An error occurred:
Close sidebar
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.04.2-01be-daa4
Xylok
Home Menu
info@xylok.io
© 2025
Xylok, LLC
Version: releases-v2025.04.2-01be-daa4
Open sidebar
Navigate
Top
Search
Checks (
101
)
Print
Changes
Pages (
6/7
)
MS SQL Server 2016 Instance STIG
MS SQL Server 2016 Instance Security Technical Implementation Guide
v3 r3 (Released Jan. 30, 2025)
v3 r2 (Released Oct. 24, 2024)
v3 r1 (Released July 24, 2024)
v2 r12 (Released April 24, 2024)
v2 r11 (Released Jan. 24, 2024)
v2 r10 (Released July 27, 2023)
v2 r9 (Released April 27, 2023)
v2 r8 (Released Oct. 26, 2022)
v2 r7 (Released April 27, 2022)
v2 r6 (Released Jan. 27, 2022)
v2 r5 (Released Oct. 27, 2021)
v2 r4 (Released July 23, 2021)
v2 r3 (Released April 23, 2021)
v2 r2 (Released Jan. 22, 2021)
v2 r1 (Released Oct. 23, 2020)
v1 r10 (Released July 24, 2020)
v1 r9 (Released April 24, 2020)
v1 r8 (Released Jan. 24, 2020)
v1 r7 (Released Oct. 25, 2019)
v1 r6 (Released July 26, 2019)
v1 r5 (Released April 26, 2019)
v1 r4 (Released Jan. 25, 2019)
v1 r3 (Released Oct. 26, 2018)
v1 r2 (Released July 27, 2018)
v1 r1 (Released March 9, 2018)
ID
Vuln ID
Title
Cat
Status
SQL6-D0-015600
V-214022
SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures.
Cat I
SQL6-D0-015700
V-214023
SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes.
Cat I
SQL6-D0-015800
V-214024
SQL Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements.
Cat II
SQL6-D0-015900
V-214025
The system SQL Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.
Cat II
SQL6-D0-016000
V-214026
SQL Server must configure Customer Feedback and Error Reporting.
Cat II
SQL6-D0-016100
V-214027
SQL Server must configure SQL Server Usage and Error Reporting Auditing.
Cat II
SQL6-D0-016200
V-214028
The SQL Server default account [sa] must be disabled.
Cat I
SQL6-D0-016300
V-214029
SQL Server default account [sa] must have its name changed.
Cat II
SQL6-D0-016400
V-214030
Execution of startup stored procedures must be restricted to necessary cases only.
Cat II
SQL6-D0-016500
V-214031
SQL Server Mirroring endpoint must utilize AES encryption.
Cat II
SQL6-D0-016600
V-214032
SQL Server Service Broker endpoint must utilize AES encryption.
Cat II
SQL6-D0-016700
V-214033
SQL Server execute permissions to access the registry must be revoked, unless specifically required and approved.
Cat II
SQL6-D0-016800
V-214034
Filestream must be disabled, unless specifically required and approved.
Cat II
SQL6-D0-017000
V-214035
Ole Automation Procedures feature must be disabled, unless specifically required and approved.
Cat II
SQL6-D0-017100
V-214036
SQL Server User Options feature must be disabled, unless specifically required and approved.
Cat II
Prev
1...
2
3
4
5
6
7
Next
Print
Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Version Changes
If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.