SQL2-00-023500 - SQL Server job/batch queues must be reviewed regularly to detect unauthorized SQL Server job submissions.

Information

When dealing with unauthorized SQL Server job submissions, it should be noted any unauthorized job submissions to SQL Server job/batch queues can potentially have significant effects on the overall security of the system.

If SQL Server were to allow any user to make SQL Server job/batch queue submissions, then those submissions might lead to a compromise of system integrity and/or data. This requirement is contingent upon the SQL Server job/batch queue being review regularly for unauthorized submissions.

Accordingly, only qualified and authorized individuals shall be allowed to obtain access to submit SQL Server jobs. Job/batch queue submissions must adhere to an organization-defined job submission process.

Unmanaged changes that occur to SQL Server job/batch queues can lead to a compromised system.

Solution

Document procedures, within the system documentation, that detect for unauthorized SQL Server job submissions.

Develop and implement procedures to detect for unauthorized SQL Server job submissions of Stored Procedures that are automatically executed and Agent jobs that are enabled.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2012_V1R20_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-53925r2_rule, STIG-ID|SQL2-00-023500, Vuln-ID|V-41399

Plugin: MS_SQLDB

Control ID: e06b0845b82411d2d2814c91fcbd280bbc60196b15e16e3577b9d53aa9ae38ac