Use of the DBMS software installation account should be restricted to DBMS software installation, upgrade and maintenance actions.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15111 | DG0042-SQLServer9 | SV-24167r1_rule | ECLP-1 | Medium |
| Description |
|---|
| The DBMS software installation account is granted privileges not required for DBA or other functions. Use of accounts configured with excess privileges may result in unauthorized or unintentional compromise of the DBMS. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-29508r1_chk ) |
|---|
| Review the logs for usage of the DBMS software installation account. Interview personnel authorized to access the DBMS software installation account to ask how the account is used. If any usage of the account is to support daily operations or DBA responsibilities, this is a Finding. |
| Fix Text (F-24638r1_fix) |
|---|
| Develop, document and implement policy and procedures and train authorized users to restrict usage of the DBMS software installation account for DBMS software installation, upgrade and maintenance actions only. |