The DBMS should not have a connection defined to access or be accessed by a DBMS at a different classification level.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15656 | DG0171-SQLServer9 | SV-25398r1_rule | ECIC-1 | Medium |
| Description |
|---|
| Applications that access databases and databases connecting to remote databases that differ in their assigned classification levels may expose sensitive data to unauthorized clients. Any interconnections between databases or applications and databases differing in classification levels are required to comply with interface control rules. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-23841r1_chk ) |
|---|
| Review database links or other connections defined for the database (See Check DG0075 for list). If any interconnections show differences in the DBMS and remote system classification levels, this is a Finding. |
| Fix Text (F-22608r1_fix) |
|---|
| Disassociate or remove connection definitions to remote systems of differing classification levels. |