UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The DBMS software installation account should be restricted to authorized users.


Overview

Finding ID Version Rule ID IA Controls Severity
V-2422 DG0040-SQLServer9 SV-24155r1_rule ECLP-1 ECPA-1 Medium
Description
DBA and other privileged administrative or application owner accounts are granted privileges that allow actions that can have a greater impact on database security and operation. It is especially important to grant access to privileged accounts to only those persons who are qualified and authorized to use them.
STIG Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide 2015-06-16

Details

Check Text ( C-28673r1_chk )
Review procedures for controlling and granting access to use of the DBMS software installation account.

If access or use of this account is not restricted to the minimum number of personnel required or unauthorized access to the account has been granted, this is a Finding.
Fix Text (F-24498r1_fix)
Develop and implement procedures to restrict use and require logging of use of the DBMS software installation account.

Document authorized personnel and assignments in the System Security Plan.