DISA_STIG_MSSQL_2016_Instance-OS_v3r5.audit from DISA MS SQL Server 2016 Instance v3r5 STIG

SQL6-D0-003800 - SQL Server must be configured to utilize the most-secure authentication method available.

CAT|II

CCI|CCI-000015

Rule-ID|SV-213931r1043176_rule

STIG-ID|SQL6-D0-003800

STIG-Legacy|SV-93829

STIG-Legacy|V-79123

Vuln-ID|V-213931

SQL6-D0-004000 - SQL Server must protect against a user falsely repudiating by ensuring all accounts are individual, unique, and not shared.

CCI|CCI-000166

Rule-ID|SV-213933r960864_rule

STIG-ID|SQL6-D0-004000

STIG-Legacy|SV-93833

STIG-Legacy|V-79127

Vuln-ID|V-213933

SQL6-D0-006700 - SQL Server software installation account must be restricted to authorized users.

CAT|I

CCI|CCI-001499

Rule-ID|SV-213952r960960_rule

STIG-ID|SQL6-D0-006700

STIG-Legacy|SV-93873

STIG-Legacy|V-79167

Vuln-ID|V-213952

SQL6-D0-006800 - Database software, including DBMS configuration files, must be stored in dedicated directories, separate from the host OS and other applications.

Rule-ID|SV-213953r960960_rule

STIG-ID|SQL6-D0-006800

STIG-Legacy|SV-93875

STIG-Legacy|V-79169

Vuln-ID|V-213953

SQL6-D0-007600 - SQL Server must be configured to prohibit or restrict the use of organization-defined protocols as defined in the PPSM CAL and vulnerability assessments.

CCI|CCI-000382

Rule-ID|SV-213961r1043177_rule

STIG-ID|SQL6-D0-007600

STIG-Legacy|SV-93891

STIG-Legacy|V-79185

Vuln-ID|V-213961

SQL6-D0-007700 - SQL Server must be configured to prohibit or restrict the use of organization-defined ports, as defined in the PPSM CAL and vulnerability assessments.

Rule-ID|SV-213962r1043177_rule

STIG-ID|SQL6-D0-007700

STIG-Legacy|SV-93893

STIG-Legacy|V-79187

Vuln-ID|V-213962

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version.

CCI|CCI-000197

Rule-ID|SV-213967r961029_rule

STIG-ID|SQL6-D0-008300

STIG-Legacy|SV-106625

STIG-Legacy|V-97521

Vuln-ID|V-213967

SQL6-D0-008400 - SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server.

CCI|CCI-000186

Rule-ID|SV-213968r961041_rule

STIG-ID|SQL6-D0-008400

STIG-Legacy|SV-93903

STIG-Legacy|V-79197

Vuln-ID|V-213968

SQL6-D0-008700 - SQL Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations.

CCI|CCI-000803

Rule-ID|SV-213969r961050_rule

STIG-ID|SQL6-D0-008700

STIG-Legacy|SV-93905

STIG-Legacy|V-79199

Vuln-ID|V-213969

SQL6-D0-009200 - SQL Server must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

CCI|CCI-001188

Rule-ID|SV-213971r1043181_rule

STIG-ID|SQL6-D0-009200

STIG-Legacy|SV-93909

STIG-Legacy|V-79203

Vuln-ID|V-213971

SQL6-D0-009900 - SQL Server must prevent unauthorized and unintended information transfer via Instant File Initialization (IFI).

CCI|CCI-001090

Rule-ID|SV-213976r961149_rule

STIG-ID|SQL6-D0-009900

STIG-Legacy|SV-93919

STIG-Legacy|V-79213

Vuln-ID|V-213976

SQL6-D0-010000 - Access to database files must be limited to relevant processes and to authorized, administrative users.

Rule-ID|SV-213977r961149_rule

STIG-ID|SQL6-D0-010000

STIG-Legacy|SV-93921

STIG-Legacy|V-79215

Vuln-ID|V-213977

SQL6-D0-011200 - SQL Server must record time stamps in audit records and application data that can be mapped to Coordinated Universal Time (UTC, formerly GMT).

CCI|CCI-001890

Rule-ID|SV-213986r961443_rule

STIG-ID|SQL6-D0-011200

STIG-Legacy|SV-93939

STIG-Legacy|V-79233

Vuln-ID|V-213986

SQL6-D0-011500 - Windows must enforce access restrictions associated with changes to the configuration of the SQL Server instance.

CCI|CCI-001813

Rule-ID|SV-213988r961461_rule

STIG-ID|SQL6-D0-011500

STIG-Legacy|SV-93943

STIG-Legacy|V-79237

Vuln-ID|V-213988

SQL6-D0-015600 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures.

CCI|CCI-002450

Rule-ID|SV-214022r961857_rule

STIG-ID|SQL6-D0-015600

STIG-Legacy|SV-94011

STIG-Legacy|V-79305

Vuln-ID|V-214022

SQL6-D0-015700 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes.

Rule-ID|SV-214023r961857_rule

STIG-ID|SQL6-D0-015700

STIG-Legacy|SV-94013

STIG-Legacy|V-79307

Vuln-ID|V-214023

SQL6-D0-015800 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements.

Rule-ID|SV-214024r961857_rule

STIG-ID|SQL6-D0-015800

STIG-Legacy|SV-94015

STIG-Legacy|V-79309

Vuln-ID|V-214024

SQL6-D0-016000 - SQL Server must configure Customer Feedback and Error Reporting.

CCI|CCI-000366

Rule-ID|SV-214026r961863_rule

STIG-ID|SQL6-D0-016000

STIG-Legacy|SV-94019

STIG-Legacy|V-79313

Vuln-ID|V-214026

SQL6-D0-016100 - SQL Server must configure SQL Server Usage and Error Reporting Auditing.

Rule-ID|SV-214027r961863_rule

STIG-ID|SQL6-D0-016100

STIG-Legacy|SV-94021

STIG-Legacy|V-79315

Vuln-ID|V-214027

SQL6-D0-017800 - The SQL Server Browser service must be disabled unless specifically required and approved.

Detections

Analytics

DISA MS SQL Server 2016 Instance STIG v3r5 Windows

Audit Details

File Details

Audit Changelog

Revision 1.2

Functional Update

Miscellaneous

Revision 1.1

Miscellaneous

Detections

Analytics

DISA MS SQL Server 2016 Instance STIG v3r5 Windows Download File

Audit Details

File Details

Audit Changelog

Revision 1.2

Functional Update

Miscellaneous

Revision 1.1

Miscellaneous

DISA MS SQL Server 2016 Instance STIG v3r5 Windows