Detections
Analytics

DISA STIG SQL Server 2005 Database OS Audit v1r7

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG SQL Server 2005 Database OS Audit v1r7

Updated: 2/1/2017

Authority: DISA STIG

Plugin: Windows

Revision: 1.3

Estimated Item Count: 68

Audit Items

DescriptionCategories
DG0005: DBMS administration OS accounts
DG0009: DBMS software library permissions - 'SQL Server program file permissions are configured'
DG0012: DBMS software storage location
DG0019: DBMS software ownership
DG0032: DBMS audit record access - 'MSSQL.1\MSSQL\LOG directory permissions are configured'
DG0032: DBMS audit record access - 'MSSQL.1\MSSQL\LOG\SQLAGENT.OUT permissions are configured'
DG0032: DBMS audit record access - 'MSSQL\Log directory permissions are configured'
DG0032: DBMS audit record access - 'OLAP\Log directory permissions are configured'
DG0032: DBMS audit record access - 'Reporting Services\LogFiles directory permissions are configured'
DG0050: DBMS software and configuration file monitoring
DG0064: DBMS backup and restoration file protection
DG0101: DBMS external procedure OS account privileges
DG0102: DBMS services dedicated custom account - 'SQL Server Active Directory Helper uses a custom account'
DG0102: DBMS services dedicated custom account - 'SQL Server Agent uses a custom account'
DG0102: DBMS services dedicated custom account - 'SQL Server Analysis Services uses a custom account'
DG0102: DBMS services dedicated custom account - 'SQL Server Browser uses a custom account'
DG0102: DBMS services dedicated custom account - 'SQL Server FullText Search uses a custom account'
DG0102: DBMS services dedicated custom account - 'SQL Server Integration Services uses a custom account'
DG0102: DBMS services dedicated custom account - 'SQL Server Reporting Services uses a custom account'
DG0102: DBMS services dedicated custom account - 'SQL Server VSS Writer uses a custom account'
DG0104: DBMS service identification - 'Review database names for compliance with naming standards'
DG0109: DBMS dedicated host - 'Review services running on the SQL host'
DG0110: DBMS host shared with a security service - 'SQL Host is not a domain controller'
DG0111: DBMS dedicated software directories - 'SQLProgramDir is properly configured'
DG0133: DBMS Account lock time - 'Account Lockout Duration = 0'
DG0140: DBMS security data access
DG0151: DBMS random port use - 'msmdsrv.ini <Port> is not set to 0'
DG0152: DBMS network port, protocol and services (PPS) use - 'TCPDynamicPorts = NULL'
DG0152: DBMS network port, protocol and services (PPS) use - 'TcpPort = 1433 or 1434'
DG0167: Encryption of DBMS sensitive data in transit - 'ForceEncryption = 1'
DG0176: DBMS audit log backups
DG0187: DBMS software file backups
DM0919: SQL Server services Windows group membership - 'msdtsserver'
DM0919: SQL Server services Windows group membership - 'msftesql'
DM0919: SQL Server services Windows group membership - 'mssqlserver'
DM0919: SQL Server services Windows group membership - 'mssqlserveradhelper'
DM0919: SQL Server services Windows group membership - 'mssqlserverolapservice'
DM0919: SQL Server services Windows group membership - 'sqlbrowser'
DM0919: SQL Server services Windows group membership - 'sqlserveragent'
DM0919: SQL Server services Windows group membership - 'sqlwriter'
DM0920: Custom OS DBA group - 'DBA group exists'
DM0921: DBA OS privilege assignment - 'DBA group members'
DM0924: SQL Server service account - 'SQL Service Account != LocalSystem, Local Service or Network Service'
DM0927: SQL Server registry keys permissions - 'HKLM\SOFTWARE\Microsoft\Microsoft SQL Server permissions are configured'
DM0927: SQL Server registry keys permissions - 'HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\RS permissions'
DM0927: SQL Server registry keys permissions - 'HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\MSSearch permissions'
DM0927: SQL Server registry keys permissions - 'HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\SQLServerAgent permissions'
DM0928: SQL Server component service account user rights
DM0929: Integration services OS account least privilege
DM0933: SQL Server Agent account user rights