STIGQter STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server default account [sa] must have its name changed.

DISA Rule

SV-82345r1_rule

Vulnerability Number

V-67855

Group Title

SRG-APP-000141-DB-000092

Rule Version

SQL4-00-010200

Severity

CAT III

CCI(s)

Weight

10

Fix Recommendation

Modify the SQL Server's [sa] (system administrator) account by running the following script:

USE master;
GO
ALTER LOGIN [sa] WITH NAME = <new name>;
GO

Check Contents

Verify the SQL Server default [sa] (system administrator) account name has been changed by executing the following query:

USE master;
GO
SELECT *
FROM sys.sql_logins
WHERE [name] = 'sa' OR [principal_id] = 1;
GO

If the login account name "SA" or "sa" appears in the query output, this is a finding.

Vulnerability Number

V-67855

Documentable

False

Rule Version

SQL4-00-010200

Severity Override Guidance

Verify the SQL Server default [sa] (system administrator) account name has been changed by executing the following query:

USE master;
GO
SELECT *
FROM sys.sql_logins
WHERE [name] = 'sa' OR [principal_id] = 1;
GO

If the login account name "SA" or "sa" appears in the query output, this is a finding.

Check Content Reference

M

Target Key

2639

Comments