STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server and Windows must be configured to prohibit or restrict the use of unauthorized network ports.

DISA Rule

SV-82351r1_rule

Vulnerability Number

V-67861

Group Title

SRG-APP-000142-DB-000094

Rule Version

SQL4-00-017410

Severity

CAT II

CCI(s)

CCI-000382 - The organization configures the information system to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services.

Weight

Fix Recommendation

Change the ports used by SQL Server to comply with PPSM guidance, or document the need for other ports, and obtain written approval. Close ports no longer needed.

Check Contents

Review the ports used by SQL Server.

If these are in conflict with PPSM guidance, and not explained and approved in the system documentation, this is a finding.

Vulnerability Number

V-67861

Documentable

False

Rule Version

SQL4-00-017410

Severity Override Guidance

Review the ports used by SQL Server.

If these are in conflict with PPSM guidance, and not explained and approved in the system documentation, this is a finding.

Check Content Reference

Target Key

2639

SQL Server and Windows must be configured to prohibit or restrict the use of unauthorized network ports.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments