UCF STIG Viewer Logo

Unused database components, database application software and database objects should be removed from the DBMS system.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3728 DG0016-SQLServer9 SV-24131r1_rule DCFA-1 Low
Description
Unused, unnecessary DBMS components increase the attack vector for the DBMS by introducing additional targets for attack. By minimizing the services and applications installed on the system, the number of potential vulnerabilities is reduced.
STIG Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide 2015-06-16

Details

Check Text ( C-13738r1_chk )
Review the list of components or optional features installed with the database.

This may be most clearly displayed using the DBMS product installation tool, but may require review of the product installation documentation.

If no optional features or components are installed, this is Not a Finding.

If optional components or features are installed, then review the System Security Plan to verify that they are documented and authorized.

If any are not documented and authorized, this is a Finding.
Fix Text (F-14784r1_fix)
Review the list of optional features or components available for the DBMS product.

If any are required for operation of applications that will be accessing the DBMS, then include them in the application design specification and list them in the System Security Plan.

If any are not, but have been installed, then uninstall them and remove any database objects and applications that are installed to support them.