Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
DBMS account passwords should be set to expire every 60 days or more frequently.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15153 | DG0125-SQLServer9 | SV-19452r2_rule | IAIA-1 IAIA-2 | Medium |
| Description |
|---|
| Unchanged passwords provide a means for compromised passwords to be used for unauthorized access to DBMS accounts over a long time. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-20472r2_chk ) |
|---|
| If no DBMS accounts authenticate using passwords, this check is Not a Finding. If DBMS uses Windows Authentication only, this check is Not a Finding. From the query prompt: SELECT name FROM [master].sys.sql_logins WHERE type = 'S' AND is_expiration_checked <> '1' ORDER BY name If any names are returned, this is a Finding. NOTE: Ensure password policy enforcement is enabled for SQL Server accounts per Check DG0079. |
| Fix Text (F-18422r1_fix) |
|---|
| Set SQL Server logins to check password expiration. ALTER LOGIN [user name] WITH CHECK_EXPIRATION = ON |