How To STIG SQL Server 2016

[UPDATE 4/16/18]: I have started a series of blog posts that will address, “How to STIG SQL Server 2016.” The first in this series can be found here.

I was recently asked about STIG’ing a database server running SQL Server 2016. I checked DISA’s website and, to my surprise, they have not yet released an official STIG checklist for SQL Server 2016. The latest edition they have a STIG for is SQL Server 2014. Continue reading “How To STIG SQL Server 2016”

V-40951 – SQL Server 2012 Database Instance DISA STIGs

If you have any additional questions that aren’t addressed in the blog, feel free to contact me. I’d be more than happy to help you out!

V-40951

Title: “SQL Server must support the organizational requirement to employ automated mechanisms for enforcing access restrictions.”

Severity = Medium

Details = Obtain the SQL Server software library installation directory location. Continue reading “V-40951 – SQL Server 2012 Database Instance DISA STIGs”

V-40950 – SQL Server 2012 Database Instance DISA STIGs

If you have any additional questions that aren’t addressed in the blog, feel free to contact me. I’d be more than happy to help you out!

V-40950

Title: “SQL Server must support the employment of automated mechanisms supporting the auditing of the enforcement actions.”

Severity = Medium

Details = Verify that Files and Folders that are part of the SQL Server 2012 Installation have auditing enabled. Continue reading “V-40950 – SQL Server 2012 Database Instance DISA STIGs”

V-43196 – SQL Server 2012 Database Instance DISA STIGs

If you have any additional questions that aren’t addressed in the blog, feel free to contact me. I’d be more than happy to help you out!

V-43196

Title: “Domain accounts used to manage a SQL Server platform must be different from those used to manage other platforms.”

Severity = Medium

Details = Determine the accounts being used to manage the SQL Server operating system. Determine whether the same accounts are being used to manage other platforms. If the same account is used to manage more than one platform, this is a finding. Continue reading “V-43196 – SQL Server 2012 Database Instance DISA STIGs”

V-40948 – SQL Server 2012 Database Instance DISA STIGs

If you have any additional questions that aren’t addressed in the blog, feel free to contact me. I’d be more than happy to help you out!

V-40948

Title: “Software, applications, and configuration files that are part of, or related to, the SQL Server 2012 installation must be monitored to discover unauthorized changes.”

Severity = High

Details = Verify that files and folders that are part of, or related to, the SQL Server 2012 installation have only the appropriate privileges. Continue reading “V-40948 – SQL Server 2012 Database Instance DISA STIGs”

V-40945 – SQL Server 2012 Database Instance DISA STIGs

If you have any additional questions that aren’t addressed in the blog, feel free to contact me. I’d be more than happy to help you out!

V-40945

Title: “Vendor-supported software and patches must be evaluated and patched against newly found vulnerabilities.”

Severity = High

Details = Check Microsoft’s list of supported SQL Server versions http://www.microsoft.com/sqlserver/en/us/support/support-updates.aspx Continue reading “V-40945 – SQL Server 2012 Database Instance DISA STIGs”

V-40941 – SQL Server 2012 Database Instance DISA STIGs

If you have any additional questions that aren’t addressed in the blog, feel free to contact me. I’d be more than happy to help you out!

V-40941

Title: “SQL Server must have the SQL Server Data Tools (SSDT) software component removed from SQL Server if SSDT is unused.”

Severity = High

Details = Review the list of components and features installed with the database. Using an account with System Administrator privileges, from Command Prompt, open control.exe. Continue reading “V-40941 – SQL Server 2012 Database Instance DISA STIGs”

V-40932 – SQL Server 2012 Database Instance DISA STIGs

If you have any additional questions that aren’t addressed in the blog, feel free to contact me. I’d be more than happy to help you out!

V-40932

Title: “SQL Server must recover to a known state that is verifiable.”

Severity = High

Details = Obtain the SQL Server recovery procedures and technical system features to determine if mechanisms exist and are in place to specify use of trusted files during SQL Server recovery. Continue reading “V-40932 – SQL Server 2012 Database Instance DISA STIGs”

V-40907 – SQL Server 2012 Database Instance DISA STIGs

If you have any additional questions that aren’t addressed in the blog, feel free to contact me. I’d be more than happy to help you out!

V-40907

Title: “SQL Server must employ cryptographic mechanisms preventing the unauthorized disclosure of information during transmission, unless the transmitted data is otherwise protected by alternative physical measures.”

Severity = High

Details = From Command Prompt, open SQL Server Configuration Manager by typing sqlservermanager11.msc, and pressing [ENTER]. Continue reading “V-40907 – SQL Server 2012 Database Instance DISA STIGs”