Home
Security Hardening
DISA STIG SQL Server 2016 Instance OS V2R6

DISA STIG SQL Server 2016 Instance OS V2R6

SQL6-D0-015800 – SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements.
Details Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The application must...
SQL6-D0-016000 – SQL Server must configure Customer Feedback and Error Reporting – CustomerFeedback
Details By default, Microsoft SQL Server enables participation in the customer experience improvement program (CEIP). This program collects information about...
SQL6-D0-016000 – SQL Server must configure Customer Feedback and Error Reporting – EnableErrorReporting
Details By default, Microsoft SQL Server enables participation in the customer experience improvement program (CEIP). This program collects information about...
SQL6-D0-016100 – SQL Server must configure SQL Server Usage and Error Reporting Auditing – permissions
Details By default, Microsoft SQL Server enables participation in the customer experience improvement program (CEIP). This program collects information about...
SQL6-D0-016100 – SQL Server must configure SQL Server Usage and Error Reporting Auditing – SQLTELEMETRY
Details By default, Microsoft SQL Server enables participation in the customer experience improvement program (CEIP). This program collects information about...
SQL6-D0-016100 – SQL Server must configure SQL Server Usage and Error Reporting Auditing – SSASTELEMETRY
Details By default, Microsoft SQL Server enables participation in the customer experience improvement program (CEIP). This program collects information about...
SQL6-D0-017800 – The SQL Server Browser service must be disabled unless specifically required and approved.
Details The SQL Server Browser simplifies the administration of SQL Server, particularly when multiple instances of SQL Server coexist on...
SQL6-D0-010000 – Access to database files must be limited to relevant processes and to authorized, administrative users.
Details SQL Server must prevent unauthorized and unintended information transfer via shared system resources. Permitting only SQL Server processes and...
SQL6-D0-011200 – SQL Server must record time stamps in audit records and application data that can be mapped to Coordinated Universal Time (UTC, formerly GMT).
Details If time stamps are not consistently applied and there is no common time reference, it is difficult to perform...
SQL6-D0-011500 – Windows must enforce access restrictions associated with changes to the configuration of the SQL Server instance.
Details Failure to provide logical access restrictions associated with changes to configuration may have significant effects on the overall security...

DISA STIG SQL Server 2016 Instance OS V2R6

SQL6-D0-015800 – SQL Server must implement NIST FIPS 140-2 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements.

SQL6-D0-016000 – SQL Server must configure Customer Feedback and Error Reporting – CustomerFeedback

SQL6-D0-016000 – SQL Server must configure Customer Feedback and Error Reporting – EnableErrorReporting

SQL6-D0-016100 – SQL Server must configure SQL Server Usage and Error Reporting Auditing – permissions

SQL6-D0-016100 – SQL Server must configure SQL Server Usage and Error Reporting Auditing – SQLTELEMETRY

SQL6-D0-016100 – SQL Server must configure SQL Server Usage and Error Reporting Auditing – SSASTELEMETRY

SQL6-D0-017800 – The SQL Server Browser service must be disabled unless specifically required and approved.

SQL6-D0-010000 – Access to database files must be limited to relevant processes and to authorized, administrative users.

SQL6-D0-011200 – SQL Server must record time stamps in audit records and application data that can be mapped to Coordinated Universal Time (UTC, formerly GMT).

SQL6-D0-011500 – Windows must enforce access restrictions associated with changes to the configuration of the SQL Server instance.