UCF STIG Viewer Logo

Reporting Services Windows Integrated Security should be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15203 DM6122-SQLServer9 SV-25486r1_rule IAIA-1 IAIA-2 Medium
Description
Use of Windows integrated security may allow access via Report Services bypasses security controls assessed at the database level. This may be restricted by requiring that all report data source connections use specific credentials to access report data sources.
STIG Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide 2015-06-16

Details

Check Text ( C-13807r1_chk )
If Reporting Services is not installed, this check is Not a Finding.

Note: To detect installation, view Windows Services. If SQL Server Reporting Services ([instance name]) is not listed, then Reporting Services is not installed on this host.

From Surface Area Configuration for Features:
1. Connect to the Report Services instance
2. Expand the instance
3. Expand Report Services
4. Select Windows Integrated Security

If checked, this is a Finding.
Fix Text (F-14827r1_fix)
Disable Windows Integrated Security.

From Surface Area Configuration for Features:
1. Connect to the Report Services instance
2. Expand the instance
3. Expand Report Services
4. Select Windows Integrated Security
5. Click on Windows Integrated Security to clear the check box
6. Click OK