Documentation - V-283667

V-283667

Microsoft SQL Server 2022 Database Security Technical Implementation Guide

CAT II

Title

SQL Server must protect against a user falsely repudiating by ensuring that only unique Active Directory user accounts can connect to the database.

Description

<VulnDiscussion>Nonrepudiation is required to maintain data integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message. Nonrepudiation protects against later claims by a user of not having created, modified, or deleted a particular data item or collection of data in the database. In designing a database, the organization must define the types...

Fix Text (Documentation Requirement)

Ensure all logins are uniquely identifiable and authenticate all users who log on to the system. This likely would be done using a combination of Active Directory with unique accounts and the SQL Server by ensuring mapping to individual accounts. Verify server documentation to ensure accounts are documented and unique. Remove any undocumented accounts or shared accounts that cannot be individually authenticated.

View Full STIG Details →

Documentation Status

Status

Documented Verified - link to a ship document Awaiting Review Evidence submitted, needs verification Pending Needs documentation Not Required Documentation not needed Not Applicable STIG doesn't apply

Notes (Optional)

Cancel