|
1 |
Time Stamp
,
Check ID
,
Check Name
,
Risk
,
Check Type
,
Asset Type
,
Asset Name
,
Result Sta tus
,
Category
,
Summary
,
Overview
,
Fix Inform ation
,
Asset Vers ions
,
Cve Refere nces
,
References
,
Links
,
Vulnerabil ity Descri ption
,
Check Desc ription
,
Applicatio nType Name
,
Occurrence Type
,
Occurrence ,,,,,, |
|
2 |
2019-02-04 11:47 UTC -05:00
,
7515
,
Password b ased on us ername
,
High
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Non Findin g
,
Identifica tion/Passw ord Contro l
,
One of the common me thods used to attack a databas e is to gu ess the pa sswords. T his involv es running a script that tries to connec t to the d atabase us ing userna mes with d ifferent d igits/char acters app ended to t he end as a password .
,"There is a large n umber of w ell-known accounts t hat can be used by a n attacker to break into a dat abase. |
|
3 |
|
|
4 |
These acco unts are c reated fro m several sources: |
|
5 |
|
|
6 |
1 - instal led by def ault with the databa se |
|
7 |
2 - instal led when a dditional components or 3rd pa rty applic ations are installed |
|
8 |
3 - instal led when r unning sam ples |
|
9 |
|
|
10 |
Once the a ccount is created it s password should be changed. |
|
11 |
|
|
12 |
Passwords should fol low the fo llowing be st practic es in orde r to provi de good se curity and prevent b rute forci ng attacks : |
|
13 |
|
|
14 |
- Be at le ast 8 char acters or more in le ngth |
|
15 |
- Can not be found i n a dictio nary |
|
16 |
- Contain a combinat ion of upp er and low er case le tters, num bers and s pecial cha racters |
|
17 |
- Are not the same o r similar to the use rname","Us e ALTER LO GIN statem ent to cha nge a pass word: |
|
18 |
|
|
19 |
ALTER LOGI N [login] WITH PASSW ORD = 'new password'" ,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Id entificati on/Passwor d Control |
|
20 |
NIST 800-5 3: IA",
,
One of the logins in the datab ase was fo und with a password that could be easily -guessed.
,
Attempt to guess dat abase acco unt's pass words by h ashing log in names c oncatenate d with the words in a dictiona ry and com paring the hash to t he passwor d hash sto red in the database.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
21 |
2019-02-04 11:47 UTC -05:00
,
7510
,
Default pa ssword for well-know n login
,
High
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Non Findin g
,
Identifica tion/Passw ord Contro l
,"A defaul t password for a wel l-known lo gin create s a securi ty hole in Microsoft Azure SQL Database. If a defa ult passwo rd is left , an attac ker can ga in access to the dat abase as t he login w ith the de fault pass word.","If a default password is left fo r a well-k nown login , an attac ker can ea sily acces s the data base using the login with the default pa ssword. |
|
22 |
|
|
23 |
You should ensure th at a stron g password has been set for al l logins. |
|
24 |
|
|
25 |
Passwords should fol low the fo llowing be st practic es in orde r to provi de good se curity and prevent b rute forci ng attacks : |
|
26 |
|
|
27 |
- Be at le ast 8 char acters or more in le ngth |
|
28 |
- Can not be found i n a dictio nary |
|
29 |
- Contain a combinat ion of upp er and low er case le tters, num bers and s pecial cha racters |
|
30 |
- Are not the same o r similar to the use rname |
|
31 |
|
|
32 |
Even if th e well-kno wn login w ith a defa ult passwo rd is not a privileg ed login, the login can be use d to login to the Mi crosoft Az ure SQL Da tabase and attempt t o gain ele vated priv ileges."," Use ALTER LOGIN stat ement to c hange a pa ssword for the login : |
|
33 |
|
|
34 |
ALTER LOGI N [login] WITH PASSW ORD = 'new password'" ,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"NIST 800 -53: IA |
|
35 |
SHATTER Co ntrol Cate gory: Iden tification /Password Control",
http://msd n.microsof t.com/en-u s/library/ azure/ee33 6235.aspx
,
A well-kno wn login h as a defau lt passwor d.
