Check: SQL4-00-010200
MS SQL Server 2014 Instance STIG:
SQL4-00-010200
(in versions v2 r3 through v1 r4)
Title
SQL Server default account [sa] must have its name changed. (Cat III impact)
Discussion
SQL Server's [sa] account has special privileges required to administer the database. The [sa] account is a well-known SQL Server account name and is likely to be targeted by attackers, and is thus more prone to providing unauthorized access to the database. Since the SQL Server [sa] is administrative in nature, the compromise of a default account can have catastrophic consequences, including the complete loss of control over SQL Server. Since SQL Server needs for this account to exist and it should not be removed, one way to mitigate this risk is to change the [sa] account name.
Check Content
Verify the SQL Server default [sa] (system administrator) account name has been changed by executing the following query: USE master; GO SELECT * FROM sys.sql_logins WHERE [name] = 'sa' OR [principal_id] = 1; GO If the login account name "SA" or "sa" appears in the query output, this is a finding.
Fix Text
Modify the SQL Server's [sa] (system administrator) account by running the following script: USE master; GO ALTER LOGIN [sa] WITH NAME = <new name>; GO
Additional Identifiers
Rule ID: SV-213809r395853_rule
Vulnerability ID: V-213809
Group Title: SRG-APP-000141-DB-000092
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |