MS SQL Server 2016 Instance Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
SRG-APP-000516-DB-000363
<GroupDescription></GroupDescription>Group -
SQL Server must configure Customer Feedback and Error Reporting.
<VulnDiscussion>By default, Microsoft SQL Server enables participation in the customer experience improvement program (CEIP). This program co...Rule Medium Severity -
SRG-APP-000516-DB-000363
<GroupDescription></GroupDescription>Group -
SQL Server must configure SQL Server Usage and Error Reporting Auditing.
<VulnDiscussion>By default, Microsoft SQL Server enables participation in the customer experience improvement program (CEIP). This program co...Rule Medium Severity -
SRG-APP-000033-DB-000084
<GroupDescription></GroupDescription>Group -
The SQL Server default account [sa] must be disabled.
<VulnDiscussion>SQL Server's [sa] account has special privileges required to administer the database. The [sa] account is a well-known SQL Se...Rule High Severity -
SRG-APP-000141-DB-000092
<GroupDescription></GroupDescription>Group -
SQL Server default account [sa] must have its name changed.
<VulnDiscussion>SQL Server's [sa] account has special privileges required to administer the database. The [sa] account is a well-known SQL Se...Rule Medium Severity -
SRG-APP-000342-DB-000302
<GroupDescription></GroupDescription>Group -
Execution of startup stored procedures must be restricted to necessary cases only.
<VulnDiscussion>In certain situations, to provide required functionality, a DBMS needs to execute internal logic (stored procedures, function...Rule Medium Severity -
SRG-APP-000516-DB-000363
<GroupDescription></GroupDescription>Group -
SQL Server Mirroring endpoint must utilize AES encryption.
<VulnDiscussion>Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...Rule Medium Severity -
SRG-APP-000516-DB-000363
<GroupDescription></GroupDescription>Group -
SQL Server Service Broker endpoint must utilize AES encryption.
<VulnDiscussion>Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...Rule Medium Severity -
SRG-APP-000141-DB-000093
<GroupDescription></GroupDescription>Group -
SQL Server execute permissions to access the registry must be revoked, unless specifically required and approved.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity -
SRG-APP-000141-DB-000093
<GroupDescription></GroupDescription>Group -
Filestream must be disabled, unless specifically required and approved.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity -
SRG-APP-000141-DB-000093
<GroupDescription></GroupDescription>Group -
Ole Automation Procedures feature must be disabled, unless specifically required and approved.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.