Page History
...
Enables the maximum security checks for mission-critical SQL Server and Azure SQL databases that support Web-based, B2B, B2C, or external clients to prevent unauthorized disclosure and data tampering. This template combines IDERA Level 1 2 and Level 2 the DISA guidelines with SRR regulations. Also included are additional security checks for auditing, permissions, surface area configurations, and other vulnerabilities.
...
Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2000, V 1.0, December, 2005.
CIS for SQL Server 2005 or later
Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2005, V 1.2.0, January 12th, 2010.
CIS for SQL Server 2008
Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2008, V 2.0, January 1212th, 2010. This version can also be applied to SQL Server 2008 and later
CIS for SQL Server 2008 R2
Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2008 R2, v 1.4.0 September 30, 2016.
CIS for SQL Server 2012
Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2012, v. 1.3.0, September 30, 2016.
CIS for SQL Server 2014
Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2014, v. 1.2.0, September 30, 2016.
CIS for SQL Server 2016
Enforces security check settings derived from the Center for Internet Security - Security Configuration Benchmark for Microsoft SQL Server 2016, v. 1.0.0, August 17, 2017.
HIPAA Guidelines for SQL Server
...
Enforces security check settings derived from the Microsoft SQL Server 2005 Best Practices Analyzer Security Recommendations.
PCI 2.0 -DSS Guidelines for SQL Server
Enforces security check settings derived from the Payment Card Industry (PCI) v2v3.0 regulatory standard. This standard applies to mission-critical databases hosted by internal or external services that store payment card informationguideline. This guideline leverages the SQL Server Database Security Readiness Review (SRR) and targets conditions that undermine the integrity of security, contribute to ineficient security operations and administration, or may lead to interruption of production operations.
SNAC for SQL 2000
Enforces security check settings derived from the Guide to the Secure Configuration and Administration of Microsoft SQL Server 2000, Network Applications Team of the Systems and Network Attack Center (SNAC).
...
Enforces security check settings derived from the Database Security Readiness Review (SRR) v8 r1of a Microsoft SQL Server RDBMS based on checks in V8 R1.7 27 August 2010. This SRR targets conditions the undermine the integrity of security, contribute to inefficient security operations and administration, and may lead to interruption of production operations. This version can also be applied to SQL Server 2008 and later.
DISA-NIST STIG for SQL Server 2012
Enforces security check settings derived from the Defense Information Systems Agency (DISA) National Institute of Standars and technology (NIST) - SQL Server 2012 STIG Version 1, Release 15, April 28, 2017
DISA-NIST STIG for SQL Server 2014
Enforces security check settings derived from the Defense Information Systems Agency (DISA) National Institute of Standars and technology (NIST) - SQL Server 2014 Instance STIG Version 1, Release 6, April 28, 2017
NERC Critical Infrastructure Protection
Enforces security check settings derived from the North American Electric Reliability Corporation (NERC) Critical Infrastructure protection
SOX Section 404
Enforces security check settings derived from the Sarbanes-Oxley (SOX) Section 404
Select a template
Use the industry standard policy templates, such as the CIS for SQL Server 2005 template, when your environment needs to meet the exact security criteria defined by that regulatory organization. However, your environment may contain SQL Server instances that only need to follow your corporate security policies. In those cases, you can create new or enhance existing corporate policies based on the built-in IDERA security level templates.
...
Use the following table to determine which IDERA security level template fits your current security needs and how your environment fits into the overall security maturation model.
| IDERA Level | Maturation Level | Security Level | Types of SQL Server Instances | Types of Business | Regulatory Model | Unique Security Checks |
|---|---|---|---|---|---|---|
| 1 - Basic Protection | Beginner | Baseline | Test, development, and low-risk production instances | Services internal groups by hosting data for third-party applications and does not require connections to external clients | MSBPA plus additional checks |
|
| 2 - Balanced Protection | Intermediate | Medium | Average production instances | Services internal and external groups that require external connectivity to hosted data | CIS and MSBPA plus additional checks |
|
| 3 - Strong Protection | Advanced | High | Mission-critical, sensitive, and high-risk production instances | Services internal and external groups by hosting data for Web-based, B2B, B2C, or external clients | CIS, MSBPA, and SRR, plus additional checks and auditing |
|
| Scroll pdf ignore |
|---|
IDERA Website | Products | Buy | Support | Community | About Us | Resources | Legal |