STIGQter: STIG Summary: MS SQL Server 2014 Instance Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 24 Apr 2020:

The confidentiality and integrity of information managed by SQL Server must be maintained during reception.

DISA Rule

SV-82401r1_rule

Vulnerability Number

V-67911

Group Title

SRG-APP-000442-DB-000379

Rule Version

SQL4-00-035100

Severity

CAT II

CCI(s)

• CCI-002422 - The information system maintains the confidentiality and/or integrity of information during reception.

Weight

10

Fix Recommendation

Implement protective measures against unauthorized disclosure and modification during reception.

Check Contents

If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, this is not a finding.

If SQL Server, associated applications, and infrastructure do not employ protective measures against unauthorized disclosure and modification during reception, this is a finding.

Vulnerability Number

V-67911

Documentable

False

Rule Version

SQL4-00-035100

Severity Override Guidance

If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, this is not a finding.

If SQL Server, associated applications, and infrastructure do not employ protective measures against unauthorized disclosure and modification during reception, this is a finding.

Check Content Reference

M

Target Key

2639

Comments