STIGQter STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

Unused database components that are integrated in SQL Server and cannot be uninstalled must be disabled.

DISA Rule

SV-82341r2_rule

Vulnerability Number

V-67851

Group Title

SRG-APP-000141-DB-000092

Rule Version

SQL4-00-017000

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

If any components or features of SQL Server are required for operation of applications that will be accessing SQL Server data or configuration, include them in the system documentation.

If any unused components or features of SQL Server are installed and cannot be uninstalled or removed, then disable those components or features.

Check Contents

Review the components and features included in SQL Server and capable of being disabled (by configuration settings, permissions and privileges, etc.). Take note of those which are enabled.

Review the system documentation to verify that the enabled components or features are documented and authorized. If any enabled components or features are not authorized, this is a finding.

Vulnerability Number

V-67851

Documentable

False

Rule Version

SQL4-00-017000

Severity Override Guidance

Review the components and features included in SQL Server and capable of being disabled (by configuration settings, permissions and privileges, etc.). Take note of those which are enabled.

Review the system documentation to verify that the enabled components or features are documented and authorized. If any enabled components or features are not authorized, this is a finding.

Check Content Reference

M

Target Key

2639

Comments