STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server must isolate security functions from nonsecurity functions.

DISA Rule

SV-82369r1_rule

Vulnerability Number

V-67879

Group Title

SRG-APP-000233-DB-000124

Rule Version

SQL4-00-021500

Severity

CAT II

CCI(s)

CCI-001084 - The information system isolates security functions from nonsecurity functions.

Weight

Fix Recommendation

Where possible, locate security-related database objects and code in a separate database, schema, or other separate security domain from database objects and code implementing application logic.

In all cases, use GRANT, REVOKE, DENY, ALTER ROLE … ADD MEMBER … and/or ALTER ROLE …. DROP MEMBER statements to add and remove permissions on server-level and database-level security-related objects to provide effective isolation.

Check Contents

Determine application-specific security objects (lists of permissions, additional authentication information, stored procedures, application specific auditing, etc.) which are being housed inside SQL server in addition to the built-in security objects.

Review permissions, both direct and indirect, on the security objects, both built-in and application-specific. The functions and views provided in the supplemental file Permissions.sql can help with this.

If the database(s), schema(s) and permissions on security objects are not organized to provide effective isolation of security functions from nonsecurity functions, this is a finding.

Vulnerability Number

V-67879

Documentable

False

Rule Version

SQL4-00-021500

Severity Override Guidance

Check Content Reference

Target Key

2639

SQL Server must isolate security functions from nonsecurity functions.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments