STIGQter STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server must have the SQL Server Data Tools (SSDT) software component removed if it is unused.

DISA Rule

SV-82313r1_rule

Vulnerability Number

V-67823

Group Title

SRG-APP-000141-DB-000091

Rule Version

SQL4-00-016500

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Document the requirement for SQL Server Data Tools to reside on this server.

If it is not required, using an account with System Administrator privileges, from Command Prompt, open control.exe.

Navigate to Programs and Features. Remove the following entries in the 'Uninstall or change a program' window.

Microsoft SQL Server Data Tools - Database Projects - Web installer entry point
Prerequisites for SSDT

Check Contents

Review the list of components and features installed with the database. Using an account with System Administrator privileges, from Command Prompt, open control.exe.

Navigate to Programs and Features. Check for the following entries in the 'Uninstall or change a program' window.

Microsoft SQL Server Data Tools - Database Projects - Web installer entry point
Prerequisites for SSDT

If SQL Server Data Tools is not documented as a server requirement, and these entries exist, this is a finding.

Vulnerability Number

V-67823

Documentable

False

Rule Version

SQL4-00-016500

Severity Override Guidance

Review the list of components and features installed with the database. Using an account with System Administrator privileges, from Command Prompt, open control.exe.

Navigate to Programs and Features. Check for the following entries in the 'Uninstall or change a program' window.

Microsoft SQL Server Data Tools - Database Projects - Web installer entry point
Prerequisites for SSDT

If SQL Server Data Tools is not documented as a server requirement, and these entries exist, this is a finding.

Check Content Reference

M

Target Key

2639

Comments