MS SQL Server 2014 Database Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
When invalid inputs are received, SQL Server must behave in a predictable and documented manner that reflects organizational and system objectives.
<VulnDiscussion>A common vulnerability is unplanned behavior when invalid inputs are received. This requirement guards against adverse or uni...Rule Medium Severity -
SRG-APP-000494-DB-000344
<GroupDescription></GroupDescription>Group -
Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is accessed.
<VulnDiscussion>Changes in categorized information must be tracked. Without an audit trail, unauthorized access to protected data could go un...Rule Medium Severity -
SRG-APP-000494-DB-000345
<GroupDescription></GroupDescription>Group -
Trace or Audit records must be generated when unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur.
<VulnDiscussion>Changes in categorized information must be tracked. Without an audit trail, unauthorized access to protected data could go un...Rule Medium Severity -
SRG-APP-000495-DB-000328
<GroupDescription></GroupDescription>Group -
SQL Server must generate Trace or Audit records when privileges/permissions are modified via locally-defined security objects.
<VulnDiscussion>Changes in the permissions, privileges, and roles granted to users and roles must be tracked. Without an audit trail, unautho...Rule Medium Severity -
SRG-APP-000495-DB-000329
<GroupDescription></GroupDescription>Group -
SQL Server must generate Trace or Audit records when unsuccessful attempts to modify privileges/permissions via locally-defined security objects occur.
<VulnDiscussion>Failed attempts to change the permissions, privileges, and roles granted to users and roles must be tracked. Without an audit...Rule Medium Severity -
SRG-APP-000496-DB-000334
<GroupDescription></GroupDescription>Group -
SQL Server must generate Trace or Audit records when locally-defined security objects are modified.
<VulnDiscussion>SQL Server protects its built-in security objects (tables, views, functions, procedures, etc.) from alteration by database us...Rule Medium Severity -
SRG-APP-000507-DB-000357
<GroupDescription></GroupDescription>Group -
SQL Server must generate Trace or Audit records when unsuccessful accesses to designated objects occur.
<VulnDiscussion>Without tracking all or selected types of access to all or selected objects (tables, views, procedures, functions, etc.), it ...Rule Medium Severity -
SRG-APP-000507-DB-000356
<GroupDescription></GroupDescription>Group -
SRG-APP-000502-DB-000349
<GroupDescription></GroupDescription>Group -
Trace or Audit records must be generated when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur.
<VulnDiscussion>Changes in categorized information must be tracked. Without an audit trail, unauthorized access to protected data could go un...Rule Medium Severity -
SRG-APP-000502-DB-000348
<GroupDescription></GroupDescription>Group -
Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is deleted.
<VulnDiscussion>Changes in categorized information must be tracked. Without an audit trail, unauthorized access to protected data could go un...Rule Medium Severity -
SRG-APP-000501-DB-000337
<GroupDescription></GroupDescription>Group -
SQL Server must generate Trace or Audit records when unsuccessful attempts to drop locally-defined security objects occur.
<VulnDiscussion>SQL Server protects its built-in security objects (tables, views, functions, procedures, etc.) from alteration by database us...Rule Medium Severity -
SRG-APP-000501-DB-000336
<GroupDescription></GroupDescription>Group -
SQL Server must generate Trace or Audit records when locally-defined security objects are dropped.
<VulnDiscussion>SQL Server protects its built-in security objects (tables, views, functions, procedures, etc.) from alteration by database us...Rule Medium Severity -
SRG-APP-000496-DB-000335
<GroupDescription></GroupDescription>Group -
SQL Server must generate Trace or Audit records when unsuccessful attempts to modify locally-defined security objects occur.
<VulnDiscussion>SQL Server protects its built-in security objects (tables, views, functions, procedures, etc.) from alteration by database us...Rule Medium Severity -
SRG-APP-000498-DB-000346
<GroupDescription></GroupDescription>Group -
Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is created.
<VulnDiscussion>Changes in categorized information must be tracked. Without an audit trail, unauthorized access to protected data could go un...Rule Medium Severity -
SRG-APP-000498-DB-000347
<GroupDescription></GroupDescription>Group -
Trace or Audit records must be generated when unsuccessful attempts to create categorized information (e.g., classification levels/security levels) occur.
<VulnDiscussion>Changes in categorized information must be tracked. Without an audit trail, unauthorized access to protected data could go un...Rule Medium Severity -
SRG-APP-000498-DB-000346
<GroupDescription></GroupDescription>Group -
Trace or Audit records must be generated when categorized information (e.g., classification levels/security levels) is modified.
<VulnDiscussion>Changes in categorized information must be tracked. Without an audit trail, unauthorized access to protected data could go un...Rule Medium Severity -
SRG-APP-000498-DB-000347
<GroupDescription></GroupDescription>Group -
Trace or Audit records must be generated when unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur.
<VulnDiscussion>Changes in categorized information must be tracked. Without an audit trail, unauthorized access to protected data could go un...Rule Medium Severity -
SRG-APP-000231-DB-000154
<GroupDescription></GroupDescription>Group -
SQL Server must protect data at rest and ensure confidentiality and integrity of data.
<VulnDiscussion>This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.