CIS SQL Server 2012 Database L1 AWS RDS v1.6.0

Audit Details

Name: CIS SQL Server 2012 Database L1 AWS RDS v1.6.0

Updated: 6/17/2024

Authority: CIS

Plugin: MS_SQLDB

Revision: 1.1

Estimated Item Count: 33

File Details

Filename: CIS_Microsoft_SQL_Server_2012_Database_v1.6.0_Level_1_AWS_RDS_Database.audit

Size: 79.5 kB

MD5: 6edd4bcd2c06b174c19255a15e21a190
SHA256: 86a92b1c1d5ff288e1aa8adbc81728147f1c2dc8c06501a3fd1617bdd7fe538b

Audit Items

DescriptionCategories
1.1 Ensure Latest SQL Server Service Packs and Hotfixes are Installed

CONFIGURATION MANAGEMENT

2.1 Ensure 'Ad Hoc Distributed Queries' Server Configuration Option is set to '0'

SYSTEM AND INFORMATION INTEGRITY

2.2 Ensure 'CLR Enabled' Server Configuration Option is set to '0'

CONFIGURATION MANAGEMENT

2.3 Ensure 'Cross DB Ownership Chaining' Server Configuration Option is set to '0'

ACCESS CONTROL

2.4 Ensure 'Database Mail XPs' Server Configuration Option is set to '0'

SYSTEM AND INFORMATION INTEGRITY

2.5 Ensure 'Ole Automation Procedures' Server Configuration Option is set to '0'

CONFIGURATION MANAGEMENT

2.6 Ensure 'Remote Access' Server Configuration Option is set to '0'

SYSTEM AND INFORMATION INTEGRITY

2.7 Ensure 'Remote Admin Connections' Server Configuration Option is set to '0'

SYSTEM AND INFORMATION INTEGRITY

2.8 Ensure 'Scan For Startup Procs' Server Configuration Option is set to '0'

CONFIGURATION MANAGEMENT

2.11 Ensure SQL Server is configured to use non-standard ports

SYSTEM AND INFORMATION INTEGRITY

2.13 Ensure 'sa' Login Account is set to 'Disabled'

ACCESS CONTROL

2.14 Ensure 'sa' Login Account has been renamed

CONFIGURATION MANAGEMENT

2.15 Ensure 'xp_cmdshell' Server Configuration Option is set to '0'

SYSTEM AND INFORMATION INTEGRITY

2.16 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databases

CONFIGURATION MANAGEMENT

2.17 Ensure no login exists with the name 'sa'

CONFIGURATION MANAGEMENT

3.1 Ensure 'Server Authentication' Property is set to 'Windows Authentication Mode'

IDENTIFICATION AND AUTHENTICATION

3.2 Ensure CONNECT permissions on the 'guest user' is Revoked within all SQL Server databases excluding the master, msdb and tempdb

ACCESS CONTROL

3.3 Ensure 'Orphaned Users' are Dropped From SQL Server Databases

ACCESS CONTROL

3.4 Ensure SQL Authentication is not used in contained databases

IDENTIFICATION AND AUTHENTICATION

3.8 Ensure only the default permissions specified by Microsoft are granted to the public server role

ACCESS CONTROL

3.9 Ensure Windows BUILTIN groups are not SQL Logins

ACCESS CONTROL

3.10 Ensure Windows local groups are not SQL Logins

ACCESS CONTROL

4.2 Ensure 'CHECK_EXPIRATION' Option is set to 'ON' for All SQL Authenticated Logins Within the Sysadmin Role

ACCESS CONTROL

4.3 Ensure 'CHECK_POLICY' Option is set to 'ON' for All SQL Authenticated Logins

IDENTIFICATION AND AUTHENTICATION

5.1 Ensure 'Maximum number of error log files' is set to greater than or equal to '12'

AUDIT AND ACCOUNTABILITY

5.2 Ensure 'Default Trace Enabled' Server Configuration Option is set to '1'

AUDIT AND ACCOUNTABILITY

5.3 Ensure 'Login Auditing' is set to 'failed logins'

ACCESS CONTROL

5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'AUDIT_CHANGE_GROUP'

AUDIT AND ACCOUNTABILITY

5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'FAILED_LOGIN_GROUP'

AUDIT AND ACCOUNTABILITY

5.4 Ensure 'SQL Server Audit' is set to capture both 'failed' and 'successful logins' - 'SUCCESSFUL_LOGIN_GROUP'

AUDIT AND ACCOUNTABILITY

6.2 Ensure 'CLR Assembly Permission Set' is set to 'SAFE_ACCESS' for All CLR Assemblies

CONFIGURATION MANAGEMENT

7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases

SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure Asymmetric Key Size is set to' greater than or equal to 2048' in non-system databases

SYSTEM AND COMMUNICATIONS PROTECTION