STIGQter STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server must have the Data Quality Client software component removed if it is unused.

DISA Rule

SV-82331r1_rule

Vulnerability Number

V-67841

Group Title

SRG-APP-000141-DB-000091

Rule Version

SQL4-00-016830

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Either using the Start menu or via the command "control.exe", open the Windows Control Panel. Open Programs and Features. Double-click on Microsoft SQL Server 2014. In the dialog box that appears, select Remove. Wait for the Remove wizard to appear.

Select the relevant SQL Server instance; click Next.

Select Data Quality Client; click Next.

Follow the remaining prompts, to remove Data Quality Client from SQL Server.

Check Contents

If the Data Quality Client feature is used and satisfies organizational requirements, this is not a finding.

In Windows Server 2008 R2 or lower, click on the Start button. In the Start menu, navigate to All Programs >> Microsoft SQL Server 2014.

If the "Data Quality Services" folder exists and contains the Data Quality Client program, this is a finding.

In Windows Server 2012 or higher, click on the Start button. In the Start menu, navigate to Apps >> Microsoft SQL Server 2014.

If the Data Quality Client program is listed, this is a finding.

In Windows Explorer, navigate to <drive where SQL Server is installed>:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\DQ\

If this folder exists and contains the file DataQualityServices.exe, this is a finding.

Vulnerability Number

V-67841

Documentable

False

Rule Version

SQL4-00-016830

Severity Override Guidance

If the Data Quality Client feature is used and satisfies organizational requirements, this is not a finding.

In Windows Server 2008 R2 or lower, click on the Start button. In the Start menu, navigate to All Programs >> Microsoft SQL Server 2014.

If the "Data Quality Services" folder exists and contains the Data Quality Client program, this is a finding.

In Windows Server 2012 or higher, click on the Start button. In the Start menu, navigate to Apps >> Microsoft SQL Server 2014.

If the Data Quality Client program is listed, this is a finding.

In Windows Explorer, navigate to <drive where SQL Server is installed>:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\DQ\

If this folder exists and contains the file DataQualityServices.exe, this is a finding.

Check Content Reference

M

Target Key

2639

Comments