Sensitive data should be labeled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15616 | DG0087-SQLServer9 | SV-21481r1_rule | ECML-1 | Low |
| Description |
|---|
| The sensitivity marking or labeling of data items promotes the correct handling and protection of the data. Without such notification, the user may unwittingly disclose sensitive data to unauthorized users. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-23678r1_chk ) |
|---|
| If no data is identified as being sensitive or classified by the Information Owner, in the System Security Plan or in the AIS Functional Architecture documentation, this check is Not a Finding. If the DBMS does not provide the capability to mark or label sensitive data within the DBMS, this check is Not a Finding. Review the DBMS configuration for marking and labeling of sensitive data. If sensitive data is not marked and labeled in accordance with the System Security Plan, this is a Finding. http://www.microsoft.com/technet/prodtechnol/sql/2005/multisec.mspx |
| Fix Text (F-20176r1_fix) |
|---|
| Employ DBMS capabilities to mark or label sensitive data stored within the DBMS where supported. Document the appropriate markings of sensitive data in the System Security Plan. |