TickYouOff
Sign in
Back
🔒

Microsoft SQL Server 2022 Database STIG Checklist

Medium 12 items · 2 hours
testuser's avatar
testuser Published 1 month ago
Security

A practical checklist for database-level security controls in Microsoft SQL Server 2022 following STIG guidance. Suited for DBAs and security staff to secure databases, data-at-rest, access, and auditing.

Source: https://ncp.nist.gov/checklist/1292

Progress
0 / 12
  1. Inventory all databases and document owners — List names, sizes, owners, and intended purpose.
  2. Remove sample and demo databases from production — Delete AdventureWorks and test DBs from production hosts.
  3. Enable Transparent Data Encryption (TDE) or equivalent — Protect data at rest using TDE or approved encryption.
  4. Encrypt database backups and verify key management — Ensure backup encryption and secure key/certificate storage.
  5. Implement role-based access control and minimize db_owner use — Use roles for common permissions instead of broad rights.
  6. Review and remove unused logins, users, and orphaned accounts
  7. Restrict and audit elevated database permissions — Limit EXECUTE and ALTER on critical objects to needed roles.
  8. Disable or review CLR, xp_cmdshell, and unsafe assemblies
  9. Enable database-level auditing for privileged actions — Capture schema changes, permission grants, and role changes.
  10. Schedule and run DBCC CHECKDB integrity checks regularly — Detect corruption early and document remediation steps.
  11. Secure database files and folders with NTFS permissions — Limit OS-level access to SQL Server service accounts only.
  12. Test database restores and verify data integrity and access — Perform restore drills and verify decryption and permissions.
Sign in to save
📝 My Notes