2.16 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databases

Information

AUTO_CLOSE determines if a given database is closed or not after a connection terminates. If enabled, subsequent connections to the given database will require the database to be reopened and relevant procedure caches to be rebuilt.

Rationale:

Because authentication of users for contained databases occurs within the database not at the server\instance level, the database must be opened every time to authenticate a user. The frequent opening/closing of the database consumes additional server resources and may contribute to a denial of service.

Solution

Execute the following T-SQL, replacing <database_name> with each database name found by the Audit Procedure:

ALTER DATABASE <database_name> SET AUTO_CLOSE OFF;

Default Value:

By default, the database property AUTO_CLOSE is OFF which is equivalent to is_auto_close_on = 0.

See Also

https://workbench.cisecurity.org/benchmarks/7202

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-1, 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: MS_SQLDB

Control ID: e304e506e33acbb8eb263ab4d2c4cc3eda7cac210b6cd6eff7cca1b67a1caac2