Documentation - V-276226

V-276226

Microsoft Azure SQL Managed Instance Security Technical Implementation Guide

CAT I

Title

Azure SQL Managed Instance must enforce approved authorizations for logical access to database information and system resources in accordance with applicable access control policies.

Description

<VulnDiscussion>Authentication with a DOD-approved PKI certificate does not necessarily imply authorization to access Azure SQL Managed Instance. To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems, including databases, must be properly configured to implement access control policies. Successful authentication must not automatically give an entity access to an asset or security boundary. Author...

Fix Text (Documentation Requirement)

Use GRANT, REVOKE, DENY, ALTER SERVER ROLE … ADD MEMBER … and/or ALTER SERVER ROLE … DROP MEMBER statements to add and remove permissions on server-level securables, bringing them in line with the documented requirements. References: https://docs.microsoft.com/en-us/sql/t-sql/statements/revoke-transact-sql?view=azuresqldb-current Deny: https://docs.microsoft.com/en-us/sql/t-sql/statements/deny-transact-sql?view=azuresqldb-current DROP MEMBER: https://docs.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-droprolemember-transact-sql?view=azuresqldb-current

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel