2.15 Ensure 'AUTO_CLOSE' is set to 'OFF' on contained databases

Information

AUTO_CLOSE determines if a given database is closed or not after a connection terminates. If enabled, subsequent connections to the given database will require the database to be reopened and relevant procedure caches to be rebuilt.

Because authentication of users for contained databases occurs within the database not at the server\instance level, the database must be opened every time to authenticate a user. The frequent opening/closing of the database consumes additional server resources and may contribute to a denial of service.

Solution

Execute the following T-SQL, replacing

<database_name>

with each database name found by the Audit Procedure:

ALTER DATABASE <database_name> SET AUTO_CLOSE OFF;

See Also

https://workbench.cisecurity.org/benchmarks/14058

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION

References: 800-53|CM-2, 800-53|CM-6, 800-53|CM-7, 800-53|CM-7(1), 800-53|CM-9, 800-53|SA-3, 800-53|SA-8, 800-53|SA-10, CSCv7|5.1

Plugin: MS_SQLDB

Control ID: a55cab3c8e4dc55444841ecd5962666227ccc5ed0702d7d5ff49870ec4f8ce53