Back

Configure Microsoft SQL Server to Organizational Standards.


CONTROL ID
08989
CONTROL TYPE
Configuration
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain system hardening procedures., CC ID: 12001

This Control has the following implementation support Control(s):
  • Configure the "allowing DDL statements to modify the application schema" permissions for the "Database application" to organizational standards., CC ID: 09258
  • Configure the "encrypt custom and Government Off-The-Shelf application code" setting to organizational standards., CC ID: 09259
  • Configure the "Access to DBMS software files and directories" setting to organizational standards., CC ID: 09264
  • Configure the "Default demonstration and sample database objects and applications" setting to organizational standards., CC ID: 09265
  • Configure the "auditing parameters" for "database auditing" to organizational standards., CC ID: 09266
  • Configure the "DBMS login account password complexity requirements" setting to organizational standards., CC ID: 09268
  • Configure the "Passwords for DBMS default accounts" setting to organizational standards., CC ID: 09269
  • Configure the "Remote DBMS administration" setting to organizational standards., CC ID: 09270
  • Configure the "C2 Audit records" setting to organizational standards., CC ID: 09271
  • Configure the "SQL Mail XPs" setting to organizational standards., CC ID: 09272
  • Configure the "SQL Server Service" setting to organizational standards., CC ID: 09275
  • Configure the "Access extended stored procedure xp_cmdshell" setting to organizational standards., CC ID: 09277
  • Configure the "xp_cmdshell" setting to organizational standards., CC ID: 09278
  • Configure the "OLE Automation extended stored procedures" setting to organizational standards., CC ID: 09279
  • Configure the "Access to registry extended stored procedures" setting to organizational standards., CC ID: 09280
  • Configure the "Remote access" setting to organizational standards., CC ID: 09281
  • Configure the "SQL Server authentication" setting to organizational standards., CC ID: 09282
  • Configure the "Access to CmdExec and ActiveScripting jobs" setting to organizational standards., CC ID: 09283
  • Configure the "Error log retention" setting to organizational standards., CC ID: 09284
  • Configure the "Trace rollover" setting to organizational standards., CC ID: 09285
  • Configure the "Named Pipes network protocol" setting to organizational standards., CC ID: 09286
  • Configure the "SQL Server event forwarding" setting to organizational standards., CC ID: 09287
  • Configure the "Access to manage the database master key" setting to organizational standards., CC ID: 09288
  • Configure the "Encryption of the asymmetric keys" setting to organizational standards., CC ID: 09290
  • Configure the "audit unauthorized access to the asymmetric keys" setting to organizational standards., CC ID: 09291
  • Configure the "Database Master key encryption password" setting to organizational standards., CC ID: 09292
  • Configure the "encrypt Database Master Key" setting to organizational standards., CC ID: 09293
  • Configure the "store the database master key password" setting to organizational standards., CC ID: 09294
  • Configure the "protect symmetric keys" setting to organizational standards., CC ID: 09295
  • Configure the "clear residual data from memory, data objects or files, or other storage locations" setting to organizational standards., CC ID: 09296
  • Configure the "DBMS account passwords expiration" setting to organizational standards., CC ID: 09297
  • Configure the "audit attempts to bypass access controls" setting to organizational standards., CC ID: 09310
  • Configure the "default audit trace" setting to organizational standards., CC ID: 09311
  • Configure the "Audit records contents" setting to organizational standards., CC ID: 09312
  • Configure the "port" setting for "Sql Server Analysis Services" to organizational standards., CC ID: 09313
  • Configure the "port" setting for the "DBMS" to organizational standards., CC ID: 09314
  • Configure the "Fixed server roll membership" setting to organizational standards., CC ID: 09315
  • Configure the "Database Mail XPs" setting to organizational standards., CC ID: 09316
  • Configure the "SQL Server Agent Email" setting to organizational standards., CC ID: 09317
  • Configure the "scan for startup procs" setting to organizational standards., CC ID: 09331
  • Configure the "Access to SQL Server Agent CmdExec" setting to organizational standards., CC ID: 09332
  • Configure the "Access to ActiveScripting jobs" setting to organizational standards., CC ID: 09333
  • Configure the "SQL Server Agent proxies" setting to organizational standards., CC ID: 09334
  • Configure the "Replication snapshot folders" setting to organizational standards., CC ID: 09335
  • Configure the "Ad hoc data mining queries configuration" setting to organizational standards., CC ID: 09336
  • Configure the "Analysis Services Anonymous Connections" setting to organizational standards., CC ID: 09337
  • Configure the "Analysis Services Links to Objects" setting to organizational standards., CC ID: 09338
  • Configure the "Analysis Services Links From Objects" setting to organizational standards., CC ID: 09339
  • Configure the "Analysis Services user-defined COM functions" setting to organizational standards., CC ID: 09340
  • Configure the "Analysis Services Required Protection Levels" setting to organizational standards., CC ID: 09341
  • Configure the "Analysis Services Security Package List" setting to organizational standards., CC ID: 09342
  • Configure the "Analysis Services server role" setting to organizational standards., CC ID: 09343
  • Configure the "Analysis Services database roles" setting to organizational standards., CC ID: 09344
  • Configure the "Reporting Services Web service requests and HTTP" setting to organizational standards., CC ID: 09345
  • Configure the "Reporting Services scheduled events and report delivery" setting to organizational standards., CC ID: 09346
  • Configure the "Command Language Runtime objects" setting to organizational standards., CC ID: 09348
  • Configure the "XML Web Services endpoints" setting to organizational standards., CC ID: 09349
  • Configure the "db_owner role members" setting to organizational standards., CC ID: 09350
  • Configure the "Web Assistant procedures configuration" setting to organizational standards., CC ID: 09351
  • Configure the "Disallow adhoc access" setting for "linked servers" to organizational standards., CC ID: 09353
  • Configure the "Ad Hoc distributed queries" setting to organizational standards., CC ID: 09354
  • Configure the "Access to Analysis Services data sources" setting to organizational standards., CC ID: 09355
  • Configure the "Database TRUSTWORTHY status" setting to organizational standards., CC ID: 09356
  • Configure the "Agent XPs" setting to organizational standards., CC ID: 09357
  • Configure the "SMO and DMO XPs" setting to organizational standards., CC ID: 09358


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Never install SQL Server on a domain controller. (SQL INJECTION PROTECTION AGAINST SQL INJECTION ATTACKS: ΒΆ 29, Guideline 661G1: Application Security, 661G1-01)