DISA_STIG_MSSQL_2016_Instance-OS_v3r5.audit from DISA MS SQL Server 2016 Instance v3r5 STIG

SQL6-D0-003800 - SQL Server must be configured to utilize the most-secure authentication method available.

CAT|II

CCI|CCI-000015

Rule-ID|SV-213931r1043176_rule

STIG-ID|SQL6-D0-003800

STIG-Legacy|SV-93829

STIG-Legacy|V-79123

Vuln-ID|V-213931

SQL6-D0-004000 - SQL Server must protect against a user falsely repudiating by ensuring all accounts are individual, unique, and not shared.

CCI|CCI-000166

Rule-ID|SV-213933r960864_rule

STIG-ID|SQL6-D0-004000

STIG-Legacy|SV-93833

STIG-Legacy|V-79127

Vuln-ID|V-213933

SQL6-D0-006700 - SQL Server software installation account must be restricted to authorized users.

CAT|I

CCI|CCI-001499

Rule-ID|SV-213952r960960_rule

STIG-ID|SQL6-D0-006700

STIG-Legacy|SV-93873

STIG-Legacy|V-79167

Vuln-ID|V-213952

SQL6-D0-006800 - Database software, including DBMS configuration files, must be stored in dedicated directories, separate from the host OS and other applications.

Rule-ID|SV-213953r960960_rule

STIG-ID|SQL6-D0-006800

STIG-Legacy|SV-93875

STIG-Legacy|V-79169

Vuln-ID|V-213953

SQL6-D0-007600 - SQL Server must be configured to prohibit or restrict the use of organization-defined protocols as defined in the PPSM CAL and vulnerability assessments.

CCI|CCI-000382

Rule-ID|SV-213961r1043177_rule

STIG-ID|SQL6-D0-007600

STIG-Legacy|SV-93891

STIG-Legacy|V-79185

Vuln-ID|V-213961

SQL6-D0-007700 - SQL Server must be configured to prohibit or restrict the use of organization-defined ports, as defined in the PPSM CAL and vulnerability assessments.

Rule-ID|SV-213962r1043177_rule

STIG-ID|SQL6-D0-007700

STIG-Legacy|SV-93893

STIG-Legacy|V-79187

Vuln-ID|V-213962

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version.

CCI|CCI-000197

Rule-ID|SV-213967r961029_rule

STIG-ID|SQL6-D0-008300

STIG-Legacy|SV-106625

STIG-Legacy|V-97521

Vuln-ID|V-213967

SQL6-D0-008400 - SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server.

CCI|CCI-000186

Rule-ID|SV-213968r961041_rule

STIG-ID|SQL6-D0-008400

STIG-Legacy|SV-93903

STIG-Legacy|V-79197

Vuln-ID|V-213968

SQL6-D0-008700 - SQL Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations.

CCI|CCI-000803

Rule-ID|SV-213969r961050_rule

STIG-ID|SQL6-D0-008700

STIG-Legacy|SV-93905

STIG-Legacy|V-79199

Vuln-ID|V-213969

SQL6-D0-009200 - SQL Server must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

CCI|CCI-001188

Rule-ID|SV-213971r1043181_rule

STIG-ID|SQL6-D0-009200

STIG-Legacy|SV-93909

STIG-Legacy|V-79203

Vuln-ID|V-213971

SQL6-D0-009900 - SQL Server must prevent unauthorized and unintended information transfer via Instant File Initialization (IFI).

CCI|CCI-001090

Rule-ID|SV-213976r961149_rule

STIG-ID|SQL6-D0-009900

STIG-Legacy|SV-93919

STIG-Legacy|V-79213

Vuln-ID|V-213976

SQL6-D0-010000 - Access to database files must be limited to relevant processes and to authorized, administrative users.

Rule-ID|SV-213977r961149_rule

STIG-ID|SQL6-D0-010000

STIG-Legacy|SV-93921

STIG-Legacy|V-79215

Vuln-ID|V-213977

SQL6-D0-011200 - SQL Server must record time stamps in audit records and application data that can be mapped to Coordinated Universal Time (UTC, formerly GMT).

CCI|CCI-001890

Rule-ID|SV-213986r961443_rule

STIG-ID|SQL6-D0-011200

STIG-Legacy|SV-93939

STIG-Legacy|V-79233

Vuln-ID|V-213986

SQL6-D0-011500 - Windows must enforce access restrictions associated with changes to the configuration of the SQL Server instance.

CCI|CCI-001813

Rule-ID|SV-213988r961461_rule

STIG-ID|SQL6-D0-011500

STIG-Legacy|SV-93943

STIG-Legacy|V-79237

Vuln-ID|V-213988

SQL6-D0-015600 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures.

CCI|CCI-002450

Rule-ID|SV-214022r961857_rule

STIG-ID|SQL6-D0-015600

STIG-Legacy|SV-94011

STIG-Legacy|V-79305

Vuln-ID|V-214022

SQL6-D0-015700 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes.

Rule-ID|SV-214023r961857_rule

STIG-ID|SQL6-D0-015700

STIG-Legacy|SV-94013

STIG-Legacy|V-79307

Vuln-ID|V-214023

SQL6-D0-015800 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements.

Rule-ID|SV-214024r961857_rule

STIG-ID|SQL6-D0-015800

STIG-Legacy|SV-94015

STIG-Legacy|V-79309

Vuln-ID|V-214024

SQL6-D0-016000 - SQL Server must configure Customer Feedback and Error Reporting.

CCI|CCI-000366

Rule-ID|SV-214026r961863_rule

STIG-ID|SQL6-D0-016000

STIG-Legacy|SV-94019

STIG-Legacy|V-79313

Vuln-ID|V-214026

SQL6-D0-016100 - SQL Server must configure SQL Server Usage and Error Reporting Auditing.

Rule-ID|SV-214027r961863_rule

STIG-ID|SQL6-D0-016100

STIG-Legacy|SV-94021

STIG-Legacy|V-79315

Vuln-ID|V-214027

SQL6-D0-017800 - The SQL Server Browser service must be disabled unless specifically required and approved.

Detections

Analytics

Revision 1.2Feb 25, 2026

Functional Update

Miscellaneous