III - Administrative Sensitive
Rules and Groups employed by this XCCDF Profile
-
SRG-APP-000516-DB-000363
Group -
SQL Server must configure SQL Server Usage and Error Reporting Auditing.
By default, Microsoft SQL Server enables participation in the customer experience improvement program (CEIP). This program collects information about how its customers are using the product. Specif...Rule Medium Severity -
SRG-APP-000033-DB-000084
Group -
The SQL Server default account [sa] must be disabled.
SQL Server's [sa] account has special privileges required to administer the database. The [sa] account is a well-known SQL Server account and is likely to be targeted by attackers and thus more pro...Rule High Severity -
SRG-APP-000141-DB-000092
Group -
SQL Server default account [sa] must have its name changed.
SQL Server's [sa] account has special privileges required to administer the database. The [sa] account is a well-known SQL Server account name and is likely to be targeted by attackers, and is thus...Rule Medium Severity -
SRG-APP-000342-DB-000302
Group -
Execution of startup stored procedures must be restricted to necessary cases only.
In certain situations, to provide required functionality, a DBMS needs to execute internal logic (stored procedures, functions, triggers, etc.) and/or external code modules with elevated privileges...Rule Medium Severity -
SRG-APP-000516-DB-000363
Group -
SQL Server Mirroring endpoint must utilize AES encryption.
Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including, for example, during aggregation, at protocol transformation points, an...Rule Medium Severity -
SRG-APP-000516-DB-000363
Group -
SQL Server Service Broker endpoint must utilize AES encryption.
Information can be either unintentionally or maliciously disclosed or modified during preparation for transmission, including, for example, during aggregation, at protocol transformation points, an...Rule Medium Severity -
SRG-APP-000141-DB-000093
Group -
SQL Server execute permissions to access the registry must be revoked, unless specifically required and approved.
Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizatio...Rule Medium Severity -
SRG-APP-000141-DB-000093
Group -
Filestream must be disabled, unless specifically required and approved.
Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizatio...Rule Medium Severity -
SRG-APP-000141-DB-000093
Group -
Ole Automation Procedures feature must be disabled, unless specifically required and approved.
Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizatio...Rule Medium Severity -
SRG-APP-000141-DB-000092
Group -
SQL Server User Options feature must be disabled, unless specifically required and approved.
SQL Server is capable of providing a wide range of features and services. Some of the features and services, provided by default, may not be necessary, and enabling them could adversely affect the ...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.