Skip to main content
CUI

STIG Rule - V-276294

Back to STIG Browser

V-276294

SV-276294r1149791_rule

CAT II

Azure SQL Managed Instance must protect against a user falsely repudiating by ensuring databases are not in a trust relationship.

From: Microsoft Azure SQL Managed Instance Security Technical Implementation Guide (V1R1)

Description

<VulnDiscussion>Nonrepudiation of actions taken is required to maintain data integrity. Examples of particular actions taken by individuals include creating information, sending a message, approving information (e.g., indicating concurrence or signing a contract), and receiving a message. Nonrepudiation protects against later claims by a user of not having created, modified, or deleted a particular data item or collection of data in the database. Azure SQL Managed Instance provides the ability for high privileged accounts to impersonate users in a database using the TRUSTWORTHY feature. This will allow members of the fixed database role to impersonate any user within the database.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

Check Procedure

If the database being reviewed is MSDB, trustworthy is required to be enabled, and therefore, this is not a finding. Execute the following query: SELECT [DatabaseName] = d.name ,[DatabaseOwner] = login.name ,[IsTrustworthy] = CASE WHEN d.is_trustworthy_on = 0 THEN 'No' WHEN d.is_trustworthy_on = 1 THEN 'Yes' END ,[IsOwnerPrivilege] = CASE WHEN role.name IN ('sysadmin','securityadmin') OR permission.permission_name = 'CONTROL SERVER' THEN 'YES' ELSE 'No' END FROM sys.databases d LEFT JOIN sys.server_principals login ON d.owner_sid = login.sid LEFT JOIN sys.server_role_members rm ON login.principal_id = rm.member_principal_id LEFT JOIN sys.server_principals role ON rm.role_principal_id = role.principal_id LEFT JOIN sys.server_permissions permission ON login.principal_id = permission.grantee_principal_id WHERE d.name <> 'msdb' If trustworthy is not enabled, this is not a finding. If trustworthy is enabled and the database owner is not a privileged account, this is not a finding. If trustworthy is enabled and the database owner is a privileged account, review the system documentation to determine if the trustworthy property is required and authorized. If this is not documented, this is a finding.

Fix Text

Disable trustworthy on the database. ALTER DATABASE [<database name>] SET TRUSTWORTHY OFF;

CCI Reference

CCI-000166
Created
2026-04-07 20:08:22
Last Updated
2026-04-07 20:08:22
Back to Browse
CUI