2.16 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databases

Information

AUTO_CLOSE determines if a given database is closed or not after a connection terminates. If enabled, subsequent connections to the given database will require the database to be reopened and relevant procedure caches to be rebuilt.

Rationale:

Because authentication of users for contained databases occurs within the database not at the server\instance level, the database must be opened every time to authenticate a user. The frequent opening/closing of the database consumes additional server resources and may contribute to a denial of service.

Solution

Execute the following T-SQL, replacing <database_name> with each database name found by the Audit Procedure:

ALTER DATABASE <database_name> SET AUTO_CLOSE OFF;

Default Value:

By default, the database property AUTO_CLOSE is OFF which is equivalent to is_auto_close_on = 0.

See Also

https://workbench.cisecurity.org/files/2945

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6, CSCv6|18, CSCv7|5.1

Plugin: MS_SQLDB

Control ID: 0aa1bf21ca0437757a94a2b85e46e461dd7b7b07fa129b2716f2c12772059b9b