I am a fairly new MS SQL database administrator, (with considerable SQL programmer/developer experience). My new company hired me fast because I was the best qualified database professional available immediately. They needed someone in here pronto to help them pass a federal security audit comming up early next month. The second week I was working, federal auditors came in here to run Scuba scans, (by Imperva), of our databases. I've managed to get a good momentum elliminating these findings and have only put my users on ice a couple of times in the month since then ;-).
We only have a month left and now I have this annoying Scuba finding affecting my 2005 and 2008 databases - and thus endangering our audit success. Problem is, I can only find documentation on this issue for version 7 and 2000 - not 2005 or 2008. I had been working off my own Scuba scans and ignoring that finding. Today, we received the official report and it lists this issue, too. I imagined that the feds would comb through the Scuba findings and realize that that particular issue wasn't valid. I know, I know - how naive!
Has anyone ever effectively documented - or remidiated, if possible, this finding in Scuba? If so, I would greatly appreciate any guidance.
Thank you for your consideration and assistance!
9.0.5292 on 2003 R2 SP2
9.0.5069 on 2008 R2 Standard SP1