You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

The Access Security Checks audit access and configuration for data access and objects. These security checks take a look at data encryption, remote access, and other object configurations that allow access to the data or object.

The Access Security Checks available on the Configure the Policy section are the following:

Access Security Checks


NameCIS for SQL Server 2000CIS for SQL Server 2005CIS for SQL Server 2008CIS for SQL Server 2008 R2CIS for SQL Server 2012CIS for SQL Server 2014CIS for SQL Server 2016CIS for SQL Server 2017CIS for SQL Server 2019DISA-NIST STIG for SQL Server 2012DISA-NIST STIG for SQL Server 2014DISA-NIST STIG for SQL Server 2016European Union General Data Protection Regulation (GDPR)HIPAA Guidelines for SQL ServerIDERA Level 1 - Basic ProtectionIDERA Level 2 - Balanced ProtectionIDERA Level 3 - Strong ProtectionMS Best Practices AnalyzerNERC Critical Infrastructure ProtectionPCI-DSS Guidelines for SQL ServerSNAC for SQL 2000SOX Section 404SRR Checklist for SQL Server 2000SRR Checklist for SQL Server 2005 or later

Always Encrypted

























Appropriate cryptographic modules have been used to encrypt data.























Assembly host policy























Backup Encryption (Native)























Backup Encryption (Non-Native)























Certificate private keys were never exported























Contained database authentication type























DAC Remote Access























Dangerous Extended Stored Procedures (XSPs)























Database Master Key encrypted by Service Master Key























Database Master Keys Encrypted by Password























Database roles and members























Dynamic Data Masking























Encryption Methods























Files On Drives Not Using NTFS























Fixed Roles Assigned To public Or guest























Guest User Enabled























Linked server is running as a member of sysadmin group























NTFS Folder Level Encryption























Operating System Version























Public role permissions























Remote Access























Required Administrative Accounts Do Not Exist























Row-Level Security























Server roles and members























Signed Objects























SQL Job permissions























SQL Jobs and Agent























SQL Server Browser Running























SQL Server database level encryption























Startup Stored Procedures























Startup Stored Procedures Enabled























Startup Stored Procedures permissions























Stored Procedures Encrypted























Symmetric key























Symmetric Keys Not Encrypted with a Certificate























Sysadmins Own Trustworthy Databases























Transparent Data Encryption























Unacceptable Database Ownership























User Defined Extended Stored Procedures (XSPs)























Auditing Security Checks


Name

CIS for SQL Server 2000CIS for SQL Server 2005CIS for SQL Server 2008CIS for SQL Server 2008 R2CIS for SQL Server 2012CIS for SQL Server 2014CIS for SQL Server 2016CIS for SQL Server 2017CIS for SQL Server 2019DISA-NIST STIG for SQL Server 2012DISA-NIST STIG for SQL Server 2014DISA-NIST STIG for SQL Server 2016European Union General Data Protection Regulation (GDPR)HIPAA Guidelines for SQL ServerIDERA Level 1 - Basic ProtectionIDERA Level 2 - Balanced ProtectionIDERA Level 3 - Strong ProtectionMS Best Practices AnalyzerNERC Critical Infrastructure ProtectionPCI-DSS Guidelines for SQL ServerSNAC for SQL 2000SOX Section 404SRR Checklist for SQL Server 2000SRR Checklist for SQL Server 2005 or later

