SQL Server must support the requirement to activate an alarm and/or automatically shut down the information system if an application component failure is detected. This can include conducting a graceful application shutdown to avoid losing information.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-40905	SQL2-00-023000	SV-53259r1_rule		Medium

Description
Predictable failure prevention requires organizational planning to address system failure issues. If components key to maintaining system security fail to function, then SQL Server could continue operating in an insecure state. The organization must be prepared, and SQL Server and applications using SQL Server's databases must be configured to send an alarm for such conditions and/or automatically shut down SQL Server. If appropriate actions are not taken when application component failures occur, a denial of service condition may occur.

Description

Predictable failure prevention requires organizational planning to address system failure issues. If components key to maintaining system security fail to function, then SQL Server could continue operating in an insecure state. The organization must be prepared, and SQL Server and applications using SQL Server's databases must be configured to send an alarm for such conditions and/or automatically shut down SQL Server. If appropriate actions are not taken when application component failures occur, a denial of service condition may occur.

STIG	Date
Microsoft SQL Server 2012 Database Instance Security Technical Implementation Guide	2014-06-23

Details

Check Text ( C-47560r2_chk )
Check SQL Server configuration to verify the system activates and alarms and/or triggers a system shutdown when an application component failure is detected. If SQL Server does not take either or both actions, this is a finding.

Fix Text (F-46187r1_fix)
Configure SQL Server to activate an alarm and/or trigger a system shutdown when an application component failure is detected.