Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Reporting Services Windows Integrated Security should be disabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15203 | DM6122-SQLServer9 | SV-25486r1_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| Use of Windows integrated security may allow access via Report Services bypasses security controls assessed at the database level. This may be restricted by requiring that all report data source connections use specific credentials to access report data sources. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-04-03 |
Details
| Check Text ( C-13807r1_chk ) |
|---|
| If Reporting Services is not installed, this check is Not a Finding. Note: To detect installation, view Windows Services. If SQL Server Reporting Services ([instance name]) is not listed, then Reporting Services is not installed on this host. From Surface Area Configuration for Features: 1. Connect to the Report Services instance 2. Expand the instance 3. Expand Report Services 4. Select Windows Integrated Security If checked, this is a Finding. |
| Fix Text (F-14827r1_fix) |
|---|
| Disable Windows Integrated Security. From Surface Area Configuration for Features: 1. Connect to the Report Services instance 2. Expand the instance 3. Expand Report Services 4. Select Windows Integrated Security 5. Click on Windows Integrated Security to clear the check box 6. Click OK |