Configure Microsoft SQL Server to Organizational Standards.
CONTROL ID 08989
CONTROL TYPE Configuration
CLASSIFICATION Preventive
SUPPORTING AND SUPPORTED CONTROLS
This Control directly supports the implied Control(s):
Establish, implement, and maintain system hardening procedures., CC ID: 12001
This Control has the following implementation support Control(s):
Configure the "allowing DDL statements to modify the application schema" permissions for the "Database application" to organizational standards., CC ID: 09258
Configure the "encrypt custom and Government Off-The-Shelf application code" setting to organizational standards., CC ID: 09259
Configure the "Access to DBMS software files and directories" setting to organizational standards., CC ID: 09264
Configure the "Default demonstration and sample database objects and applications" setting to organizational standards., CC ID: 09265
Configure the "auditing parameters" for "database auditing" to organizational standards., CC ID: 09266
Configure the "DBMS login account password complexity requirements" setting to organizational standards., CC ID: 09268
Configure the "Passwords for DBMS default accounts" setting to organizational standards., CC ID: 09269
Configure the "Remote DBMS administration" setting to organizational standards., CC ID: 09270
Configure the "C2 Audit records" setting to organizational standards., CC ID: 09271
Configure the "SQL Mail XPs" setting to organizational standards., CC ID: 09272
Configure the "SQL Server Service" setting to organizational standards., CC ID: 09275
Configure the "Access extended stored procedure xp_cmdshell" setting to organizational standards., CC ID: 09277
Configure the "xp_cmdshell" setting to organizational standards., CC ID: 09278
Configure the "OLE Automation extended stored procedures" setting to organizational standards., CC ID: 09279
Configure the "Access to registry extended stored procedures" setting to organizational standards., CC ID: 09280
Configure the "Remote access" setting to organizational standards., CC ID: 09281
Configure the "SQL Server authentication" setting to organizational standards., CC ID: 09282
Configure the "Access to CmdExec and ActiveScripting jobs" setting to organizational standards., CC ID: 09283
Configure the "Error log retention" setting to organizational standards., CC ID: 09284
Configure the "Trace rollover" setting to organizational standards., CC ID: 09285
Configure the "Named Pipes network protocol" setting to organizational standards., CC ID: 09286
Configure the "SQL Server event forwarding" setting to organizational standards., CC ID: 09287
Configure the "Access to manage the database master key" setting to organizational standards., CC ID: 09288
Configure the "Encryption of the asymmetric keys" setting to organizational standards., CC ID: 09290
Configure the "audit unauthorized access to the asymmetric keys" setting to organizational standards., CC ID: 09291
Configure the "Database Master key encryption password" setting to organizational standards., CC ID: 09292
Configure the "encrypt Database Master Key" setting to organizational standards., CC ID: 09293
Configure the "store the database master key password" setting to organizational standards., CC ID: 09294
Configure the "protect symmetric keys" setting to organizational standards., CC ID: 09295
Configure the "clear residual data from memory, data objects or files, or other storage locations" setting to organizational standards., CC ID: 09296
Configure the "DBMS account passwords expiration" setting to organizational standards., CC ID: 09297
Configure the "audit attempts to bypass access controls" setting to organizational standards., CC ID: 09310
Configure the "default audit trace" setting to organizational standards., CC ID: 09311
Configure the "Audit records contents" setting to organizational standards., CC ID: 09312
Configure the "port" setting for "Sql Server Analysis Services" to organizational standards., CC ID: 09313
Configure the "port" setting for the "DBMS" to organizational standards., CC ID: 09314
Configure the "Fixed server roll membership" setting to organizational standards., CC ID: 09315
Configure the "Database Mail XPs" setting to organizational standards., CC ID: 09316
Configure the "SQL Server Agent Email" setting to organizational standards., CC ID: 09317
Configure the "scan for startup procs" setting to organizational standards., CC ID: 09331
Configure the "Access to SQL Server Agent CmdExec" setting to organizational standards., CC ID: 09332
Configure the "Access to ActiveScripting jobs" setting to organizational standards., CC ID: 09333
Configure the "SQL Server Agent proxies" setting to organizational standards., CC ID: 09334
Configure the "Replication snapshot folders" setting to organizational standards., CC ID: 09335
Configure the "Ad hoc data mining queries configuration" setting to organizational standards., CC ID: 09336
Configure the "Analysis Services Anonymous Connections" setting to organizational standards., CC ID: 09337
Configure the "Analysis Services Links to Objects" setting to organizational standards., CC ID: 09338
Configure the "Analysis Services Links From Objects" setting to organizational standards., CC ID: 09339
Configure the "Analysis Services user-defined COM functions" setting to organizational standards., CC ID: 09340
Configure the "Analysis Services Required Protection Levels" setting to organizational standards., CC ID: 09341
Configure the "Analysis Services Security Package List" setting to organizational standards., CC ID: 09342
Configure the "Analysis Services server role" setting to organizational standards., CC ID: 09343
Configure the "Analysis Services database roles" setting to organizational standards., CC ID: 09344
Configure the "Reporting Services Web service requests and HTTP" setting to organizational standards., CC ID: 09345
Configure the "Reporting Services scheduled events and report delivery" setting to organizational standards., CC ID: 09346
Configure the "Command Language Runtime objects" setting to organizational standards., CC ID: 09348
Configure the "XML Web Services endpoints" setting to organizational standards., CC ID: 09349
Configure the "db_owner role members" setting to organizational standards., CC ID: 09350
Configure the "Web Assistant procedures configuration" setting to organizational standards., CC ID: 09351
Configure the "Disallow adhoc access" setting for "linked servers" to organizational standards., CC ID: 09353
Configure the "Ad Hoc distributed queries" setting to organizational standards., CC ID: 09354
Configure the "Access to Analysis Services data sources" setting to organizational standards., CC ID: 09355
Configure the "Database TRUSTWORTHY status" setting to organizational standards., CC ID: 09356
Configure the "Agent XPs" setting to organizational standards., CC ID: 09357
Configure the "SMO and DMO XPs" setting to organizational standards., CC ID: 09358
SELECTED AUTHORITY DOCUMENTS COMPLIED WITH
Never install SQL Server on a domain controller. (SQL INJECTION PROTECTION AGAINST SQL INJECTION ATTACKS: ΒΆ 29, Guideline 661G1: Application Security, 661G1-01)