SQL6-D0-009900 - SQL Server must prevent unauthorized and unintended information transfer via Instant File Initialization (IFI).

Information

The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on behalf of a prior user/role) from being available to any current user/role (or current process) that obtains access to a shared system resource (e.g., registers, main memory, secondary storage) after the resource has been released back to the information system. Control of information in shared resources is also referred to as object reuse.

When Instant File Initialization (IFI) is in use, the deleted disk content is overwritten only as new data is written to the files. For this reason, the deleted content might be accessed by an unauthorized principal until some other data writes on that specific area of the data file.

Solution

If IFI is not documented as being required, disable instant file initialization for the instance of SQL Server by removing the SQL Service SID and/or service account from the 'Perform volume maintenance tasks' Local Rights Assignment.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MS_SQL_Server_2016_Y24M04_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001090, Rule-ID|SV-213976r951670_rule, STIG-ID|SQL6-D0-009900, STIG-Legacy|SV-93919, STIG-Legacy|V-79213, Vuln-ID|V-213976

Plugin: Windows

Control ID: ede90a98c9ece9bf58d4c4bb942edbc14229df23ed7f56950a40eb0876e4314e