Skip to content

I - Mission Critical Sensitive

Rules and Groups employed by this XCCDF Profile

  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • SQL Server must configure Customer Feedback and Error Reporting.

    &lt;VulnDiscussion&gt;By default, Microsoft SQL Server enables participation in the customer experience improvement program (CEIP). This program co...
    Rule Medium Severity
  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • SQL Server must configure SQL Server Usage and Error Reporting Auditing.

    &lt;VulnDiscussion&gt;By default, Microsoft SQL Server enables participation in the customer experience improvement program (CEIP). This program co...
    Rule Medium Severity
  • SRG-APP-000033-DB-000084

    <GroupDescription></GroupDescription>
    Group
  • The SQL Server default account [sa] must be disabled.

    &lt;VulnDiscussion&gt;SQL Server's [sa] account has special privileges required to administer the database. The [sa] account is a well-known SQL Se...
    Rule High Severity
  • SRG-APP-000141-DB-000092

    <GroupDescription></GroupDescription>
    Group
  • SQL Server default account [sa] must have its name changed.

    &lt;VulnDiscussion&gt;SQL Server's [sa] account has special privileges required to administer the database. The [sa] account is a well-known SQL Se...
    Rule Medium Severity
  • SRG-APP-000342-DB-000302

    <GroupDescription></GroupDescription>
    Group
  • Execution of startup stored procedures must be restricted to necessary cases only.

    &lt;VulnDiscussion&gt;In certain situations, to provide required functionality, a DBMS needs to execute internal logic (stored procedures, function...
    Rule Medium Severity
  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • SQL Server Mirroring endpoint must utilize AES encryption.

    &lt;VulnDiscussion&gt;Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...
    Rule Medium Severity
  • SRG-APP-000516-DB-000363

    <GroupDescription></GroupDescription>
    Group
  • SQL Server Service Broker endpoint must utilize AES encryption.

    &lt;VulnDiscussion&gt;Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...
    Rule Medium Severity
  • SRG-APP-000141-DB-000093

    <GroupDescription></GroupDescription>
    Group
  • SQL Server execute permissions to access the registry must be revoked, unless specifically required and approved.

    &lt;VulnDiscussion&gt;Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...
    Rule Medium Severity
  • SRG-APP-000141-DB-000093

    <GroupDescription></GroupDescription>
    Group
  • Filestream must be disabled, unless specifically required and approved.

    &lt;VulnDiscussion&gt;Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...
    Rule Medium Severity
  • SRG-APP-000141-DB-000093

    <GroupDescription></GroupDescription>
    Group
  • Ole Automation Procedures feature must be disabled, unless specifically required and approved.

    &lt;VulnDiscussion&gt;Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules