DISA STIG SQL Server 2016 Instance OS Audit v2r6

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG SQL Server 2016 Instance OS Audit v2r6

Updated: 5/27/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.2

Estimated Item Count: 40

Audit Items

Description	Categories
SQL6-D0-003800 - SQL Server must be configured to utilize the most-secure authentication method available.
SQL6-D0-004000 - SQL Server must protect against a user falsely repudiating by ensuring all accounts are individual, unique, and not shared.
SQL6-D0-006700 - SQL Server software installation account must be restricted to authorized users.
SQL6-D0-006800 - Database software, including DBMS configuration files, must be stored in dedicated directories, separate from the host OS and other applications.	CONFIGURATION MANAGEMENT
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - SSL 2.0 Client DisabledByDefault	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - SSL 2.0 Client Enabled	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - SSL 2.0 Server DisabledByDefault	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - SSL 2.0 Server Enabled	CONFIGURATION MANAGEMENT
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - SSL 3.0 Client DisabledByDefault	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - SSL 3.0 Client Enabled	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - SSL 3.0 Server DisabledByDefault	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - SSL 3.0 Server Enabled	CONFIGURATION MANAGEMENT
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - TLS 1.0 Client DisabledByDefault	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - TLS 1.0 Client Enabled	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - TLS 1.0 Server DisabledByDefault	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - TLS 1.0 Server Enabled	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - TLS 1.1 Client DisabledByDefault	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - TLS 1.1 Client Enabled	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - TLS 1.1 Server DisabledByDefault	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - TLS 1.1 Server Enabled	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - TLS 1.2 Client DisabledByDefault	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - TLS 1.2 Client Enabled	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - TLS 1.2 Server DisabledByDefault	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008300 - Confidentiality of controlled information during transmission through the use of an approved TLS version - TLS 1.2 Server Enabled	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008400 - SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server.	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-008700 - SQL Server must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-009200 - SQL Server must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-009900 - SQL Server must prevent unauthorized and unintended information transfer via shared system resources.	ACCESS CONTROL
SQL6-D0-010000 - Access to database files must be limited to relevant processes and to authorized, administrative users.	AUDIT AND ACCOUNTABILITY
SQL6-D0-011200 - SQL Server must record time stamps in audit records and application data that can be mapped to Coordinated Universal Time (UTC, formerly GMT).	CONFIGURATION MANAGEMENT
SQL6-D0-011500 - Windows must enforce access restrictions associated with changes to the configuration of the SQL Server instance.	ACCESS CONTROL
SQL6-D0-015600 - SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to provision digital signatures.	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-015700 - SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to generate and validate cryptographic hashes.	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-015800 - SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements.	SYSTEM AND COMMUNICATIONS PROTECTION
SQL6-D0-016000 - SQL Server must configure Customer Feedback and Error Reporting - CustomerFeedback	CONFIGURATION MANAGEMENT
SQL6-D0-016000 - SQL Server must configure Customer Feedback and Error Reporting - EnableErrorReporting	SYSTEM AND INFORMATION INTEGRITY
SQL6-D0-016100 - SQL Server must configure SQL Server Usage and Error Reporting Auditing - permissions	ACCESS CONTROL
SQL6-D0-016100 - SQL Server must configure SQL Server Usage and Error Reporting Auditing - SQLTELEMETRY	CONFIGURATION MANAGEMENT
SQL6-D0-016100 - SQL Server must configure SQL Server Usage and Error Reporting Auditing - SSASTELEMETRY	CONFIGURATION MANAGEMENT
SQL6-D0-017800 - The SQL Server Browser service must be disabled unless specifically required and approved.	CONFIGURATION MANAGEMENT

Detections

Analytics

DISA STIG SQL Server 2016 Instance OS Audit v2r6

Warning! Audit Deprecated

Audit Details

Audit Items