Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-2422 | DG0040-SQLServer9 | SV-24155r1_rule | ECLP-1 ECPA-1 | Medium |
Description |
---|
DBA and other privileged administrative or application owner accounts are granted privileges that allow actions that can have a greater impact on database security and operation. It is especially important to grant access to privileged accounts to only those persons who are qualified and authorized to use them. |
STIG | Date |
---|---|
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-04-03 |
Check Text ( C-28673r1_chk ) |
---|
Review procedures for controlling and granting access to use of the DBMS software installation account. If access or use of this account is not restricted to the minimum number of personnel required or unauthorized access to the account has been granted, this is a Finding. |
Fix Text (F-24498r1_fix) |
---|
Develop and implement procedures to restrict use and require logging of use of the DBMS software installation account. Document authorized personnel and assignments in the System Security Plan. |