An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.04.2-01be-daa4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.04.2-01be-daa4
Open sidebar
Navigate
Top
Search
Checks (
101
)
Print
Changes
Pages (
1/7
)
MS SQL Server 2016 Instance STIG
MS SQL Server 2016 Instance Security Technical Implementation Guide
v3 r3 (Released Jan. 30, 2025)
v3 r2 (Released Oct. 24, 2024)
v3 r1 (Released July 24, 2024)
v2 r12 (Released April 24, 2024)
v2 r11 (Released Jan. 24, 2024)
v2 r10 (Released July 27, 2023)
v2 r9 (Released April 27, 2023)
v2 r8 (Released Oct. 26, 2022)
v2 r7 (Released April 27, 2022)
v2 r6 (Released Jan. 27, 2022)
v2 r5 (Released Oct. 27, 2021)
v2 r4 (Released July 23, 2021)
v2 r3 (Released April 23, 2021)
v2 r2 (Released Jan. 22, 2021)
v2 r1 (Released Oct. 23, 2020)
v1 r10 (Released July 24, 2020)
v1 r9 (Released April 24, 2020)
v1 r8 (Released Jan. 24, 2020)
v1 r7 (Released Oct. 25, 2019)
v1 r6 (Released July 26, 2019)
v1 r5 (Released April 26, 2019)
v1 r4 (Released Jan. 25, 2019)
v1 r3 (Released Oct. 26, 2018)
v1 r2 (Released July 27, 2018)
v1 r1 (Released March 9, 2018)
ID
Vuln ID
Title
Cat
Status
SQL6-D0-003600
V-213929
SQL Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.
Cat II
SQL6-D0-003700
V-213930
SQL Server must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.
Cat I
SQL6-D0-003800
V-213931
SQL Server must be configured to utilize the most-secure authentication method available.
Cat II
SQL6-D0-003900
V-213932
SQL Server must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
Cat I
SQL6-D0-004000
V-213933
SQL Server must protect against a user falsely repudiating by ensuring all accounts are individual, unique, and not shared.
Cat II
SQL6-D0-004100
V-213934
SQL Server must protect against a user falsely repudiating by ensuring the NT AUTHORITY SYSTEM account is not used for administration.
Cat II
SQL6-D0-004200
V-213935
SQL Server must protect against a user falsely repudiating by ensuring only clearly unique Active Directory user accounts can connect to the instance.
Cat II
SQL6-D0-004300
V-213936
SQL Server must be configured to generate audit records for DoD-defined auditable events within all DBMS/database components.
Cat II
SQL6-D0-004400
V-213937
SQL Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
Cat II
SQL6-D0-004600
V-213939
SQL Server must generate audit records when successful/unsuccessful attempts to retrieve privileges/permissions occur.
Cat II
SQL6-D0-004700
V-213940
SQL Server must initiate session auditing upon startup.
Cat II
SQL6-D0-005500
V-213941
SQL Server must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.
Cat II
SQL6-D0-005600
V-213942
SQL Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.
Cat II
SQL6-D0-005700
V-213943
SQL Server must be configurable to overwrite audit log records, oldest first (First-In-First-Out - FIFO), in the event of unavailability of space for more audit log records.
Cat II
SQL6-D0-005900
V-213944
The audit information produced by SQL Server must be protected from unauthorized access, modification, and deletion.
Cat II
1
2
3
4
5
...7
Next
Print
Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Version Changes
If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.