DISA STIG SQL Server 2016 Instance DB Audit v3r1

Audit Details

Name: DISA STIG SQL Server 2016 Instance DB Audit v3r1

Updated: 8/28/2024

Authority: DISA STIG

Plugin: MS_SQLDB

Revision: 1.0

Estimated Item Count: 82

File Details

Filename: DISA_STIG_MSSQL_2016_Instance_Database_v3r1.audit

Size: 325 kB

MD5: 920864da19753e131f163b636a793318
SHA256: 95f8f765710a250a5780bcc17ccbd18b5ec5d7ed1f9fa4c8c5a5b54371c255dd

Audit Items

DescriptionCategories
SQL6-D0-003600 - SQL Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.

ACCESS CONTROL

SQL6-D0-003700 - SQL Server must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.

ACCESS CONTROL

SQL6-D0-003900 - SQL Server must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

ACCESS CONTROL

SQL6-D0-004100 - SQL Server must protect against a user falsely repudiating by ensuring the NT AUTHORITY SYSTEM account is not used for administration - clustering and availability

AUDIT AND ACCOUNTABILITY

SQL6-D0-004100 - SQL Server must protect against a user falsely repudiating by ensuring the NT AUTHORITY SYSTEM account is not used for administration - permissions

AUDIT AND ACCOUNTABILITY

SQL6-D0-004200 - SQL Server must protect against a user falsely repudiating by ensuring only clearly unique Active Directory user accounts can connect to the instance.

AUDIT AND ACCOUNTABILITY

SQL6-D0-004300 - SQL Server must be configured to generate audit records for DoD-defined auditable events within all DBMS/database components.

AUDIT AND ACCOUNTABILITY

SQL6-D0-004400 - SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.

AUDIT AND ACCOUNTABILITY

SQL6-D0-004600 - SQL Server must generate audit records when successful/unsuccessful attempts to retrieve privileges/permissions occur.

AUDIT AND ACCOUNTABILITY

SQL6-D0-004700 - SQL Server must initiate session auditing upon startup.

AUDIT AND ACCOUNTABILITY

SQL6-D0-005500 - SQL Server must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.

AUDIT AND ACCOUNTABILITY

SQL6-D0-005600 - SQL Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.

AUDIT AND ACCOUNTABILITY

SQL6-D0-005700 - SQL Server must be configurable to overwrite audit log records, oldest first (First-In-First-Out - FIFO), in the event of unavailability of space for more audit log records.

AUDIT AND ACCOUNTABILITY

SQL6-D0-005900 - The audit information produced by SQL Server must be protected from unauthorized access, modification, and deletion.

AUDIT AND ACCOUNTABILITY

SQL6-D0-006300 - SQL Server must protect its audit configuration from authorized and unauthorized access and modification.

AUDIT AND ACCOUNTABILITY

SQL6-D0-006500 - SQL Server must limit privileges to change software modules and links to software external to SQL Server.

CONFIGURATION MANAGEMENT

SQL6-D0-006600 - SQL Server must limit privileges to change software modules, to include stored procedures, functions and triggers, and links to software external to SQL Server.

CONFIGURATION MANAGEMENT

SQL6-D0-006900 - Default demonstration and sample databases, database objects, and applications must be removed.

CONFIGURATION MANAGEMENT

SQL6-D0-007000 - Unused database components, DBMS software, and database objects must be removed.

CONFIGURATION MANAGEMENT

SQL6-D0-007100 - Unused database components that are integrated in SQL Server and cannot be uninstalled must be disabled.

CONFIGURATION MANAGEMENT

SQL6-D0-007200 - Access to xp_cmdshell must be disabled, unless specifically required and approved.

CONFIGURATION MANAGEMENT

SQL6-D0-007300 - Access to CLR code must be disabled or restricted, unless specifically required and approved.

CONFIGURATION MANAGEMENT

SQL6-D0-007400 - Access to Non-Standard extended stored procedures must be disabled or restricted, unless specifically required and approved.

CONFIGURATION MANAGEMENT

SQL6-D0-007500 - Access to linked servers must be disabled or restricted, unless specifically required and approved.

CONFIGURATION MANAGEMENT

SQL6-D0-007800 - SQL Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-007900 - If DBMS authentication using passwords is employed, SQL Server must enforce the DOD standards for password complexity and lifetime.

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008000 - Contained databases must use Windows principals.

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008200 - If passwords are used for authentication, SQL Server must transmit only encrypted representations of passwords.

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-008800 - SQL Server must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

IDENTIFICATION AND AUTHENTICATION

SQL6-D0-009500 - SQL Server must protect the confidentiality and integrity of all information at rest.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-009600 - The Service Master Key must be backed up and stored in a secure location that is not on the SQL Server.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-009700 - The Master Key must be backed up and stored in a secure location that is not on the SQL Server.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-009800 - SQL Server must prevent unauthorized and unintended information transfer via shared system resources.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-010100 - SQL Server must reveal detailed error messages only to the ISSO, ISSM, SA, and DBA.

SYSTEM AND INFORMATION INTEGRITY

SQL6-D0-010400 - SQL Server must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

ACCESS CONTROL

SQL6-D0-010500 - Use of credentials and proxies must be restricted to necessary cases only.

ACCESS CONTROL

SQL6-D0-010900 - SQL Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

AUDIT AND ACCOUNTABILITY

SQL6-D0-011000 - SQL Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.

AUDIT AND ACCOUNTABILITY

SQL6-D0-011100 - SQL Server must provide an immediate real-time alert to appropriate support staff of all audit log failures.

AUDIT AND ACCOUNTABILITY

SQL6-D0-011400 - SQL Server must enforce access restrictions associated with changes to the configuration of the instance.

CONFIGURATION MANAGEMENT

SQL6-D0-011800 - SQL Server must produce audit records of its enforcement of access restrictions associated with changes to the configuration of SQL Server or database(s).

CONFIGURATION MANAGEMENT

SQL6-D0-011900 - SQL Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.

CONFIGURATION MANAGEMENT

SQL6-D0-012300 - SQL Server must maintain a separate execution domain for each executing process.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-012400 - SQL Server services must be configured to run under unique dedicated user accounts.

SYSTEM AND COMMUNICATIONS PROTECTION

SQL6-D0-012700 - When updates are applied to SQL Server software, any software components that have been replaced or made unnecessary must be removed.

SYSTEM AND INFORMATION INTEGRITY

SQL6-D0-012800 - Security-relevant software updates to SQL Server must be installed within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).

SYSTEM AND INFORMATION INTEGRITY

SQL6-D0-012900 - SQL Server must be able to generate audit records when successful and unsuccessful attempts to access security objects occur.

AUDIT AND ACCOUNTABILITY

SQL6-D0-013200 - SQL Server must generate audit records when successful and unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur.

AUDIT AND ACCOUNTABILITY

SQL6-D0-013400 - SQL Server must generate audit records when successful and unsuccessful attempts to add privileges/permissions occur.

AUDIT AND ACCOUNTABILITY

SQL6-D0-013600 - SQL Server must generate audit records when successful and unsuccessful attempts to modify privileges/permissions occur.

AUDIT AND ACCOUNTABILITY