Skip to main content
CUI

STIG Rule - V-271328

Back to STIG Browser

V-271328

SV-271328r1137657_rule

CAT II

SQL Server must prevent unauthorized and unintended information transfer via shared system resources.

From: Microsoft SQL Server 2022 Instance Security Technical Implementation Guide (V1R4)

Description

<VulnDiscussion>The purpose of this control is to prevent information, including encrypted representations of information, produced by the actions of a prior user/role (or the actions of a process acting on behalf of a prior user/role) from being available to any current user/role (or current process) that obtains access to a shared system resource (e.g., registers, main memory, secondary storage) after the resource has been released back to the information system. Control of information in shared resources is also referred to as object reuse.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

Check Procedure

Review system documentation to determine whether common criteria compliance is required due to potential impact on system performance. SQL Server Residual Information Protection (RIP) requires a memory allocation to be overwritten with a known pattern of bits before memory is reallocated to a new resource. Meeting the RIP standard can contribute to improved security; however, overwriting the memory allocation can slow performance. After the common criteria compliance enabled option is enabled, the overwriting occurs. Review the Instance configuration: SELECT value_in_use FROM sys.configurations WHERE name = 'common criteria compliance enabled' If "value_in_use" is set to "1" this is not a finding. If "value_in_use" is set to "0" this is a finding. If no results are returned, common criteria compliance is not available in the installed version of SQL Server, this is a finding. Common criteria compliance is only supported in Enterprise and Developer editions of SQL Server. Note: Enabling this feature may impact performance on highly active SQL Server instances. If an exception justifying setting SQL Server RIP to disabled (value_in_use set to "0") has been documented and approved, then this is downgraded to a CAT III finding.

Fix Text

Configure SQL Server to effectively protect the private resources of one process or user from unauthorized access by another process or user. To enable the use of [Common Criteria Compliance], from the query prompt: EXEC SP_CONFIGURE 'show advanced options', 1; RECONFIGURE WITH OVERRIDE; EXEC SP_CONFIGURE 'common criteria compliance enabled', 1; RECONFIGURE WITH OVERRIDE; EXEC SP_CONFIGURE 'show advanced options', 0; RECONFIGURE WITH OVERRIDE;

CCI Reference

CCI-001090
Created
2026-04-07 20:08:24
Last Updated
2026-04-07 20:08:24
Back to Browse
CUI