,
Determine if any wel l-known lo gins has a default p assword.
,
Microsoft Azure SQL Database
,
NotAFindin g
,"Addition al informa tion=No lo gins found that matc h built-in list: {'S AP*': '060 71992', 'T MSADM': 'T MSADM', 'D DIC': '199 20706', 'E ARLYWATCH' : 'SUPPORT ', 'tngsa' : 'tngsa', 'repl_sub scriber': '', 'tec': 'tectec', 'probe': '', 'cadb' : 'cadb', 'repl_publ isher': '' , 'SAPCPIC ': 'ADMIN' , 'sa': '' , 'tng': ' tng'}" ,,,,,, |
|
36 |
2019-02-04 11:47 UTC -05:00
,
7512
,
Easily-gue ssed passw ord for we ll-known l ogin
,
High
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Non Findin g
,
Identifica tion/Passw ord Contro l
,"Setting a weak pas sword for any Azure SQL Databa se login c reates a s ecurity ho le. If a w eak passwo rd is left , an attac ker can ea sily gain access to the databa se as the login by a ttempting a brute fo rce.","Mic rosoft Azu re SQL Dat abase does not suppo rt any for m of login lockout. This leave s that pas swords are vulnerabl e to being brute-for ced if a s trong pass word is no t set. For default l ogins this issue is exaggerate d because these logi ns are wel l-known po ints of at tack. |
|
37 |
|
|
38 |
Passwords should fol low the fo llowing be st practic es in orde r to provi de good se curity and prevent b rute forci ng attacks : |
|
39 |
|
|
40 |
- Be at le ast 8 char acters or more in le ngth |
|
41 |
- Can not be found i n a dictio nary |
|
42 |
- Contain a combinat ion of upp er and low er case le tters, num bers and s pecial cha racters |
|
43 |
- Are not the same o r similar to the use rname","Us e ALTER LO GIN statem ent to cha nge a pass word: |
|
44 |
|
|
45 |
ALTER LOGI N [login] WITH PASSW ORD = 'new password'" ,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"NIST 800 -53: IA |
|
46 |
SHATTER Co ntrol Cate gory: Iden tification /Password Control",
http://msd n.microsof t.com/en-u s/library/ azure/ee33 6235.aspx
,
The passwo rd for a w ell-known login is e asily-gues sable.
,
Verify tha t the pass word for w ell-known logins are not easil y-guessabl e.
,
Microsoft Azure SQL Database
,
NotAFindin g
,
Additional informati on=No logi ns found t hat match built-in l ist: ('sa' ) ,,,,,, |
|
47 |
2019-02-04 11:47 UTC -05:00
,
7507
,
Password s ame as log in name
,
High
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
MetaData
,
Identifica tion/Passw ord Contro l
,"If the p assword fo r a login is the sam e as the l ogin name, an attack er can gai n access t o the Micr osoft Azur e SQL Data base as th e login.", "If the pa ssword for a login i s set to t he same as the login name, an attacker c an access the databa se using t he login. |
|
48 |
|
|
49 |
You should ensure th at a stron g password has been set for al l logins. |
|
50 |
|
|
51 |
Passwords should fol low the fo llowing be st practic es in orde r to provi de good se curity and prevent b rute forci ng attacks : |
|
52 |
|
|
53 |
- Be at le ast 8 char acters or more in le ngth |
|
54 |
- Can not be found i n a dictio nary |
|
55 |
- Contain a combinat ion of upp er and low er case le tters, num bers and s pecial cha racters |
|
56 |
- Are not the same o r similar to the use rname |
|
57 |
|
|
58 |
Even if th e login wi th a passw ord same a s the logi n name is not a priv ileged log in, the lo gin can be used to c onnect to a database and attem pt to gain elevated privileges .","Use AL TER LOGIN statement to change a password : |
|
59 |
|
|
60 |
ALTER LOGI N [login] WITH PASSW ORD = 'new password'" ,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"NIST 800 -53: IA |
|
61 |
SHATTER Co ntrol Cate gory: Iden tification /Password Control",
http://msd n.microsof t.com/en-u s/library/ azure/ee33 6235.aspx
,
A password has been found that matches t he login n ame.
