Microsoft SQL Server Gold Build Security Standard
The objective of the Microsoft SQL Server Gold Build Security Standard is to document the security requirements for Windows SQL Server Configuration. It focuses to:
a. Provide a statement of intent describing how technical standards for SQL Server configuration management will be implemented
b. Identify the roles, systems and equipment to which this Standard applies
c. Define the key steps that support the implementation of this Standard
This technical standard is to be used for all current versions of Microsoft Windows SQL Server and it is built based on industry best practice guidelines from amongst others:
a. NIST – National Institute for Standards and Technology
b. CIS – Center for Internet Security
c. STIGs – Security Technical Implementation Guides
All Company employees, contractors and outsourced service providers responsible for configuring Windows SQL Servers for use on/ by Company IT infrastructure.
CONTENT
1. OVERVIEW
1.1 PROCEDURE OWNER
1.2 CLASSIFICATION
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.5 OBJECTIVES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. ACCOUNTABILITIES AND RESPONSIBILITIES
4. GENERAL SECURITY REQUIREMENTS
4.1 PHYSICAL SECURITY
4.2 SERVICE PACKS AND PATCHING
4.3 VIRUS SCAN PROGRAM
4.4 SYSTEM RECOVERY BACKUPS
4.5 CLOCK SYNCHRONIZATION
4.6 VENDOR DEFAULTS
4.7 SQL DATABASE LOCATIONS – TRUSTED ZONES
5. SQL SERVER SPECIFIC REQUIREMENTS
5.1 INSTALL ON DEDICATED SINGLE-FUNCTION MEMBER SERVERS
5.2 AD HOC DISTRIBUTED QUERIES
5.3 CLR ENABLED
5.4 CROSS DB OWNERSHIP CHAINING
5.5 DATABASE MAIL XPS
5.6 OLE AUTOMATION PROCEDURES
5.7 REMOTE ACCESS
5.8 REMOTE ADMIN CONNECTIONS
5.9 SCAN FOR STARTUP PROCS
5.10 TRUSTWORTHY DATABASE
5.11 SQL SERVER PROTOCOLS
5.12 SQL SERVER TO USE NON-STANDARD PORTS
5.13 SA LOGIN ACCOUNT
5.14 XP_CMDSHELL
5.15 AUTO_CLOSE
5.16 SERVER AUTHENTICATION
5.17 GUEST USER
5.18 SQL AUTHENTICATION
5.19 REVOKE ACCESS TO THE PUBLIC SERVER ROLE
5.20 PASSWORDS
5.21 AUDITING AND LOGGING
6. ENCRYPTION
7. GUIDELINE CONTROLS OMITTED
7.1 SET THE “HIDE INSTANCE” OPTION TO “YES” FOR PRODUCTION SQL SERVER INSTANCES
7.2 DROP ORPHANED USERS FROM SQL SERVER DATABASES
7.3 SET THE “MUST_CHANGE” OPTION TO ON FOR ALL SQL AUTHENTICATED LOGINS
7.4 SET THE “CHECK_EXPIRATION” OPTION TO ON FOR ALL SQL AUTHENTICATED LOGINS WITHIN THE SYSADMIN ROLE
7.5 SET “LOGIN AUDITING” TO BOTH FAILED AND SUCCESSFUL LOGINS
8. APPLICATION DEVELOPMENT
8.1 SANITIZE DATABASE AND APPLICATION USER INPUT
8.2 SET THE “CLR ASSEMBLY PERMISSION SET” TO SAFE_ACCESS FOR ALL CLR ASSEMBLIES
9. EXCEPTIONS
10. FINAL CONSIDERATIONS
10.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
10.2 DOCUMENT REVISION
Pages: 17
Related Products:
Operations Management Bundle
€1,549.99
This bundle contains all the products listed in the Operations Management section. Take advantage of the 25% OFF when buying the bundle!
Operations Management Bundle
€1,549.99
This bundle contains all the products listed in the Operations Management section. Take advantage of the 25% OFF when buying the bundle!
Incident Handling Standard
€49.99
This document highlights the standard requirements for Information Security Incident Handling within the Company.
Incident Handling Standard
€49.99
This document highlights the standard requirements for Information Security Incident Handling within the Company.
Public Cloud Security Standard
€49.99
The Public Cloud Security Standard (the Standard) establishes security requirements and controls to maintain the Confidentiality, integrity, and availability of the Company’s data in the public cloud.
Public Cloud Security Standard
€49.99
The Public Cloud Security Standard (the Standard) establishes security requirements and controls to maintain the Confidentiality, integrity, and availability of the Company’s data in the public cloud.
Review Microsoft SQL Server Gold Build Security Standard.
You must be logged in to post a review.