DISA STIG SQL Server 2014 Instance OS Audit v2r2

Audit Details

Name: DISA STIG SQL Server 2014 Instance OS Audit v2r2

Updated: 4/25/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.1

Estimated Item Count: 23

File Details

Filename: DISA_STIG_MSSQL_2014_Instance-OS_v2r2.audit

Size: 58.5 kB

MD5: 788cc7f21364349e85503d3f6ffa058e
SHA256: 2897177b0d12ef9d8554363732e10e4c67e93084c31a34bf8cbd6f3bc35ae8f5

Audit Items

DescriptionCategories
SQL4-00-014000 - SQL Server and/or the operating system must protect its audit configuration from unauthorized modification.

AUDIT AND ACCOUNTABILITY

SQL4-00-014100 - SQL Server and the operating system must protect SQL Server audit features from unauthorized removal.

AUDIT AND ACCOUNTABILITY

SQL4-00-015350 - Software, applications, and configuration files that are part of, or related to, the SQL Server installation must be monitored to discover unauthorized changes.

CONFIGURATION MANAGEMENT

SQL4-00-015400 - SQL Server software installation account(s) must be restricted to authorized users.

CONFIGURATION MANAGEMENT

SQL4-00-015500 - Database software directories, including SQL Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications.

CONFIGURATION MANAGEMENT

SQL4-00-016500 - SQL Server must have the SQL Server Data Tools (SSDT) software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016600 - SQL Server must have the SQL Server Reporting Services (SSRS) software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016700 - SQL Server must have the SQL Server Integration Services (SSIS) software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016800 - SQL Server must have the SQL Server Analysis Services (SSAS) software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016805 - SQL Server must have the SQL Server Distributed Replay Client software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016810 - SQL Server must have the SQL Server Distributed Replay Controller software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016815 - SQL Server must have the Full-Text Search software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016820 - SQL Server must have the Master Data Services software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016826 - SQL Server must have the SQL Server Replication software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016830 - SQL Server must have the Data Quality Client software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016845 - SQL Server must have the Client Tools SDK software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016850 - SQL Server must have the Management Tools software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-031100 - SQL Server must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

SQL4-00-033600 - SQL Server must produce time stamps that can be mapped to Coordinated Universal Time (UTC, formerly GMT).

AUDIT AND ACCOUNTABILITY

SQL4-00-034200 - SQL Server must disable communication protocols not required for operation.

CONFIGURATION MANAGEMENT

SQL4-00-034800 - SQL Server must implement and/or support cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL4-00-035400 - Security-relevant software updates to SQL Server must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

SYSTEM AND INFORMATION INTEGRITY

SQL4-00-039100 - The SQL Server Browser service must be disabled if its use is not necessary..

CONFIGURATION MANAGEMENT