Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Unused database components, database application software and database objects should be removed from the DBMS system.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3728 | DG0016-SQLServer9 | SV-24131r1_rule | DCFA-1 | Low |
| Description |
|---|
| Unused, unnecessary DBMS components increase the attack vector for the DBMS by introducing additional targets for attack. By minimizing the services and applications installed on the system, the number of potential vulnerabilities is reduced. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-06-16 |
Details
| Check Text ( C-13738r1_chk ) |
|---|
| Review the list of components or optional features installed with the database. This may be most clearly displayed using the DBMS product installation tool, but may require review of the product installation documentation. If no optional features or components are installed, this is Not a Finding. If optional components or features are installed, then review the System Security Plan to verify that they are documented and authorized. If any are not documented and authorized, this is a Finding. |
| Fix Text (F-14784r1_fix) |
|---|
| Review the list of optional features or components available for the DBMS product. If any are required for operation of applications that will be accessing the DBMS, then include them in the application design specification and list them in the System Security Plan. If any are not, but have been installed, then uninstall them and remove any database objects and applications that are installed to support them. |