III - Administrative Classified
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000033-DB-000084
<GroupDescription></GroupDescription>Group -
The SQL Server default account [sa] must be disabled.
<VulnDiscussion>SQL Server's [sa] account has special privileges required to administer the database. The [sa] account is a well-known SQL Se...Rule High Severity -
SRG-APP-000141-DB-000092
<GroupDescription></GroupDescription>Group -
SQL Server default account [sa] must have its name changed.
<VulnDiscussion>SQL Server's [sa] account has special privileges required to administer the database. The [sa] account is a well-known SQL Se...Rule Medium Severity -
SRG-APP-000342-DB-000302
<GroupDescription></GroupDescription>Group -
Execution of startup stored procedures must be restricted to necessary cases only.
<VulnDiscussion>In certain situations, to provide required functionality, a DBMS needs to execute internal logic (stored procedures, function...Rule Medium Severity -
SRG-APP-000516-DB-000363
<GroupDescription></GroupDescription>Group -
SQL Server Mirroring endpoint must utilize AES encryption.
<VulnDiscussion>Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...Rule Medium Severity -
SRG-APP-000516-DB-000363
<GroupDescription></GroupDescription>Group -
SQL Server Service Broker endpoint must utilize AES encryption.
<VulnDiscussion>Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including...Rule Medium Severity -
SRG-APP-000141-DB-000093
<GroupDescription></GroupDescription>Group -
SQL Server execute permissions to access the registry must be revoked, unless specifically required and approved.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity -
SRG-APP-000141-DB-000093
<GroupDescription></GroupDescription>Group -
Filestream must be disabled, unless specifically required and approved.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity -
SRG-APP-000141-DB-000093
<GroupDescription></GroupDescription>Group -
Ole Automation Procedures feature must be disabled, unless specifically required and approved.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity -
SRG-APP-000141-DB-000092
<GroupDescription></GroupDescription>Group -
SQL Server User Options feature must be disabled, unless specifically required and approved.
<VulnDiscussion>SQL Server is capable of providing a wide range of features and services. Some of the features and services, provided by defa...Rule Medium Severity -
SRG-APP-000141-DB-000093
<GroupDescription></GroupDescription>Group -
Remote Access feature must be disabled, unless specifically required and approved.
<VulnDiscussion>Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, pr...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.