Home Forums SQL Server 7,2000 Sarbanes-Oxley Specific Database Compliance Questions - please advise RE: Specific Database Compliance Questions - please advise

  • May 8, 2007 at 8:34 am

    #704945

    we are going thru that also... for internal and external audit response.

    auditor is gonna get you on using builtin\administrator... remove it (with the exception of cluster server), and limit the number of people have access to your server, limit the number of people who have privilege as sa and remove if possible any developer who own (dbo or database_owner role) from your prod environment.

    There are to get arround the number of SA by putting those people who does sa work in a window's group and their main job is admin those server.

    limit the number of people who have access to your server room as well.  Also you need to document the baseline and write lots of security policy for everything.  Here is one of the sample we used as a guideline.

    http://csrc.nist.gov/checklists/repository/1079.html

    good luck.

     

    mom