Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The DBMS host platform and other dependent applications should be configured in compliance with applicable STIG requirements.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15116 | DG0175-SQLServer9 | SV-25400r1_rule | ECSC-1 | Medium |
| Description |
|---|
| The security of the data stored in the DBMS is also vulnerable to attacks against the host platform, calling applications, and other application or optional components. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-13831r1_chk ) |
|---|
| Review evidence of security hardening and auditing of the DBMS host platform with the IAO. If the DBMS host platform has not been hardened and received a security audit, this is a Finding. Review evidence of security hardening and auditing for all application(s) that store data in the database and all other separately configured components that access the database including web servers, application servers, report servers, etc. If any have not been hardened and received a security audit, this is a Finding. Review evidence of security hardening and auditing for all application(s) installed on the local DBMS host where security hardening and auditing guidance exists. If any have not been hardened and received a security audit, this is a Finding. |
| Fix Text (F-23484r1_fix) |
|---|
| Configure all related application components and the DBMS host platform in accordance with the applicable DOD STIG. Regularly audit the security configuration of related applications and the host platform to confirm continued compliance with security requirements. |