Home Forums SQL Server 2012 SQL 2012 - General Security Assessment RE: Security Assessment

  • July 23, 2013 at 9:24 am

    #1635019

    There is a definition used by the Department of Defense (DoD), that are defined in Security Technical Implementation Guides (STIG).

    http://iase.disa.mil/stigs/app_security/database/sql.html

    http://iase.disa.mil/stigs/faqs.html#10

    They are looked at as categories:

    Category 1 - These MUST be resolved.

    Category 2 - These either must be done or documented WHY you either aren't or can't resolve it.

    Category 3 - These are considered largely optional but you should look at them and document why you aren't going to resolve them.

    These guides are deep and painful, but they define a tight set of compliance rules. MOST companies don't want to deal with this level of compliance but you can use it to build your own compliance rule set to audit against.

    CEWII