Use of Command Language Runtime objects should be disabled if not required.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15202	DM6123-SQLServer9	SV-25487r1_rule	DCFA-1	Low

Description
The clr_enabled parameter configures SQL Server to allow or disallow use of Command Language Runtime objects. CLR objects is managed code that integrates with the .NET Framework. This is a more secure method than external stored procedures, although it still contains some risk. Where no external application execution requirements are required, disallowing use of any improves the overall security posture of the database.

Description

The clr_enabled parameter configures SQL Server to allow or disallow use of Command Language Runtime objects. CLR objects is managed code that integrates with the .NET Framework. This is a more secure method than external stored procedures, although it still contains some risk. Where no external application execution requirements are required, disallowing use of any improves the overall security posture of the database.

STIG	Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide	2015-06-16

Details

Check Text ( C-13808r1_chk )
From the query prompt: SELECT CAST(value AS INT) 'Config_Value' FROM [master].sys.configurations WHERE name = 'clr enabled' If the value of Config_Value is 0, this is Not a Finding. If the value of Config_Value is 1, confirm in the System Security Plan that access to CLR applications is required. If it is not, this is a Finding.

Fix Text (F-14828r1_fix)
Where CLR object use is part of the designed and approved use of the SQL Server database, document the requirement in the System Security Plan. Where CLR object use is not required, disable its use. From the query prompt: EXEC SP_CONFIGURE 'clr_enabled', 0 RECONFIGURE