UCF STIG Viewer Logo

SQL Server job/batch queues must be reviewed regularly to detect unauthorized SQL Server job submissions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-41399 SQL2-00-023500 SV-53925r2_rule Medium
Description
When dealing with unauthorized SQL Server job submissions, it should be noted any unauthorized job submissions to SQL Server job/batch queues can potentially have significant effects on the overall security of the system. If SQL Server were to allow any user to make SQL Server job/batch queue submissions, then those submissions might lead to a compromise of system integrity and/or data. This requirement is contingent upon the SQL Server job/batch queue being review regularly for unauthorized submissions. Accordingly, only qualified and authorized individuals shall be allowed to obtain access to submit SQL Server jobs. Job/batch queue submissions must adhere to an organization-defined job submission process. Unmanaged changes that occur to SQL Server job/batch queues can lead to a compromised system.
STIG Date
Microsoft SQL Server 2012 Database Security Technical Implementation Guide 2018-03-01

Details

Check Text ( C-47937r2_chk )
Check system documentation for procedures that are regularly implemented in an effort to detect unauthorized SQL Server job submissions.

If procedures that are regularly implemented are not documented in the system documentation, this is a finding.

If the procedures are not implemented regularly or do not detect for unauthorized SQL Server job submissions, this is a finding.

Review Stored Procedures that are able to automatically execute jobs scheduled to start automatically at system startup by running the following query:
SELECT name
FROM master.sys.procedures
WHERE is_auto_executed = 1

If any Stored Procedures listed are not documented as authorized, this is a finding.

Review the SQL Server job history by running the following query:

SELECT * FROM msdb.dbo.sysjobhistory


If any jobs listed are not documented as authorized, this is a finding.
Fix Text (F-46825r2_fix)
Document procedures, within the system documentation, that detect for unauthorized SQL Server job submissions.

Develop and implement procedures to detect for unauthorized SQL Server job submissions of Stored Procedures that are automatically executed and Agent jobs that are enabled.