I - Mission Critical Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000133-DB-000179
<GroupDescription></GroupDescription>Group -
Software, applications, and configuration files that are part of, or related to, the SQL Server installation must be monitored to discover unauthorized changes.
<VulnDiscussion>When dealing with change control issues, it should be noted, any changes to the hardware, software, and/or firmware component...Rule Medium Severity -
SRG-APP-000133-DB-000198
<GroupDescription></GroupDescription>Group -
SQL Server software installation account(s) must be restricted to authorized users.
<VulnDiscussion>When dealing with change control issues, it should be noted, any changes to the hardware, software, and/or firmware component...Rule Medium Severity -
SRG-APP-000133-DB-000199
<GroupDescription></GroupDescription>Group -
Database software directories, including SQL Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications.
<VulnDiscussion>When dealing with change control issues, it should be noted, any changes to the hardware, software, and/or firmware component...Rule Low Severity -
SRG-APP-000141-DB-000090
<GroupDescription></GroupDescription>Group -
SQL Server must have the publicly available Northwind sample database removed.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity -
SRG-APP-000141-DB-000090
<GroupDescription></GroupDescription>Group -
SQL Server must have the publicly available pubs sample database removed.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity -
SRG-APP-000141-DB-000090
<GroupDescription></GroupDescription>Group -
SQL Server must have the publicly available AdventureWorks sample database removed.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity -
SRG-APP-000141-DB-000091
<GroupDescription></GroupDescription>Group -
SQL Server must have the SQL Server Data Tools (SSDT) software component removed if it is unused.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity -
SRG-APP-000141-DB-000091
<GroupDescription></GroupDescription>Group -
SQL Server must have the SQL Server Reporting Services (SSRS) software component removed if it is unused.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity -
SRG-APP-000141-DB-000091
<GroupDescription></GroupDescription>Group -
SQL Server must have the SQL Server Integration Services (SSIS) software component removed if it is unused.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity -
SRG-APP-000141-DB-000091
<GroupDescription></GroupDescription>Group -
SQL Server must have the SQL Server Analysis Services (SSAS) software component removed if it is unused.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.