,
Verify tha t no login s have pas swords tha t are the same as th e login na me.
,
Microsoft Azure SQL Database
,
MetaData
,
Accounts t ested=2 ,,,,,, |
|
62 |
2019-02-04 11:47 UTC -05:00
,
7511
,
Easily-gue ssed passw ord
,
High
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
MetaData
,
Identifica tion/Passw ord Contro l
,"If a wea k password is chosen for a log in, the pa ssword can be guesse d. If a pa ssword is easily-gue ssable, an attacker can gain a ccess to t he Microso ft Azure S QL Databas e as the l ogin with the weak p assword.", "Microsoft Azure SQL Database does not s upport any form of l ogin locko ut on logi ns. This l eaves pass words vuln erable to being brut e-forced i f strong p asswords a re not use d. |
|
63 |
|
|
64 |
A common m ethod of a ttacking a login is to try to connect to the datab ase using the words from a dic tionary as the passw ords. |
|
65 |
|
|
66 |
Passwords should fol low the fo llowing be st practic es in orde r to provi de good se curity and prevent b rute forci ng attacks : |
|
67 |
|
|
68 |
- Be at le ast 8 char acters or more in le ngth |
|
69 |
- Can not be found i n a dictio nary |
|
70 |
- Contain a combinat ion of upp er and low er case le tters, num bers and s pecial cha racters |
|
71 |
- Are not the same o r similar to the use rname |
|
72 |
|
|
73 |
Even if th e login wi th a weak password i s not a pr ivileged l ogin, the login can be used to login to the Micros oft Azure SQL Databa se and att empt to ga in elevate d privileg es.","Use ALTER LOGI N statemen t to chang e a passwo rd: |
|
74 |
|
|
75 |
ALTER LOGI N [login] WITH PASSW ORD = 'new password'" ,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"NIST 800 -53: IA |
|
76 |
SHATTER Co ntrol Cate gory: Iden tification /Password Control",
http://msd n.microsof t.com/en-u s/library/ azure/ee33 6235.aspx
,
An easily- guessed pa ssword for a login h as been fo und.
,
Verify tha t the pass words in t he databas e are not easily-gue ssable.
,
Microsoft Azure SQL Database
,
MetaData
,
Accounts t ested=2
,
Passwords tested=501 71 ,,,,, |
|
77 |
2019-02-04 11:47 UTC -05:00
,
7515
,
Password b ased on us ername
,
High
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Skipped
,
Identifica tion/Passw ord Contro l
,
One of the common me thods used to attack a databas e is to gu ess the pa sswords. T his involv es running a script that tries to connec t to the d atabase us ing userna mes with d ifferent d igits/char acters app ended to t he end as a password .
