STIGQter STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

SQL Server must prevent non-privileged users from executing privileged functionality, to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

DISA Rule

SV-82375r1_rule

Vulnerability Number

V-67885

Group Title

SRG-APP-000340-DB-000304

Rule Version

SQL4-00-032500

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Use REVOKE and/or DENY and/or ALTER SERVER ROLE ... DROP MEMBER ... statements to align EXECUTE permissions (and any other relevant permissions) with documented requirements.

Check Contents

Review the system documentation to obtain the definition of the SQL Server database/DBMS functionality considered privileged in the context of the system in question.

Review the SQL Server security configuration and/or other means used to protect privileged functionality from unauthorized use.

If the configuration does not protect all of the actions defined as privileged, this is a finding.

The database permission functions and views provided in the supplemental file Permissions.sql can help with this.

Vulnerability Number

V-67885

Documentable

False

Rule Version

SQL4-00-032500

Severity Override Guidance

Review the system documentation to obtain the definition of the SQL Server database/DBMS functionality considered privileged in the context of the system in question.

Review the SQL Server security configuration and/or other means used to protect privileged functionality from unauthorized use.

If the configuration does not protect all of the actions defined as privileged, this is a finding.

The database permission functions and views provided in the supplemental file Permissions.sql can help with this.

Check Content Reference

M

Target Key

2639

Comments