C2 Audit Trace Enabled

























DISA Audit Configuration

























Implement Change Data Capture

























Login Audit Level

























SQL Server Audit is Configured for Logins

























SQL Server Audit is in use























Configuration Security Checks


Name

CIS for SQL Server 2000CIS for SQL Server 2005CIS for SQL Server 2008CIS for SQL Server 2008 R2CIS for SQL Server 2012CIS for SQL Server 2014CIS for SQL Server 2016CIS for SQL Server 2017CIS for SQL Server 2019DISA-NIST STIG for SQL Server 2012DISA-NIST STIG for SQL Server 2014DISA-NIST STIG for SQL Server 2016European Union General Data Protection Regulation (GDPR)HIPAA Guidelines for SQL ServerIDERA Level 1 - Basic ProtectionIDERA Level 2 - Balanced ProtectionIDERA Level 3 - Strong ProtectionMS Best Practices AnalyzerNERC Critical Infrastructure ProtectionPCI-DSS Guidelines for SQL ServerSNAC for SQL 2000SOX Section 404SRR Checklist for SQL Server 2000SRR Checklist for SQL Server 2005 or later
Analysis Services Running























Asymmetric Key Size























Auto_Close set for contained databases























Backups compliance with RTO and RPO requirements























BUILTIN/Administrators Is sysadmin























CLR Enabled























Common criteria compliance























Data Files On System Drive























Database-level Firewall Rules























Databases Are Trustworthy























Default Trace Enabled























Full-Text Search Running























HADR is configured























Hide Instance Option is set























Integration Services























Linked servers are configured























Max Number of concurrent sessions























Maximum number of error log files























Ole automation procedures























Other General Domain Accounts























Replication Enabled























sa Account Not Disabled























sa Account Not Disabled Or Renamed























Sample Databases Exist























Server Is Domain Controller























Server-level Firewall Rules























Shutdown SQL Server on Trace Failure























SQL Agent Mail























SQL Mail Or Database Mail Enabled























SQL Server Installation Directories On System Drive























SQL Server Version























System Table Updates























Transport Layer Security























Unauthorized Account Check























User created 'sa' account does not exist























VSS Writer Running























xp_cmdshell Enabled























xp_cmdshell Proxy Account Exists























Data Integrity Security Checks


Name

CIS for SQL Server 2000CIS for SQL Server 2005CIS for SQL Server 2008CIS for SQL Server 2008 R2CIS for SQL Server 2012CIS for SQL Server 2014CIS for SQL Server 2016CIS for SQL Server 2017CIS for SQL Server 2019DISA-NIST STIG for SQL Server 2012DISA-NIST STIG for SQL Server 2014DISA-NIST STIG for SQL Server 2016European Union General Data Protection Regulation (GDPR)HIPAA Guidelines for SQL ServerIDERA Level 1 - Basic ProtectionIDERA Level 2 - Balanced ProtectionIDERA Level 3 - Strong ProtectionMS Best Practices AnalyzerNERC Critical Infrastructure ProtectionPCI-DSS Guidelines for SQL ServerSNAC for SQL 2000SOX Section 404SRR Checklist for SQL Server 2000SRR Checklist for SQL Server 2005 or later
Audit Data Is Stale























Baseline Data Not Being Used























Snapshot May Be Missing Data























Snapshot Not Found























Login Security Checks


Name

CIS for SQL Server 2000CIS for SQL Server 2005CIS for SQL Server 2008CIS for SQL Server 2008 R2CIS for SQL Server 2012CIS for SQL Server 2014CIS for SQL Server 2016CIS for SQL Server 2017CIS for SQL Server 2019DISA-NIST STIG for SQL Server 2012DISA-NIST STIG for SQL Server 2014DISA-NIST STIG for SQL Server 2016European Union General Data Protection Regulation (GDPR)HIPAA Guidelines for SQL ServerIDERA Level 1 - Basic ProtectionIDERA Level 2 - Balanced ProtectionIDERA Level 3 - Strong ProtectionMS Best Practices AnalyzerNERC Critical Infrastructure ProtectionPCI-DSS Guidelines for SQL ServerSNAC for SQL 2000SOX Section 404SRR Checklist for SQL Server 2000SRR Checklist for SQL Server 2005 or later
Active Directory Helper Login Account Not Acceptable























