Access Security Checks | CIS for SQL Server 2000 | CIS for SQL Server 2005 | CIS for SQL Server 2008 | CIS for SQL Server 2008 R2 | CIS for SQL Server 2012 | CIS for SQL Server 2014 | CIS for SQL Server 2016 | CIS for SQL Server 2017 | CIS for SQL Server 2019 | CIS for SQL Server 2022 | DISA-NIST STIG for SQL Server 2012 | DISA-NIST STIG for SQL Server 2014 | DISA-NIST STIG for SQL Server 2016 | European Union General Data Protection Regulation (GDPR) | HIPAA Guidelines for SQL Server | IDERA Level 1 - Basic Protection | IDERA Level 2 - Balanced Protection | IDERA Level 3 - Strong Protection | MS Best Practices Analyzer | NERC Critical Infrastructure Protection | PCI-DSS Guidelines for SQL Server | SNAC for SQL 2000 | SOX Section 404 | SRR Checklist for SQL Server 2000 | SRR Checklist for SQL Server 2005 or later |
|---|
Always Encrypted | Appropriate cryptographic modules have been used to encrypt data. | Assembly host policy | Backup Encryption (Native) | Backup Encryption (Non-Native) | Certificate private keys were never exported | Contained database authentication type | DAC Remote Access | Dangerous Extended Stored Procedures (XSPs) | Database Master Key encrypted by Service Master Key | Database Master Keys Encrypted by Password | Database roles and members | Dynamic Data Masking | Encryption Methods | Files On Drives Not Using NTFS | Fixed Roles Assigned To public Or guest | Guest User Enabled | Linked server is running as a member of sysadmin group | NTFS Folder Level Encryption | Operating System Version | Public role permissions | Remote Access | Required Administrative Accounts Do Not Exist | Row-Level Security | Server roles and members | Signed Objects | SQL Job permissions | SQL Jobs and Agent | SQL Server Browser Running | SQL Server database level encryption | Startup Stored Procedures | Startup Stored Procedures Enabled | Startup Stored Procedures permissions | Stored Procedures Encrypted | Symmetric key | Symmetric Keys Not Encrypted with a Certificate | Sysadmins Own Trustworthy Databases | Transparent Data Encryption | Unacceptable Database Ownership | User Defined Extended Stored Procedures (XSPs)
|
|---|
Agent Job Execution | X | X | X |
|
|
|
|
|
|
|
|
|
|
| X | X | X | X |
|
| X |
|
|
| X |
ALTER TRACE Permission Granted To Unauthorized Users |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X |
| X | X |
|
| X |
|
|
|
|
CONTROL SERVER Permission Granted To Unauthorized Users |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X |
|
| X |
|
| X |
|
|
| X |
Database File Owners Not Acceptable |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X |
| X | X |
|
| X | X |
|
| X |
Database File Permissions Not Acceptable |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X | X | X | X |
|
| X | X |
|
|
|
Database Files Missing Required Administrative Permissions |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X |
|
| X |
|
| X |
|
|
|
|
Direct Access Permissions |
|
|
|
|
|
|
|
|
|
| X |
|
|
|
|
|
| X |
|
|
|
|
|
|
|
Ensure public role is not granted access SQL Agent proxies in msdb database |
|
|
| X | X | X | X | X | X | X |
|
|
|
|
| X | X | X |
|
|
|
|
|
|
|
Everyone Database File Access |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X |
| X | X |
|
| X | X |
|
| X |
Everyone System Table Access |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X | X | X | X |
|
| X |
|
|
| X |
Executable File Owners Not Acceptable |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X |
|
| X |
|
| X | X |
|
| X |
Executable File Permissions Not Acceptable |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X | X | X | X |
|
| X | X |
|
| X |
Executable Files Missing Required Administrative Permissions |
| X | X |
|
|
|
|
|
|
|
|
|
|
| X |
|
| X |
|
| X |
|
|
|
|
Integration Services Roles Have Dangerous Security Principals |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X |
| X | X |
|
| X |
|
|
| X |
Integration Services Roles Permissions Not Acceptable |
| X | X |
|
|
|
|
|
|
|
|
|
|
| X |
| X | X |
|
| X |
|
|
| X |
Integration Services Users Permissions Not Acceptable |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| X | X | X |
|
|
|
|
|
|
|
Limit Propagation of access rights |
|
|
|
|
|
|
|
|
|
| X |
|
|
|
|
| X | X |
|
|
|
|
|
|
|
Public Database Role Has Permissions | X | X | X |
|
|
|
|
|
|
|
|
|
| X |
| X |
|
| X |
| X | X | X | X |
|
Public Role Has Permissions on User Database Objects |
|
|
|
|
|
|
|
|
|
|
|
|
| X | X |
| X | X |
|
| X |
| X |
| X |
Public Server Role Has Permissions |
|
|
|
|
|
|
|
|
|
|
|
|
| X | X | X | X | X |
|
| X |
| X |
|
|
Public Server Role only granted default Microsoft permissions |
|
|
| X | X | X | X | X | X | X |
|
|
|
|
| X | X | X |
|
|
|
|
|
|
|
Registry Key Owners Not Acceptable |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X |
|
| X |
|
| X | X |
|
| X |
Registry Key Permissions Not Acceptable |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X |
|
| X |
|
| X | X |
|
| X |
Registry Keys Missing Required Administrative Permissions |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X |
|
| X |
|
| X |
|
|
|
|
Sysadmins Own Databases |
|
|
|
|
|
|
|
|
|
|
|
|
|
| X | X | X | X |
|
| X |
|
|
|
|