,"There is a large n umber of w ell-known accounts t hat can be used by a n attacker to break into a dat abase. |
|
78 |
|
|
79 |
These acco unts are c reated fro m several sources: |
|
80 |
|
|
81 |
1 - instal led by def ault with the databa se |
|
82 |
2 - instal led when a dditional components or 3rd pa rty applic ations are installed |
|
83 |
3 - instal led when r unning sam ples |
|
84 |
|
|
85 |
Once the a ccount is created it s password should be changed. |
|
86 |
|
|
87 |
Passwords should fol low the fo llowing be st practic es in orde r to provi de good se curity and prevent b rute forci ng attacks : |
|
88 |
|
|
89 |
- Be at le ast 8 char acters or more in le ngth |
|
90 |
- Can not be found i n a dictio nary |
|
91 |
- Contain a combinat ion of upp er and low er case le tters, num bers and s pecial cha racters |
|
92 |
- Are not the same o r similar to the use rname","Us e ALTER LO GIN statem ent to cha nge a pass word: |
|
93 |
|
|
94 |
ALTER LOGI N [login] WITH PASSW ORD = 'new password'" ,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Id entificati on/Passwor d Control |
|
95 |
NIST 800-5 3: IA",
,
One of the logins in the datab ase was fo und with a password that could be easily -guessed.
,
Attempt to guess dat abase acco unt's pass words by h ashing log in names c oncatenate d with the words in a dictiona ry and com paring the hash to t he passwor d hash sto red in the database.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
96 |
2019-02-04 11:47 UTC -05:00
,
7510
,
Default pa ssword for well-know n login
,
High
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Skipped
,
Identifica tion/Passw ord Contro l
,"A defaul t password for a wel l-known lo gin create s a securi ty hole in Microsoft Azure SQL Database. If a defa ult passwo rd is left , an attac ker can ga in access to the dat abase as t he login w ith the de fault pass word.","If a default password is left fo r a well-k nown login , an attac ker can ea sily acces s the data base using the login with the default pa ssword. |
|
97 |
|
|
98 |
You should ensure th at a stron g password has been set for al l logins. |
|
99 |
|
|
100 |
Passwords should fol low the fo llowing be st practic es in orde r to provi de good se curity and prevent b rute forci ng attacks : |
|
101 |
|
|
102 |
- Be at le ast 8 char acters or more in le ngth |
|
103 |
- Can not be found i n a dictio nary |
|
104 |
- Contain a combinat ion of upp er and low er case le tters, num bers and s pecial cha racters |
|
105 |
- Are not the same o r similar to the use rname |
|
106 |
|
|
107 |
Even if th e well-kno wn login w ith a defa ult passwo rd is not a privileg ed login, the login can be use d to login to the Mi crosoft Az ure SQL Da tabase and attempt t o gain ele vated priv ileges."," Use ALTER LOGIN stat ement to c hange a pa ssword for the login : |
|
108 |
|
|
109 |
ALTER LOGI N [login] WITH PASSW ORD = 'new password'" ,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"NIST 800 -53: IA |
|
110 |
SHATTER Co ntrol Cate gory: Iden tification /Password Control",
http://msd n.microsof t.com/en-u s/library/ azure/ee33 6235.aspx
,
A well-kno wn login h as a defau lt passwor d.
,
Determine if any wel l-known lo gins has a default p assword.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
111 |
2019-02-04 11:47 UTC -05:00
,
7512
,
Easily-gue ssed passw ord for we ll-known l ogin
,
High
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Skipped
,
Identifica tion/Passw ord Contro l
,"Setting a weak pas sword for any Azure SQL Databa se login c reates a s ecurity ho le. If a w eak passwo rd is left , an attac ker can ea sily gain access to the databa se as the login by a ttempting a brute fo rce.","Mic rosoft Azu re SQL Dat abase does not suppo rt any for m of login lockout. This leave s that pas swords are vulnerabl e to being brute-for ced if a s trong pass word is no t set. For default l ogins this issue is exaggerate d because these logi ns are wel l-known po ints of at tack. |
|
112 |
|
|
113 |
Passwords should fol low the fo llowing be st practic es in orde r to provi de good se curity and prevent b rute forci ng attacks : |
|
114 |
|
|
115 |
- Be at le ast 8 char acters or more in le ngth |
|
116 |
- Can not be found i n a dictio nary |
|
117 |
- Contain a combinat ion of upp er and low er case le tters, num bers and s pecial cha racters |
|
118 |
- Are not the same o r similar to the use rname","Us e ALTER LO GIN statem ent to cha nge a pass word: |
|
119 |
|
|
120 |
ALTER LOGI N [login] WITH PASSW ORD = 'new password'" ,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"NIST 800 -53: IA |
|
121 |
SHATTER Co ntrol Cate gory: Iden tification /Password Control",
http://msd n.microsof t.com/en-u s/library/ azure/ee33 6235.aspx
,
The passwo rd for a w ell-known login is e asily-gues sable.
