Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Dedicated accounts should be designated for SQL Server Agent proxies.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15197 | DM6140-SQLServer9 | SV-23858r1_rule | ECAN-1 | Medium |
| Description |
|---|
| SQL Server proxies use to execute specific job functions defined for SQL Server Agent. If proxies share a single account for multiple job functions, least privileges cannot be assigned based on the particular job function. This can compromise the security of the shared functions should a compromise of the SQL Server Agent job occur. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-04-03 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-14834r1_fix) |
|---|
| Create Windows accounts for each proxy defined. Assign only the file permissions, subsystem access and other privileges required to run the SQL Server Agent job. Document proxy accounts in the System Security Plan and authorize with the IAO. |