SQL2-00-009710 - Owners of privileged accounts must use non-privileged accounts for non-administrative activities.

Information

Use of privileged accounts for non-administrative purposes puts data at risk of unintended or unauthorized loss, modification, or exposure. In particular, DBA accounts, if used for non-administration application development or application maintenance, can lead to excessive privileges where privileges are inherited by object owners. It may also lead to loss or compromise of application data where the elevated privileges bypass controls designed in and provided by applications.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Require that DBAs and other privileged users use non-privileged accounts for non-administrative activities.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2012_V1R20_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-74287r1_rule, STIG-ID|SQL2-00-009710, Vuln-ID|V-59857

Plugin: MS_SQLDB

Control ID: a3af1bde7da4081d87a4177bc1e52948c707230b773cb13b26fc91b1e44cf089