,
Verify tha t the pass word for w ell-known logins are not easil y-guessabl e.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
122 |
2019-02-04 11:47 UTC -05:00
,
7507
,
Password s ame as log in name
,
High
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Skipped
,
Identifica tion/Passw ord Contro l
,"If the p assword fo r a login is the sam e as the l ogin name, an attack er can gai n access t o the Micr osoft Azur e SQL Data base as th e login.", "If the pa ssword for a login i s set to t he same as the login name, an attacker c an access the databa se using t he login. |
|
123 |
|
|
124 |
You should ensure th at a stron g password has been set for al l logins. |
|
125 |
|
|
126 |
Passwords should fol low the fo llowing be st practic es in orde r to provi de good se curity and prevent b rute forci ng attacks : |
|
127 |
|
|
128 |
- Be at le ast 8 char acters or more in le ngth |
|
129 |
- Can not be found i n a dictio nary |
|
130 |
- Contain a combinat ion of upp er and low er case le tters, num bers and s pecial cha racters |
|
131 |
- Are not the same o r similar to the use rname |
|
132 |
|
|
133 |
Even if th e login wi th a passw ord same a s the logi n name is not a priv ileged log in, the lo gin can be used to c onnect to a database and attem pt to gain elevated privileges .","Use AL TER LOGIN statement to change a password : |
|
134 |
|
|
135 |
ALTER LOGI N [login] WITH PASSW ORD = 'new password'" ,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"NIST 800 -53: IA |
|
136 |
SHATTER Co ntrol Cate gory: Iden tification /Password Control",
http://msd n.microsof t.com/en-u s/library/ azure/ee33 6235.aspx
,
A password has been found that matches t he login n ame.
,
Verify tha t no login s have pas swords tha t are the same as th e login na me.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
137 |
2019-02-04 11:47 UTC -05:00
,
7511
,
Easily-gue ssed passw ord
,
High
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Skipped
,
Identifica tion/Passw ord Contro l
,"If a wea k password is chosen for a log in, the pa ssword can be guesse d. If a pa ssword is easily-gue ssable, an attacker can gain a ccess to t he Microso ft Azure S QL Databas e as the l ogin with the weak p assword.", "Microsoft Azure SQL Database does not s upport any form of l ogin locko ut on logi ns. This l eaves pass words vuln erable to being brut e-forced i f strong p asswords a re not use d. |
|
138 |
|
|
139 |
A common m ethod of a ttacking a login is to try to connect to the datab ase using the words from a dic tionary as the passw ords. |
|
140 |
|
|
141 |
Passwords should fol low the fo llowing be st practic es in orde r to provi de good se curity and prevent b rute forci ng attacks : |
|
142 |
|
|
143 |
- Be at le ast 8 char acters or more in le ngth |
|
144 |
- Can not be found i n a dictio nary |
|
145 |
- Contain a combinat ion of upp er and low er case le tters, num bers and s pecial cha racters |
|
146 |
- Are not the same o r similar to the use rname |
|
147 |
|
|
148 |
Even if th e login wi th a weak password i s not a pr ivileged l ogin, the login can be used to login to the Micros oft Azure SQL Databa se and att empt to ga in elevate d privileg es.","Use ALTER LOGI N statemen t to chang e a passwo rd: |
|
149 |
|
|
150 |
ALTER LOGI N [login] WITH PASSW ORD = 'new password'" ,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"NIST 800 -53: IA |
|
151 |
SHATTER Co ntrol Cate gory: Iden tification /Password Control",
http://msd n.microsof t.com/en-u s/library/ azure/ee33 6235.aspx
,
An easily- guessed pa ssword for a login h as been fo und.
