DISA STIG SQL Server 2014 Instance OS Audit v2r3

Audit Details

Name: DISA STIG SQL Server 2014 Instance OS Audit v2r3

Updated: 10/6/2023

Authority: DISA STIG

Plugin: Windows

Revision: 1.3

Estimated Item Count: 24

File Details

Filename: DISA_STIG_MSSQL_2014_Instance-OS_v2r3.audit

Size: 66 kB

MD5: 1ef0e5ffb45f41f7b6bfbc4e979cc3e5
SHA256: 9eef5bcc63d17d843557e9f195ac0a24ef717ebfab005f702b62d77cb81004b9

Audit Items

DescriptionCategories
DISA_STIG_MSSQL_2014_Instance-OS_v2r3.audit from DISA MS SQL Server 2014 Instance v2r3 STIG
SQL4-00-014000 - SQL Server and/or the operating system must protect its audit configuration from unauthorized modification.

AUDIT AND ACCOUNTABILITY

SQL4-00-014100 - SQL Server and the operating system must protect SQL Server audit features from unauthorized removal.

AUDIT AND ACCOUNTABILITY

SQL4-00-015350 - Software, applications, and configuration files that are part of, or related to, the SQL Server installation must be monitored to discover unauthorized changes.

CONFIGURATION MANAGEMENT

SQL4-00-015400 - SQL Server software installation account(s) must be restricted to authorized users.

CONFIGURATION MANAGEMENT

SQL4-00-015500 - Database software directories, including SQL Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications.

CONFIGURATION MANAGEMENT

SQL4-00-016500 - SQL Server must have the SQL Server Data Tools (SSDT) software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016600 - SQL Server must have the SQL Server Reporting Services (SSRS) software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016700 - SQL Server must have the SQL Server Integration Services (SSIS) software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016800 - SQL Server must have the SQL Server Analysis Services (SSAS) software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016805 - SQL Server must have the SQL Server Distributed Replay Client software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016810 - SQL Server must have the SQL Server Distributed Replay Controller software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016815 - SQL Server must have the Full-Text Search software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016820 - SQL Server must have the Master Data Services software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016826 - SQL Server must have the SQL Server Replication software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016830 - SQL Server must have the Data Quality Client software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016845 - SQL Server must have the Client Tools SDK software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-016850 - SQL Server must have the Management Tools software component removed if it is unused.

CONFIGURATION MANAGEMENT

SQL4-00-031100 - SQL Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations.

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

SQL4-00-033600 - SQL Server must produce time stamps that can be mapped to Coordinated Universal Time (UTC, formerly GMT).

AUDIT AND ACCOUNTABILITY

SQL4-00-034200 - SQL Server must disable communication protocols not required for operation.

CONFIGURATION MANAGEMENT

SQL4-00-034800 - SQL Server must implement and/or support cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL4-00-035400 - Security-relevant software updates to SQL Server must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

SYSTEM AND INFORMATION INTEGRITY

SQL4-00-039100 - The SQL Server Browser service must be disabled if its use is not necessary..

CONFIGURATION MANAGEMENT