| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS SQL Server 2016 Database L1 AWS RDS v1.4.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS SQL Server 2017 Database L1 AWS RDS v1.3.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS SQL Server 2014 Database L1 DB v1.5.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS SQL Server 2016 Database L1 DB v1.4.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS Microsoft SQL Server 2019 v1.5.2 L1 Database Engine | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS Microsoft SQL Server 2022 v1.2.1 L1 AWS RDS | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS Microsoft SQL Server 2022 v1.2.1 L1 Database Engine | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS SQL Server 2017 Database L1 DB v1.3.0 | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS SQL Server 2014 Database L1 AWS RDS v1.5.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0' | CIS Microsoft SQL Server 2019 v1.5.2 L1 AWS RDS | MS_SQLDB | SECURITY ASSESSMENT AND AUTHORIZATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.9 Ensure 'SQL Mail XPs' Server Configuration Option is set to '0' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND INFORMATION INTEGRITY |
| 2.9 Ensure 'Trustworthy' Database Property is set to 'Off' | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | ACCESS CONTROL |
| 2.10 Ensure 'Trustworthy' Database Property is set to 'Off' | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | ACCESS CONTROL |
| 6.3.2 Ensure 'cross db ownership chaining' Database Flag for Cloud SQL SQL Server Instance Is Set to 'off' | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| 6.3.7 Ensure 'contained database authentication' Database Flag for Cloud SQL SQL Server Instance Is Set to 'off' | CIS Google Cloud Platform Foundation v4.0.0 L1 | GCP | ACCESS CONTROL, MEDIA PROTECTION |
| DISA_IIS_6.0_Web_Server_v6r16.audit from DISA Microsoft IIS 6.0 Server v6r16 STIG | DISA STIG IIS 6.0 Server v6r16 | Windows | |
| DISA_STIG_Microsoft_Windows_Server_2016_v2r10.audit from DISA Microsoft Windows Server 2016 STIG v2r10 | DISA Microsoft Windows Server 2016 STIG v2r10 | Windows | |
| DISA_STIG_Oracle_WebLogic_Server_12c_Windows_v2r2.audit from DISA Oracle WebLogic Server 12c v2r2 STIG | Oracle WebLogic Server 12c Windows v2r2 | Windows | |
| DISA_STIG_VMware_vSphere_7.0_Photon_OS_v1r4.audit from DISA VMware vSphere 7.0 vCenter Appliance Photon OS v1r4 STIG | DISA STIG VMware vSphere 7.0 Photon OS v1r4 | Unix | |
| SQL2-00-008900 - SQL Server processes or services must run under custom, dedicated OS or domain accounts - 'SQL Server Distributed Replay Client' | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | ACCESS CONTROL |
| SQL2-00-009100 - A single SQL Server database connection configuration file (or a single set of credentials) must not be used to configure all database clients - or a single set of credentials must not be used to configure all clients. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SQL2-00-010600 - SQL Server must have allocated audit record storage capacity to meet the organization-defined requirements for saving audit record information. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | AUDIT AND ACCOUNTABILITY |
| SQL2-00-013700 - SQL Server must protect audit information from unauthorized modification. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SQL2-00-013800 - SQL Server must protect audit information from unauthorized deletion. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SQL2-00-014400 - SQL Server must protect the audit records generated as a result of remote access to privileged accounts and by the execution of privileged functions. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SQL2-00-015355 - Software, applications, and configuration files that are part of, or related to, the SQL Server 2012 installation must be audited. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | SYSTEM AND INFORMATION INTEGRITY |
| SQL2-00-015500 - Database software directories, including SQL Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| SQL2-00-020100 - SQL Server must protect the integrity of publicly available information and applications. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| SQL2-00-025300 - The OS must limit privileges to the SQL Server backup directories and files. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| SQL2-00-039100 - The SQL Server Browser service must be disabled if its use is not necessary. | DISA STIG SQL Server 2012 Database OS Audit v1r20 | Windows | CONFIGURATION MANAGEMENT |
| SQL4-00-011310 - Where SQL Server Audit is in use, SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited at the server level. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-012100 - SQL Server must produce Trace or Audit records containing sufficient information to establish the sources (origins) of the events - origins of the events. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-012400 - SQL Server must include organization-defined additional, more detailed information in Trace or Audit records for events identified by type, location, or subject. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-013000 - Unless it has been determined that availability is paramount, SQL Server must shut down upon the failure of an Audit, or a Trace used for auditing purposes, to include the unavailability of space for more audit/trace log records. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037600 - SQL Server must generate Trace or Audit records when unsuccessful logons or connection attempts occur - Event ID 20 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037600 - SQL Server must generate Trace or Audit records when unsuccessful logons or connection attempts occur - FAILED_LOGIN_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-037600 - SQL Server must generate Trace or Audit records when unsuccessful logons or connection attempts occur. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-038000 - SQL Server must generate Trace or Audit records when concurrent logons/connections by the same user from different workstations occur - Event ID 14 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-038000 - SQL Server must generate Trace or Audit records when concurrent logons/connections by the same user from different workstations occur - Event ID 15 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-038000 - SQL Server must generate Trace or Audit records when concurrent logons/connections by the same user from different workstations occur - Event ID 16 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-038000 - SQL Server must generate Trace or Audit records when concurrent logons/connections by the same user from different workstations occur - Event ID 17 | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-038000 - SQL Server must generate Trace or Audit records when concurrent logons/connections by the same user from different workstations occur - LOGOUT_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-038000 - SQL Server must generate Trace or Audit records when concurrent logons/connections by the same user from different workstations occur - SUCCESSFUL_LOGIN_GROUP | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL4-00-038000 - SQL Server must generate Trace or Audit records when concurrent logons/connections by the same user from different workstations occur. | DISA STIG SQL Server 2014 Instance DB Audit v2r4 | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-013400 - SQL Server must generate audit records when successful and unsuccessful attempts to add privileges/permissions occur. | DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-013600 - SQL Server must generate audit records when successful and unsuccessful attempts to modify privileges/permissions occur. | DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
| SQL6-D0-014200 - SQL Server must generate audit records when successful and unsuccessful attempts to delete privileges/permissions occur. | DISA MS SQL Server 2016 Instance STIG v3r6 MS_SQLDB | MS_SQLDB | AUDIT AND ACCOUNTABILITY |
