Use of credentials and proxies must be restricted to necessary cases only.

An XCCDF Rule

Description

<VulnDiscussion>In certain situations, to provide required functionality, a DBMS needs to execute internal logic (stored procedures, functions, triggers, etc.) and/or external code modules with elevated privileges. However, if the privileges required for execution are at a higher level than the privileges assigned to organizational users invoking the functionality applications/programs, those users are indirectly provided with greater privileges than assigned by organizations. Privilege elevation must be utilized only where necessary and protected from misuse.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-213980r879719_rule
Severity: Medium
References: CCI-002233
Updated: 8 months ago

Remove any SQL Agent Proxy accounts and credentials that are not authorized. 
 
DROP CREDENTIAL <Credential Name> 
GO 
 
USE [msdb] EXEC sp_delete_proxy @proxy_name = '<Proxy Name>' 
GO

Use of credentials and proxies must be restricted to necessary cases only.

Description

Remediation - Manual Procedure