SQL2-00-017300 - SQL Server must specifically prohibit or restrict the use of unauthorized functions and services in each instance.

Information

SQL Server is capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizational operations (e.g., key missions, functions).

Additionally, it is sometimes convenient to provide multiple services from a single component of an information system (e.g., email and web services), but doing so increases risk over limiting the services provided by any one component.

Solution

To remove a function from SQL Server, run the following SQL Script:
DROP FUNCTION <'function name'>

To remove a Stored Procedure from SQL Server, run the following SQL Script:
DROP PROCEDURE <'stored procedure name'>

If the user-defined Stored Procedures and Functions need to remain available, but access needs to be more restricted, then the user-defined Stored Procedures and Functions should be moved to a separate schema or database that has more restrictive access.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2012_V1R20_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b., CAT|II, CCI|CCI-000382, Rule-ID|SV-53288r3_rule, STIG-ID|SQL2-00-017300, Vuln-ID|V-40934

Plugin: MS_SQLDB

Control ID: cf1025217b943a513a720ddecf48f537cde9df02be601cdfa79205ce48f0db36