You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add code to the following controls for baseline V3R2:
SV-213929 - SQL Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.
SV-213931 - SQL Server must be configured to utilize the most-secure authentication method available.
SV-213933 - SQL Server must protect against a user falsely repudiating by ensuring all accounts are individual, unique, and not shared.
SV-213934 - SQL Server must protect against a user falsely repudiating by ensuring the NT AUTHORITY SYSTEM account is not used for administration.
SV-213935 - SQL Server must protect against a user falsely repudiating by ensuring only clearly unique Active Directory user accounts can connect to the instance.
SV-213936 - SQL Server must be configured to generate audit records for DoD-defined auditable events within all DBMS/database components.
SV-213940 - SQL Server must initiate session auditing upon startup.
SV-213942 - SQL Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.
SV-213943 - SQL Server must be configurable to overwrite audit log records, oldest first (First-In-First-Out - FIFO), in the event of unavailability of space for more audit log records.
SV-213944 - The audit information produced by SQL Server must be protected from unauthorized access, modification, and deletion.
SV-213948 - SQL Server must protect its audit configuration from authorized and unauthorized access and modification.
**SV-213950*8 - SQL Server must limit privileges to change software modules and links to software external to SQL Server.
SV-213951 - SQL Server must limit privileges to change software modules, to include stored procedures, functions and triggers, and links to software external to SQL Server.
SV-213954 - Default demonstration and sample databases, database objects, and applications must be removed.
SV-213955 - Unused database components, DBMS software, and database objects must be removed.
SV-213958 - Access to CLR code must be disabled or restricted, unless specifically required and approved.
SV-213959 - Access to Non-Standard extended stored procedures must be disabled or restricted, unless specifically required and approved.
SV-213960 - Access to linked servers must be disabled or restricted, unless specifically required and approved.
SV-213961 - SQL Server must be configured to prohibit or restrict the use of organization-defined protocols as defined in the PPSM CAL and vulnerability assessments.
SV-213962 - SQL Server must be configured to prohibit or restrict the use of organization-defined ports, as defined in the PPSM CAL and vulnerability assessments.
SV-213964 - If DBMS authentication using passwords is employed, SQL Server must enforce the DoD standards for password complexity and lifetime.
SV-213965 - Contained databases must use Windows principals.
SV-213966 - If passwords are used for authentication, SQL Server must transmit only encrypted representations of passwords.
SV-213967 - Confidentiality of information during transmission is controlled through the use of an approved TLS version.
SV-213968 - SQL Server must enforce authorized access to all PKI private keys stored/utilized by SQL Server.
SV-213971 - SQL Server must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.
SV-213972 - SQL Server must protect the confidentiality and integrity of all information at rest.
SV-213974 - The Master Key must be backed up, stored offline and off-site.
SV-213975 - SQL Server must prevent unauthorized and unintended information transfer via shared system resources.
SV-213976 - SQL Server must prevent unauthorized and unintended information transfer via Instant File Initialization (IFI).
SV-213978 - SQL Server must reveal detailed error messages only to the ISSO, ISSM, SA, and DBA.
SV-213980 - Use of credentials and proxies must be restricted to necessary cases only.
SV-213982 - SQL Server must provide centralized configuration of the content to be captured in audit records generated by all components of SQL Server.
SV-213986 - SQL Server must record time stamps in audit records and application data that can be mapped to Coordinated Universal Time (UTC, formerly GMT).
SV-213987 - SQL Server must enforce access restrictions associated with changes to the configuration of the instance.
SV-213990 - SQL Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
SV-213991 - SQL Server must maintain a separate execution domain for each executing process.
SV-213992 - SQL Server services must be configured to run under unique dedicated user accounts.
SV-213993 - When updates are applied to SQL Server software, any software components that have been replaced or made unnecessary must be removed.
SV-213998 - SQL Server must generate audit records when successful and unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur.
SV-214002 - SQL Server must generate audit records when successful and unsuccessful attempts to modify privileges/permissions occur.
SV-214004 - SQL Server must generate audit records when successful and unsuccessful attempts to modify security objects occur.
SV-214006 - SQL Server must generate audit records when successful and unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur.
SV-214010 - SQL Server must generate audit records when successful and unsuccessful attempts to delete security objects occur.
SV-214012 - SQL Server must generate audit records when successful and unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur.
SV-214017 - SQL Server must generate audit records showing starting and ending time for user access to the database(s).
SV-214020 - SQL Server must generate audit records when successful and unsuccessful accesses to objects occur.
SV-214021 - SQL Server must generate audit records for all direct access to the database(s).
SV-214022 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures.
SV-214023 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes.
SV-214024 - SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements.
SV-214026 - SQL Server must configure Customer Feedback and Error Reporting.
SV-214027 - SQL Server must configure SQL Server Usage and Error Reporting Auditing.
SV-214030 - Execution of startup stored procedures must be restricted to necessary cases only.
SV-214031 - SQL Server Mirroring endpoint must utilize AES encryption.
SV-214032 - SQL Server Service Broker endpoint must utilize AES encryption.
SV-214033 - SQL Server execute permissions to access the registry must be revoked, unless specifically required and approved.
SV-214034 - Filestream must be disabled, unless specifically required and approved.
SV-214035 - Ole Automation Procedures feature must be disabled, unless specifically required and approved.
SV-214036 - SQL Server User Options feature must be disabled, unless specifically required and approved.
SV-214037 - Remote Access feature must be disabled, unless specifically required and approved.
SV-214038 - Hadoop Connectivity feature must be disabled, unless specifically required and approved.
SV-214039 - Allow Polybase Export feature must be disabled, unless specifically required and approved.
SV-214040 - Remote Data Archive feature must be disabled, unless specifically required and approved.
SV-214041 - SQL Server External Scripts Enabled feature must be disabled, unless specifically required and approved.
SV-214042 - The SQL Server Browser service must be disabled unless specifically required and approved.
SV-214043 - SQL Server Replication Xps feature must be disabled, unless specifically required and approved.
SV-214044 - If the SQL Server Browser Service is specifically required and approved, SQL instances must be hidden.
Add code to the following controls for baseline V3R2:
List of controls:
SV-213929, SV-213931, SV-213933, SV-213934, SV-213935, SV-213936, SV-213940, SV-213942, SV-213943, SV-213944
SV-213948, SV-213950, SV-213951, SV-213954, SV-213955, SV-213958, SV-213959, SV-213960, SV-213961, SV-213962
SV-213964, SV-213965, SV-213966, SV-213967, SV-213968, SV-213971, SV-213972, SV-213974, SV-213975, SV-213976
SV-213978, SV-213980, SV-213982, SV-213986, SV-213987, SV-213990, SV-213991, SV-213992, SV-213993, SV-213998
SV-214002, SV-214004, SV-214006, SV-214010, SV-214012, SV-214017, SV-214020, SV-214021, SV-214022, SV-214023
SV-214024, SV-214026, SV-214027, SV-214030, SV-214031, SV-214032, SV-214033, SV-214034, SV-214035, SV-214036
SV-214037, SV-214038, SV-214039, SV-214040, SV-214041, SV-214042, SV-214043, SV-214044
The text was updated successfully, but these errors were encountered: