| Vuln ID | Severity | Asset | STIG | Title | Status | Doc Status | Assigned To | Actions |
|---|---|---|---|---|---|---|---|---|
| V-213907 | CAT II | MONT-BE-002 | MS SQL Server 2016 Database Security Tec... | SQL Server must limit privileges to change softwar... | - | |||
Check TextObtain a listing of schema ownership from the server documentation. Execute the following query to obtain a current listing of schema ownership. SELECT s.name AS schema_name, p.name AS owning_principal FROM sys.schemas s JOIN sys.database_principals p ON s.principal_id = p.principal_id WHERE p.name != 'dbo' AND (s.name != p.name or p.name not in ( 'db_accessadmin' , 'db_backupoperator' , 'db_datareader' , 'db_datawriter' , 'db_ddladmin' , 'db_denydatareader' , 'db_denydatawriter' , 'db_owner' , 'db_securityadmin' , 'guest' , 'INFORMATION_SCHEMA' , 'sys' , 'TargetServersRole' , 'SQLAgentUserRole' , 'SQLAgentReaderRole' , 'SQLAgentOperatorRole' , 'DatabaseMailUserRole' , 'db_ssisadmin' , 'db_ssisltduser' , 'db_ssisoperator' , 'replmonitor' , '##MS_SSISServerCleanupJobLogin##' ) ) ORDER BY schema_name If any schema is owned by an unauthorized database principal, this is a finding. Fix TextTransfer ownership of database schemas to authorized database principals. ALTER AUTHORIZATION ON SCHEMA::[<Schema Name>] TO [<Principal Name>] Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: BEDB ResultHash: A98892EF5388104C56E8D20C589B864AEFC2578F ~~~~~ No principals other than the standard MSSQL principals own database schemas.
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_SQL2016DB_MONT-BE-002-BKUPEXEC64_BEDB_V3R3_20251023-143959.ckl
Scan Date: 2026-01-14T12:57:40.371699
Technology Area: Database Review
|
||||||||
| V-213907 | CAT II | MONT-BE-002 | MS SQL Server 2016 Database Security Tec... | SQL Server must limit privileges to change softwar... | - | |||
Check TextObtain a listing of schema ownership from the server documentation. Execute the following query to obtain a current listing of schema ownership. SELECT s.name AS schema_name, p.name AS owning_principal FROM sys.schemas s JOIN sys.database_principals p ON s.principal_id = p.principal_id WHERE p.name != 'dbo' AND (s.name != p.name or p.name not in ( 'db_accessadmin' , 'db_backupoperator' , 'db_datareader' , 'db_datawriter' , 'db_ddladmin' , 'db_denydatareader' , 'db_denydatawriter' , 'db_owner' , 'db_securityadmin' , 'guest' , 'INFORMATION_SCHEMA' , 'sys' , 'TargetServersRole' , 'SQLAgentUserRole' , 'SQLAgentReaderRole' , 'SQLAgentOperatorRole' , 'DatabaseMailUserRole' , 'db_ssisadmin' , 'db_ssisltduser' , 'db_ssisoperator' , 'replmonitor' , '##MS_SSISServerCleanupJobLogin##' ) ) ORDER BY schema_name If any schema is owned by an unauthorized database principal, this is a finding. Fix TextTransfer ownership of database schemas to authorized database principals. ALTER AUTHORIZATION ON SCHEMA::[<Schema Name>] TO [<Principal Name>] Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: master ResultHash: A98892EF5388104C56E8D20C589B864AEFC2578F ~~~~~ No principals other than the standard MSSQL principals own database schemas.
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_SQL2016DB_MONT-BE-002-BKUPEXEC64_master_V3R3_20251023-144120.ckl
Scan Date: 2026-01-14T12:57:40.470811
Technology Area: Database Review
|
||||||||
| V-213907 | CAT II | MONT-BE-002 | MS SQL Server 2016 Database Security Tec... | SQL Server must limit privileges to change softwar... | - | |||
Check TextObtain a listing of schema ownership from the server documentation. Execute the following query to obtain a current listing of schema ownership. SELECT s.name AS schema_name, p.name AS owning_principal FROM sys.schemas s JOIN sys.database_principals p ON s.principal_id = p.principal_id WHERE p.name != 'dbo' AND (s.name != p.name or p.name not in ( 'db_accessadmin' , 'db_backupoperator' , 'db_datareader' , 'db_datawriter' , 'db_ddladmin' , 'db_denydatareader' , 'db_denydatawriter' , 'db_owner' , 'db_securityadmin' , 'guest' , 'INFORMATION_SCHEMA' , 'sys' , 'TargetServersRole' , 'SQLAgentUserRole' , 'SQLAgentReaderRole' , 'SQLAgentOperatorRole' , 'DatabaseMailUserRole' , 'db_ssisadmin' , 'db_ssisltduser' , 'db_ssisoperator' , 'replmonitor' , '##MS_SSISServerCleanupJobLogin##' ) ) ORDER BY schema_name If any schema is owned by an unauthorized database principal, this is a finding. Fix TextTransfer ownership of database schemas to authorized database principals. ALTER AUTHORIZATION ON SCHEMA::[<Schema Name>] TO [<Principal Name>] Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: model ResultHash: A98892EF5388104C56E8D20C589B864AEFC2578F ~~~~~ No principals other than the standard MSSQL principals own database schemas.
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_SQL2016DB_MONT-BE-002-BKUPEXEC64_model_V3R3_20251023-144128.ckl
Scan Date: 2026-01-14T12:57:40.569961
Technology Area: Database Review
|
||||||||
| V-213907 | CAT II | MONT-BE-002 | MS SQL Server 2016 Database Security Tec... | SQL Server must limit privileges to change softwar... | - | |||
Check TextObtain a listing of schema ownership from the server documentation. Execute the following query to obtain a current listing of schema ownership. SELECT s.name AS schema_name, p.name AS owning_principal FROM sys.schemas s JOIN sys.database_principals p ON s.principal_id = p.principal_id WHERE p.name != 'dbo' AND (s.name != p.name or p.name not in ( 'db_accessadmin' , 'db_backupoperator' , 'db_datareader' , 'db_datawriter' , 'db_ddladmin' , 'db_denydatareader' , 'db_denydatawriter' , 'db_owner' , 'db_securityadmin' , 'guest' , 'INFORMATION_SCHEMA' , 'sys' , 'TargetServersRole' , 'SQLAgentUserRole' , 'SQLAgentReaderRole' , 'SQLAgentOperatorRole' , 'DatabaseMailUserRole' , 'db_ssisadmin' , 'db_ssisltduser' , 'db_ssisoperator' , 'replmonitor' , '##MS_SSISServerCleanupJobLogin##' ) ) ORDER BY schema_name If any schema is owned by an unauthorized database principal, this is a finding. Fix TextTransfer ownership of database schemas to authorized database principals. ALTER AUTHORIZATION ON SCHEMA::[<Schema Name>] TO [<Principal Name>] Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: msdb ResultHash: A98892EF5388104C56E8D20C589B864AEFC2578F ~~~~~ No principals other than the standard MSSQL principals own database schemas.
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_SQL2016DB_MONT-BE-002-BKUPEXEC64_msdb_V3R3_20251023-144148.ckl
Scan Date: 2026-01-14T12:57:40.663257
Technology Area: Database Review
|
||||||||
| V-213907 | CAT II | MONT-BE-002 | MS SQL Server 2016 Database Security Tec... | SQL Server must limit privileges to change softwar... | - | |||
Check TextObtain a listing of schema ownership from the server documentation. Execute the following query to obtain a current listing of schema ownership. SELECT s.name AS schema_name, p.name AS owning_principal FROM sys.schemas s JOIN sys.database_principals p ON s.principal_id = p.principal_id WHERE p.name != 'dbo' AND (s.name != p.name or p.name not in ( 'db_accessadmin' , 'db_backupoperator' , 'db_datareader' , 'db_datawriter' , 'db_ddladmin' , 'db_denydatareader' , 'db_denydatawriter' , 'db_owner' , 'db_securityadmin' , 'guest' , 'INFORMATION_SCHEMA' , 'sys' , 'TargetServersRole' , 'SQLAgentUserRole' , 'SQLAgentReaderRole' , 'SQLAgentOperatorRole' , 'DatabaseMailUserRole' , 'db_ssisadmin' , 'db_ssisltduser' , 'db_ssisoperator' , 'replmonitor' , '##MS_SSISServerCleanupJobLogin##' ) ) ORDER BY schema_name If any schema is owned by an unauthorized database principal, this is a finding. Fix TextTransfer ownership of database schemas to authorized database principals. ALTER AUTHORIZATION ON SCHEMA::[<Schema Name>] TO [<Principal Name>] Finding DetailsEvaluate-STIG 1.2507.5 (Scan-SqlServer2016Database_Checks) found this to be NOT A FINDING on 10/23/2025 Instance: MONT-BE-002\BKUPEXEC64 Database: tempdb ResultHash: A98892EF5388104C56E8D20C589B864AEFC2578F ~~~~~ No principals other than the standard MSSQL principals own database schemas.
Source: _Reviewed/MONT-BE-002/Checklist/MONT-BE-002_SQL2016DB_MONT-BE-002-BKUPEXEC64_tempdb_V3R3_20251023-144154.ckl
Scan Date: 2026-01-14T12:57:40.769694
Technology Area: Database Review
|
||||||||