Analysis Services Login Account Not Acceptable























Blank Passwords























DISTRIBUTOR_ADMIN Login























Full-Text Search Login Account Not Acceptable























Integration Services Login Account Not Acceptable























Notification Services Login Account Not Acceptable























Orphaned users























Reporting Services Login Account Not Acceptable























sa Account Has Blank Password























sa Account Not Using Password Policy























SQL Authentication Enabled























SQL Logins not using Must Change























SQL Logins Not Using Password Expiration























SQL Logins Not Using Password Policy























SQL Server Agent Login Account Not Acceptable























SQL Server Browser Login Account Not Acceptable























SQL Server Service Login Account Not Acceptable























SQL Server SYSADMIN accounts























Suspect Logins























Unauthorized SQL Logins Exist























VSS Writer Login Account Not Acceptable























Weak Passwords























Permissions Security Checks

Name

CIS for SQL Server 2000CIS for SQL Server 2005CIS for SQL Server 2008CIS for SQL Server 2008 R2CIS for SQL Server 2012CIS for SQL Server 2014CIS for SQL Server 2016CIS for SQL Server 2017CIS for SQL Server 2019DISA-NIST STIG for SQL Server 2012DISA-NIST STIG for SQL Server 2014DISA-NIST STIG for SQL Server 2016European Union General Data Protection Regulation (GDPR)HIPAA Guidelines for SQL ServerIDERA Level 1 - Basic ProtectionIDERA Level 2 - Balanced ProtectionIDERA Level 3 - Strong ProtectionMS Best Practices AnalyzerNERC Critical Infrastructure ProtectionPCI-DSS Guidelines for SQL ServerSNAC for SQL 2000SOX Section 404SRR Checklist for SQL Server 2000SRR Checklist for SQL Server 2005 or later
Agent Job Execution























ALTER TRACE Permission Granted To Unauthorized Users























CONTROL SERVER Permission Granted To Unauthorized Users























Database File Owners Not Acceptable























Database File Permissions Not Acceptable























Database Files Missing Required Administrative Permissions























Direct Access Permissions























Everyone Database File Access























Everyone System Table Access























Executable File Owners Not Acceptable























Executable File Permissions Not Acceptable























Executable Files Missing Required Administrative Permissions























Integration Services Roles Have Dangerous Security Principals























Integration Services Roles Permissions Not Acceptable























Integration Services Users Permissions Not Acceptable























Limit Propagation of access rights























Public Database Role Has Permissions























Public Role Has Permissions on User Database Objects























Public Server Role Has Permissions























Registry Key Owners Not Acceptable























Registry Key Permissions Not Acceptable























Registry Keys Missing Required Administrative Permissions























Sysadmins Own Databases























Surface Area Security Checks

Name

CIS for SQL Server 2000CIS for SQL Server 2005CIS for SQL Server 2008CIS for SQL Server 2008 R2CIS for SQL Server 2012CIS for SQL Server 2014CIS for SQL Server 2016CIS for SQL Server 2017CIS for SQL Server 2019DISA-NIST STIG for SQL Server 2012DISA-NIST STIG for SQL Server 2014DISA-NIST STIG for SQL Server 2016European Union General Data Protection Regulation (GDPR)HIPAA Guidelines for SQL ServerIDERA Level 1 - Basic ProtectionIDERA Level 2 - Balanced ProtectionIDERA Level 3 - Strong ProtectionMS Best Practices AnalyzerNERC Critical Infrastructure ProtectionPCI-DSS Guidelines for SQL ServerSNAC for SQL 2000SOX Section 404SRR Checklist for SQL Server 2000SRR Checklist for SQL Server 2005 or later
Ad Hoc Distributed Queries Enabled























Common TCP Port Used























Cross Database Ownership Chaining Enabled























FILESTREAM is configured























Integration Services Running























Notification Services Running























Reporting Services Running























SQL Server Agent Running























SQL Server Browser Running























Unapproved Protocols























IDERA | Products | Purchase | Support | Community | Resources | About Us | Legal
  • No labels