SQL4-00-010200 - SQL Server default account [sa] must have its name changed.

Information

SQL Server's [sa] account has special privileges required to administer the database. The [sa] account is a well-known SQL Server account name and is likely to be targeted by attackers, and is thus more prone to providing unauthorized access to the database.

Since the SQL Server [sa] is administrative in nature, the compromise of a default account can have catastrophic consequences, including the complete loss of control over SQL Server. Since SQL Server needs for this account to exist and it should not be removed, one way to mitigate this risk is to change the [sa] account name.

Solution

Modify the SQL Server's [sa] (system administrator) account by running the following script:

USE master;
GO
ALTER LOGIN [sa] WITH NAME = <new name>;
GO

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2014_Y24M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7a., CAT|III, CCI|CCI-000381, Rule-ID|SV-213809r960963_rule, STIG-ID|SQL4-00-010200, STIG-Legacy|SV-82345, STIG-Legacy|V-67855, Vuln-ID|V-213809

Plugin: MS_SQLDB

Control ID: 000c7f98865b237836b07de1f9ce2f906f8840e02bb1d6d4967124901d2c0ad4