Detections
Analytics

Item Search

NameAudit NamePluginCategory
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are InstalledCIS SQL Server 2008 R2 DB Engine L1 v1.7.0MS_SQLDB

CONFIGURATION MANAGEMENT

2.9 Ensure 'Trustworthy' Database Property is set to 'Off'CIS SQL Server 2012 Database L1 DB v1.6.0MS_SQLDB

ACCESS CONTROL

2.16 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databasesCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

3.2 Ensure CONNECT permissions on the 'guest' user is Revoked within all SQL Server databasesCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL, MEDIA PROTECTION

3.6 Ensure the SQL Server's SQLAgent Service Account is Not an AdministratorCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL

3.8 Ensure only the default permissions specified by Microsoft are granted to the public server roleCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL, MEDIA PROTECTION

3.12 Ensure the 'SYSADMIN' Role is Limited to Administrative or Built-in AccountsCIS Microsoft SQL Server 2019 v1.5.0 L1 Database EngineMS_SQLDB

ACCESS CONTROL

3.12 Ensure the 'SYSADMIN' Role is Limited to Administrative or Built-in AccountsCIS Microsoft SQL Server 2022 v1.2.1 L1 Database EngineMS_SQLDB

ACCESS CONTROL

4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin RoleCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL

5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Java' PackagesCIS Oracle Server 12c DB Traditional Auditing v3.0.0OracleDB

ACCESS CONTROL

5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on 'Java' PackagesCIS Oracle Server 12c DB Unified Auditing v3.0.0OracleDB

ACCESS CONTROL

5.1.1.4 Ensure 'EXECUTE' is revoked from 'PUBLIC' on "Java" PackagesCIS Oracle Server 19c DB Traditional Auditing v1.2.0OracleDB

ACCESS CONTROL, MEDIA PROTECTION

5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on 'Non-default' PackagesCIS Oracle Server 12c DB Traditional Auditing v3.0.0OracleDB

ACCESS CONTROL

5.1.2.1 Ensure 'EXECUTE' is not granted to 'PUBLIC' on 'Non-default' PackagesCIS Oracle Server 12c DB Unified Auditing v3.0.0OracleDB

ACCESS CONTROL

5.2 Ensure External File System Access is disabled - enable cisCIS Sybase 15.0 L1 DB v1.1.0SybaseDB
5.2 Ensure External File System Access is disabled - enable file accessCIS Sybase 15.0 L1 DB v1.1.0SybaseDB
5.3 Ensure 'Login Auditing' is set to 'failed logins'CIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

AUDIT AND ACCOUNTABILITY

5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins'CIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

AUDIT AND ACCOUNTABILITY

6.4 Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSLCIS Google Cloud Platform Foundation v4.0.0 L1GCP

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to 'greater than or equal to 2048' in non-system databasesCIS SQL Server 2017 Database L1 AWS RDS v1.3.0MS_SQLDB

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Agent'DISA STIG SQL Server 2012 Database OS Audit v1r20Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Analysis Services'DISA STIG SQL Server 2012 Database OS Audit v1r20Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Distributed Replay Client'DISA STIG SQL Server 2012 Database OS Audit v1r20Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Distributed Replay Controller'DISA STIG SQL Server 2012 Database OS Audit v1r20Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Integration Services 11.0'DISA STIG SQL Server 2012 Database OS Audit v1r20Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Reporting Services'DISA STIG SQL Server 2012 Database OS Audit v1r20Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server VSS Writer'DISA STIG SQL Server 2012 Database OS Audit v1r20Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server'DISA STIG SQL Server 2012 Database OS Audit v1r20Windows

ACCESS CONTROL, CONFIGURATION MANAGEMENT

SQL2-00-015600 - Database objects must be owned by accounts authorized for ownership.DISA STIG SQL Server 2012 Database Audit v1r20MS_SQLDB

CONFIGURATION MANAGEMENT

SQL2-00-015620 - In a database owned by a login not having administrative privileges at the instance level, the database property TRUSTWORTHY must be OFF unless required and authorized.DISA STIG SQL Server 2012 Database Audit v1r20MS_SQLDB

CONFIGURATION MANAGEMENT

SQL2-00-016200 - SQL Server must have the publicly available NorthWind sample database removed.DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

CONFIGURATION MANAGEMENT

SQL2-00-016300 - SQL Server must have the publicly available AdventureWorks sample database removed.DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

CONFIGURATION MANAGEMENT

SQL2-00-017100 - SQL Server default account sa must be disabled.DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

CONFIGURATION MANAGEMENT

SQL2-00-019500 - SQL Server must implement required cryptographic protections using cryptographic modules complying with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.DISA STIG SQL Server 2012 Database Audit v1r20MS_SQLDB

SYSTEM AND COMMUNICATIONS PROTECTION

SQL2-00-020200 - SQL Server must protect the integrity of publicly available information and SQL Servers configuration from unauthorized User Mapping access.DISA STIG SQL Server 2012 DB Instance Security v1r20MS_SQLDB

CONFIGURATION MANAGEMENT

SQL4-00-015610 - In a database owned by [sa], or by any other login having administrative privileges at the instance level, the database property TRUSTWORTHY must be OFF.DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

CONFIGURATION MANAGEMENT

SQL4-00-015620 - In a database owned by a login not having administrative privileges at the instance level, the database property TRUSTWORTHY must be OFF unless required and authorized.DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

CONFIGURATION MANAGEMENT

SQL4-00-036500 - SQL Server must generate Trace or Audit records when unsuccessful attempts to modify locally-defined security objects occur - Event ID 46DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-036500 - SQL Server must generate Trace or Audit records when unsuccessful attempts to modify locally-defined security objects occur - Event ID 47DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-036500 - SQL Server must generate Trace or Audit records when unsuccessful attempts to modify locally-defined security objects occur - Event ID 162DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-036500 - SQL Server must generate Trace or Audit records when unsuccessful attempts to modify locally-defined security objects occur - Event ID 164DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-036500 - SQL Server must generate Trace or Audit records when unsuccessful attempts to modify locally-defined security objects occur - SCHEMA_OBJECT_CHANGE...DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-036500 - SQL Server must generate Trace or Audit records when unsuccessful attempts to modify locally-defined security objects occur.DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-037200 - SQL Server must generate Trace or Audit records when unsuccessful attempts to drop locally-defined security objects occur - Event ID 46DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-037200 - SQL Server must generate Trace or Audit records when unsuccessful attempts to drop locally-defined security objects occur - Event ID 47DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-037200 - SQL Server must generate Trace or Audit records when unsuccessful attempts to drop locally-defined security objects occur - Event ID 162DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-037200 - SQL Server must generate Trace or Audit records when unsuccessful attempts to drop locally-defined security objects occur - Event ID 164DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQL4-00-037200 - SQL Server must generate Trace or Audit records when unsuccessful attempts to drop locally-defined security objects occur.DISA STIG SQL Server 2014 Database Audit v1r7MS_SQLDB

AUDIT AND ACCOUNTABILITY

SQLI-22-016300 - The SQL Server default account [sa] must have its name changed.DISA Microsoft SQL Server 2022 Instance STIG v1r1 MS_SQLDBMS_SQLDB

CONFIGURATION MANAGEMENT

SQLI-22-017600 - The remote Data Archive feature must be disabled unless specifically required and approved.DISA Microsoft SQL Server 2022 Instance STIG v1r1 MS_SQLDBMS_SQLDB

CONFIGURATION MANAGEMENT