Documentation - V-276269

V-276269

Microsoft Azure SQL Managed Instance Security Technical Implementation Guide

CAT II

Title

Azure SQL Managed Instance must prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate recognized and approved by the organization.

Description

<VulnDiscussion>The database management system (DBMS) must prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate recognized and approved by the organization. The common language runtime (CLR) component of the .NET Framework for Microsoft Windows in SQL allows the user to write stored procedures, triggers, user-defined types, user-defined functions, user-defined aggregates, and stre...

Fix Text (Documentation Requirement)

Configure Azure SQL Managed Instance to prevent the installation of organization-defined software and firmware components without verification that the component has been digitally signed using a certificate that is recognized and approved by the organization. Disable use of or remove any CLR code that is not authorized. To disable the use of CLR, from the query prompt: sp_configure 'show advanced options', 1; GO RECONFIGURE; GO sp_configure 'clr enabled', 0; GO RECONFIGURE; GO For any approved CLR code with Unsafe or External permissions, use the ALTER ASSEMBLY to change the Permission set for the Assembly and ensure a certificate is configured.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel