SQL6-D0-000600 - SQL Server must protect against a user falsely repudiating by ensuring databases are not in a trust relationship.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Non-repudiation of actions taken is required in order to maintain data integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message.

Non-repudiation protects against later claims by a user of not having created, modified, or deleted a particular data item or collection of data in the database.

SQL Server provides the ability for high privileged accounts to impersonate users in a database using the TRUSTWORTHY feature. This will allow members of the fixed database role to impersonate any user within the database.

Solution

Disable trustworthy on the database.

ALTER DATABASE [<database name>] SET TRUSTWORTHY OFF

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2016_Y23M07_STIG.zip

Item Details

References: CAT|I, CCI|CCI-000166, Rule-ID|SV-213904r879554_rule, STIG-ID|SQL6-D0-000600, STIG-Legacy|SV-93777, STIG-Legacy|V-79071, Vuln-ID|V-213904

Plugin: MS_SQLDB

Control ID: 00764c11492b3540b9d3aeda610886fd1c6200ebe2e4d4f456d8214e9a2e85a3