fix Recommendation

Remove the publicly available "AdventureWorks" database from SQL Server by running the following script:

USE master;
GO
DROP DATABASE AdventureWorks;
GO

Check Contents

Check SQL Server for the existence of the publicly available "AdventureWorks" database by performing the following query:

SELECT name FROM sysdatabases WHERE name LIKE 'AdventureWorks%';

If the "AdventureWorks" database is present, this is a finding.

Vulnerability Number

V-67821

Documentable

False

Rule Version

SQL4-00-016310

Severity Override Guidance

Check SQL Server for the existence of the publicly available "AdventureWorks" database by performing the following query:

SELECT name FROM sysdatabases WHERE name LIKE 'AdventureWorks%';

If the "AdventureWorks" database is present, this is a finding.

Check Content Reference

M

Target Key

2639

Comments