Documentation - V-271283

V-271283

Microsoft SQL Server 2022 Instance Security Technical Implementation Guide

CAT II

Title

SQL Server must protect its audit configuration from authorized and unauthorized access and modification.

Description

<VulnDiscussion>Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit data. Applications providing tools to interface with audit data will leverage user permissions and roles identifying the user accessing the tools and the corresponding rights the user enjoys in order make access decisions regarding the modification of audit tools. SQL Server is a...

Fix Text (Documentation Requirement)

Remove audit-related permissions from individuals and roles not authorized to have them. USE master; DENY [ALTER ANY SERVER AUDIT] TO [User]; GO

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel