Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15649 | DG0155-SQLServer9 | SV-25382r1_rule | DCSS-1 DCSS-2 | Medium |
Description |
---|
The DBMS opens data files and reads configuration files at system startup, system shutdown and during abort recovery efforts. If the DBMS does not verify the trustworthiness of these files, it is vulnerable to malicious alterations of its configuration or unauthorized replacement of data. |
STIG | Date |
---|---|
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Check Text ( C-23838r1_chk ) |
---|
Ask the DBA and/or IAO to demonstrate that the DBMS system initialization, shutdown, and aborts are configured to ensure that the DBMS system remains in a secure state. If the DBA and/or IAO has documented proof from the DBMS vendor demonstrating that the DBMS does not support this either natively or programmatically, this check is a Finding, but can be downgraded to a CAT 3 severity. If the DBMS does support this either natively or programmatically and the configuration does not meet the requirements listed above, this is a Finding. For all MAC 1, all MAC 2 and Classified MAC 3 systems where the DBMS supports the requirements, review documented procedures and evidence of periodic testing to ensure DBMS system state integrity. If documented procedures do not exist or no evidence of implementation is provided, this is a Finding. |
Fix Text (F-16116r1_fix) |
---|
Configure DBMS system initialization, shutdown and aborts to ensure DBMS system remains in a secure state. For applicable DBMS systems as listed in the check, periodically test configuration to ensure DBMS system state integrity. Where DBMS system state integrity is not supported by the DBMS vendor, obtain and apply mitigation strategies to bring risk to a DAA-acceptable level. |