An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.04.2-01be-daa4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.04.2-01be-daa4
Open sidebar
Navigate
Top
Search
Checks (
101
)
Print
Changes
Pages (
4/7
)
MS SQL Server 2016 Instance STIG
MS SQL Server 2016 Instance Security Technical Implementation Guide
v3 r3 (Released Jan. 30, 2025)
v3 r2 (Released Oct. 24, 2024)
v3 r1 (Released July 24, 2024)
v2 r12 (Released April 24, 2024)
v2 r11 (Released Jan. 24, 2024)
v2 r10 (Released July 27, 2023)
v2 r9 (Released April 27, 2023)
v2 r8 (Released Oct. 26, 2022)
v2 r7 (Released April 27, 2022)
v2 r6 (Released Jan. 27, 2022)
v2 r5 (Released Oct. 27, 2021)
v2 r4 (Released July 23, 2021)
v2 r3 (Released April 23, 2021)
v2 r2 (Released Jan. 22, 2021)
v2 r1 (Released Oct. 23, 2020)
v1 r10 (Released July 24, 2020)
v1 r9 (Released April 24, 2020)
v1 r8 (Released Jan. 24, 2020)
v1 r7 (Released Oct. 25, 2019)
v1 r6 (Released July 26, 2019)
v1 r5 (Released April 26, 2019)
v1 r4 (Released Jan. 25, 2019)
v1 r3 (Released Oct. 26, 2018)
v1 r2 (Released July 27, 2018)
v1 r1 (Released March 9, 2018)
ID
Vuln ID
Title
Cat
Status
SQL6-D0-010400
V-213979
SQL Server must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
Cat II
SQL6-D0-010500
V-213980
Use of credentials and proxies must be restricted to necessary cases only.
Cat II
SQL6-D0-010900
V-213983
SQL Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
Cat II
SQL6-D0-011000
V-213984
SQL Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity.
Cat II
SQL6-D0-011100
V-213985
SQL Server must provide an immediate real-time alert to appropriate support staff of all audit log failures.
Cat II
SQL6-D0-011200
V-213986
SQL Server must record time stamps in audit records and application data that can be mapped to Coordinated Universal Time (UTC, formerly GMT).
Cat II
SQL6-D0-011400
V-213987
SQL Server must enforce access restrictions associated with changes to the configuration of the instance.
Cat II
SQL6-D0-011500
V-213988
Windows must enforce access restrictions associated with changes to the configuration of the SQL Server instance.
Cat II
SQL6-D0-011800
V-213989
SQL Server must produce audit records of its enforcement of access restrictions associated with changes to the configuration of SQL Server or database(s).
Cat II
SQL6-D0-011900
V-213990
SQL Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
Cat II
SQL6-D0-012300
V-213991
SQL Server must maintain a separate execution domain for each executing process.
Cat II
SQL6-D0-012400
V-213992
SQL Server services must be configured to run under unique dedicated user accounts.
Cat II
SQL6-D0-012700
V-213993
When updates are applied to SQL Server software, any software components that have been replaced or made unnecessary must be removed.
Cat II
SQL6-D0-012800
V-213994
Security-relevant software updates to SQL Server must be installed within the time period directed by an authoritative source (e.g. IAVM, CTOs, DTMs, and STIGs).
Cat II
SQL6-D0-012900
V-213995
SQL Server must be able to generate audit records when successful and unsuccessful attempts to access security objects occur.
Cat II
Prev
1
2
3
4
5
6
7
Next
Print
Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Version Changes
If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.