SQL6-D0-003800 - SQL Server must be configured to utilize the most-secure authentication method available.

CAT|II

CCI|CCI-000015

Rule-ID|SV-213931r810825_rule

STIG-ID|SQL6-D0-003800

STIG-Legacy|SV-93829

STIG-Legacy|V-79123

Vuln-ID|V-213931

SQL6-D0-004000 - SQL Server must protect against a user falsely repudiating by ensuring all accounts are individual, unique, and not shared.

CCI|CCI-000166

Rule-ID|SV-213933r754576_rule

STIG-ID|SQL6-D0-004000

STIG-Legacy|SV-93833

STIG-Legacy|V-79127

Vuln-ID|V-213933

SQL6-D0-006700 - SQL Server software installation account must be restricted to authorized users.

CAT|I

CCI|CCI-001499

Rule-ID|SV-213952r822457_rule

STIG-ID|SQL6-D0-006700

STIG-Legacy|SV-93873

STIG-Legacy|V-79167

Vuln-ID|V-213952

SQL6-D0-006800 - Database software, including DBMS configuration files, must be stored in dedicated directories, separate from the host OS and other applications.

Rule-ID|SV-213953r754597_rule

STIG-ID|SQL6-D0-006800

STIG-Legacy|SV-93875

STIG-Legacy|V-79169

Vuln-ID|V-213953

SQL6-D0-007600 - SQL Server must be configured to prohibit or restrict the use of organization-defined protocols as defined in the PPSM CAL and vulnerability assessments.

CCI|CCI-000382

Rule-ID|SV-213961r754605_rule

STIG-ID|SQL6-D0-007600

STIG-Legacy|SV-93891

STIG-Legacy|V-79185

Vuln-ID|V-213961

SQL6-D0-007700 - SQL Server must be configured to prohibit or restrict the use of organization-defined ports, as defined in the PPSM CAL and vulnerability assessments.

Rule-ID|SV-213962r754606_rule

STIG-ID|SQL6-D0-007700

STIG-Legacy|SV-93893

STIG-Legacy|V-79187

Vuln-ID|V-213962

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 2.0 Client DisabledByDefault

CCI|CCI-000197

Rule-ID|SV-213967r822462_rule

STIG-ID|SQL6-D0-008300

STIG-Legacy|SV-106625

STIG-Legacy|V-97521

Vuln-ID|V-213967

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 2.0 Client Enabled

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 2.0 Server DisabledByDefault

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 2.0 Server Enabled

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 3.0 Client DisabledByDefault

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 3.0 Client Enabled

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 3.0 Server DisabledByDefault

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - SSL 3.0 Server Enabled

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.0 Client DisabledByDefault

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.0 Client Enabled

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.0 Server DisabledByDefault

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.0 Server Enabled

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.1 Client DisabledByDefault

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.1 Client Enabled

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.1 Server DisabledByDefault

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.1 Server Enabled

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.2 Client DisabledByDefault

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.2 Client Enabled

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.2 Server DisabledByDefault

SQL6-D0-008300 - Confidentiality of information during transmission is controlled through the use of an approved TLS version - TLS 1.2 Server Enabled

SQL6-D0-008400 - SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server.

CCI|CCI-000186

Rule-ID|SV-213968r754613_rule

STIG-ID|SQL6-D0-008400

STIG-Legacy|SV-93903

STIG-Legacy|V-79197

Vuln-ID|V-213968

SQL6-D0-008700 - SQL Server must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.

CCI|CCI-000803

Rule-ID|SV-213969r822465_rule

STIG-ID|SQL6-D0-008700

STIG-Legacy|SV-93905

STIG-Legacy|V-79199

Vuln-ID|V-213969

SQL6-D0-009200 - SQL Server must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

CCI|CCI-001188

Rule-ID|SV-213971r754616_rule

STIG-ID|SQL6-D0-009200

STIG-Legacy|SV-93909

STIG-Legacy|V-79203

Vuln-ID|V-213971

SQL6-D0-009900 - SQL Server must prevent unauthorized and unintended information transfer via shared system resources.

CCI|CCI-001090

Rule-ID|SV-213976r754621_rule

STIG-ID|SQL6-D0-009900

STIG-Legacy|SV-93919

STIG-Legacy|V-79213

Vuln-ID|V-213976

SQL6-D0-010000 - Access to database files must be limited to relevant processes and to authorized, administrative users.

Rule-ID|SV-213977r754622_rule

STIG-ID|SQL6-D0-010000

STIG-Legacy|SV-93921

STIG-Legacy|V-79215

Vuln-ID|V-213977

SQL6-D0-011200 - SQL Server must record time stamps in audit records and application data that can be mapped to Coordinated Universal Time (UTC, formerly GMT).

CCI|CCI-001890

Rule-ID|SV-213986r754632_rule

STIG-ID|SQL6-D0-011200

STIG-Legacy|SV-93939

STIG-Legacy|V-79233

Vuln-ID|V-213986

SQL6-D0-011500 - Windows must enforce access restrictions associated with changes to the configuration of the SQL Server instance.

CCI|CCI-001813

Rule-ID|SV-213988r754634_rule

STIG-ID|SQL6-D0-011500

STIG-Legacy|SV-93943

STIG-Legacy|V-79237

Vuln-ID|V-213988

SQL6-D0-015600 - SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to provision digital signatures.

CCI|CCI-002450

Rule-ID|SV-214022r754667_rule

STIG-ID|SQL6-D0-015600

STIG-Legacy|SV-94011

STIG-Legacy|V-79305

Vuln-ID|V-214022

SQL6-D0-015700 - SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to generate and validate cryptographic hashes.

Rule-ID|SV-214023r754668_rule

STIG-ID|SQL6-D0-015700

STIG-Legacy|SV-94013

STIG-Legacy|V-79307

Vuln-ID|V-214023

SQL6-D0-015800 - SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements.

Rule-ID|SV-214024r754669_rule

STIG-ID|SQL6-D0-015800

STIG-Legacy|SV-94015

STIG-Legacy|V-79309

Vuln-ID|V-214024

SQL6-D0-016000 - SQL Server must configure Customer Feedback and Error Reporting - CustomerFeedback

CCI|CCI-000366

Rule-ID|SV-214026r754671_rule

STIG-ID|SQL6-D0-016000

STIG-Legacy|SV-94019

STIG-Legacy|V-79313

Vuln-ID|V-214026

SQL6-D0-016000 - SQL Server must configure Customer Feedback and Error Reporting - EnableErrorReporting

SQL6-D0-016100 - SQL Server must configure SQL Server Usage and Error Reporting Auditing - permissions

Rule-ID|SV-214027r754672_rule

STIG-ID|SQL6-D0-016100

STIG-Legacy|SV-94021

STIG-Legacy|V-79315

Vuln-ID|V-214027

SQL6-D0-016100 - SQL Server must configure SQL Server Usage and Error Reporting Auditing - SQLTELEMETRY

SQL6-D0-016100 - SQL Server must configure SQL Server Usage and Error Reporting Auditing - SSASTELEMETRY

SQL6-D0-017800 - The SQL Server Browser service must be disabled unless specifically required and approved.

Detections

Analytics

DISA STIG SQL Server 2016 Instance OS Audit v2r7

Warning! Audit Deprecated

Audit Details

Audit Changelog

Revision 1.3

Miscellaneous

Revision 1.2

Miscellaneous

Revision 1.1

Miscellaneous

Added

Revision 1.0

Miscellaneous