DISA used to maintain SRR scripts that could do some of the checks in an automated fashion but they stopped supporting it over 3 years ago. Other automated tools like SCAP do not have a benchmark for the TWO SQL checklists you have to go through (DB and instance), so it is sadly a very manual and very long process.

If you have to go through the SQL 2005 STIGs and try and remove permissions from PUBLIC take a look at the Fort SQL blog. It is old and not updated anymore, but had a lot of good tips for approaching the SQL 2005 STIGs.

Remove Public and Guest Permissions

https://blogs.technet.microsoft.com/fort_sql/2010/02/04/remove-public-and-guest-permissions/[/url]

Public Not Granted Server Permissions

https://blogs.technet.microsoft.com/fort_sql/2010/03/19/public-not-granted-server-permissions/[/url]

Connection Error After Removing Public Permissions

https://blogs.technet.microsoft.com/fort_sql/2010/07/06/connection-error-after-removing-public-permissions[/url]