DISA STIG SQL Server 2016 Instance OS Audit v2r7

Audit Details

Name: DISA STIG SQL Server 2016 Instance OS Audit v2r7

Updated: 8/11/2022

Authority: DISA STIG

Plugin: Windows

Revision: 1.1

Estimated Item Count: 42

File Details

Filename: DISA_STIG_MSSQL_2016_Instance-OS_v2r7.audit

Size: 141 kB

MD5: b3f1aa73d5a925c633af8790f64c517b
SHA256: 108f38ac0ff84a645fc729178ecdc6c30499952da17760fed75826deeadbb16a

Audit Items

DescriptionCategories
SQL6-D0-003800 - SQL Server must be configured to utilize the most-secure authentication method available.

ACCESS CONTROL

SQL6-D0-004000 - SQL Server must protect against a user falsely repudiating by ensuring all accounts are individual, unique, and not shared.

AUDIT AND ACCOUNTABILITY

SQL6-D0-006700 - SQL Server software installation account must be restricted to authorized users.

CONFIGURATION MANAGEMENT

SQL6-D0-006800 - Database software, including DBMS configuration files, must be stored in dedicated directories, separate from the host OS and other applications.

CONFIGURATION MANAGEMENT

SQL6-D0-007600 - SQL Server must be configured to prohibit or restrict the use of organization-defined protocols as defined in the PPSM CAL and vulnerability assessments.

CONFIGURATION MANAGEMENT

SQL6-D0-007700 - SQL Server must be configured to prohibit or restrict the use of organization-defined ports, as defined in the PPSM CAL and vulnerability assessments.

CONFIGURATION MANAGEMENT

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 2.0 Client DisabledByDefault

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 2.0 Client Enabled

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 2.0 Server DisabledByDefault

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 2.0 Server Enabled

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 3.0 Client DisabledByDefault

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 3.0 Client Enabled

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 3.0 Server DisabledByDefault

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 3.0 Server Enabled

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.0 Client DisabledByDefault

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.0 Client Enabled

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.0 Server DisabledByDefault

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.0 Server Enabled

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.1 Client DisabledByDefault

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.1 Client Enabled

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.1 Server DisabledByDefault

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.1 Server Enabled

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.2 Client DisabledByDefault

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.2 Client Enabled

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.2 Server DisabledByDefault

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.2 Server Enabled

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008400 - SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server.

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008700 - SQL Server must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-009200 - SQL Server must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-009900 - SQL Server must prevent unauthorized and unintended information transfer via shared system resources.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-010000 - Access to database files must be limited to relevant processes and to authorized, administrative users.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-011200 - SQL Server must record time stamps in audit records and application data that can be mapped to Coordinated Universal Time (UTC, formerly GMT).

AUDIT AND ACCOUNTABILITY

SQL6-D0-011500 - Windows must enforce access restrictions associated with changes to the configuration of the SQL Server instance.

CONFIGURATION MANAGEMENT

SQL6-D0-015600 - SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to provision digital signatures.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-015700 - SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to generate and validate cryptographic hashes.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-015800 - SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-016000 - SQL Server must configure Customer Feedback and Error Reporting - CustomerFeedback

CONFIGURATION MANAGEMENT

SQL6-D0-016000 - SQL Server must configure Customer Feedback and Error Reporting - EnableErrorReporting

CONFIGURATION MANAGEMENT

SQL6-D0-016100 - SQL Server must configure SQL Server Usage and Error Reporting Auditing - permissions

CONFIGURATION MANAGEMENT

SQL6-D0-016100 - SQL Server must configure SQL Server Usage and Error Reporting Auditing - SQLTELEMETRY

CONFIGURATION MANAGEMENT

SQL6-D0-016100 - SQL Server must configure SQL Server Usage and Error Reporting Auditing - SSASTELEMETRY

CONFIGURATION MANAGEMENT

SQL6-D0-017800 - The SQL Server Browser service must be disabled unless specifically required and approved.

CONFIGURATION MANAGEMENT