SQL6-D0-010500 - Use of credentials and proxies must be restricted to necessary cases only.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


In certain situations, to provide required functionality, a DBMS needs to execute internal logic (stored procedures, functions, triggers, etc.) and/or external code modules with elevated privileges. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking the functionality applications/programs, those users are indirectly provided with greater privileges than assigned by organizations.

Privilege elevation must be utilized only where necessary and protected from misuse.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.


Remove any SQL Agent Proxy accounts and credentials that are not authorized.

DROP CREDENTIAL <Credential Name>

USE [msdb]
EXEC sp_delete_proxy @proxy_name = '<Proxy Name>'

See Also


Item Details

References: CAT|II, CCI|CCI-002233, Rule-ID|SV-213980r879719_rule, STIG-ID|SQL6-D0-010500, STIG-Legacy|SV-93927, STIG-Legacy|V-79221, Vuln-ID|V-213980

Plugin: MS_SQLDB

Control ID: 241b33b48bc73592941203a8109f2cd2cd8fd4a2b7a3791e783c82683e697f77