,
Verify tha t the pass words in t he databas e are not easily-gue ssable.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
152 |
2019-02-04 11:47 UTC -05:00
,
7521
,
Applicatio n roles fo und
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Skipped
,
Access Con trol
,"Azure SQ L Database v12 inclu des suppor t for Appl ication Ro les, which allows an applicati on to use a set of p ermissions different from thos e granted to each in dividual u ser. The a pplication role is s et by the applicatio n and take s over the permissio ns of the user. Appl ication Ro les should be monito red and au dited to e nsure they are used only by th e applicat ion requir ing them." ,"An appli cation rol e is a dat abase prin cipal that enables a n applicat ion to run with its own, user- like permi ssions. Yo u can use applicatio n roles to enable ac cess to sp ecific dat a to only those user s who conn ect throug h a partic ular appli cation. Un like datab ase roles, applicati on roles c ontain no members an d are inac tive by de fault. App lication r oles are e nabled by using sp_s etapprole, which req uires a pa ssword.",
Verify per missions g ranted to applicatio n roles fo und. Audit applicati on roles u se.
,
Microsoft Azure SQL Database v ersion 12 and later
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
153 |
NIST 800-5 3: AC |
|
154 |
NIST 800-5 3: AU","ht tps://azur e.microsof t.com/en-u s/document ation/arti cles/sql-d atabase-v1 2-whats-ne w/#securit y-enhancem ents |
|
155 |
https://te chnet.micr osoft.com/ en-us/libr ary/ms1909 98.aspx",
An applica tion role was found.
,
Lists all applicatio n roles fo und.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
156 |
2019-02-04 11:47 UTC -05:00
,
7520
,
Applicatio n role pri vilege ass ignment
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Skipped
,
Access Con trol
,
Credential s defined for access to applic ation role s may prov ide unauth orized acc ess to dat a. It also can lead to loss of confident iality and integrity of the da ta.
,"An appli cation rol e is a dat abase prin cipal that enables a n applicat ion to run with its own, user- like permi ssions. Yo u can use applicatio n roles to enable ac cess to sp ecific dat a to only those user s who conn ect throug h a partic ular appli cation. Un like datab ase roles, applicati on roles c ontain no members an d are inac tive by de fault. App lication r oles work with both authentica tion modes . Applicat ion roles are enable d by using sp_setapp role, whic h requires a passwor d. |
|
157 |
|
|
158 |
Privileges assigned to databas e applicat ion user r oles can a llow remot e users ac cess to lo cal data, and should be listed and autho rized in t he system security p lan.",
Use the gr ant and re voke comma nds to ass ign the au thorized p rivileges.
,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
159 |
NIST 800-5 3: AC","ht tps://msdn .microsoft .com/en-us /library/m s181491.as px |
|
160 |
https://ms dn.microso ft.com/en- us/library /ms190998. aspx",
Privileges assigned to applica tion roles are liste d.
,
List privi leges assi gned to ap plication roles.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
161 |
2019-02-04 11:47 UTC -05:00
,
7500
,
dbmanager or loginma nager data base role granted
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Finding
,
Access Con trol
,
Roles are used to gr ant permis sions in S QL Databas e. Microso ft Azure S QL Databas e has two predefined roles 'db manager' a nd 'loginm anager' th at are use d to grant administr ative perm issions at various l evels. Mem bership in these rol es should be restric ted.
,"Roles ar e used to grant perm issions in SQL Datab ase. Micro soft Azure SQL Datab ase has tw o predefin ed roles ' dbmanager' and 'logi nmanager' that are u sed to gra nt adminis trative pe rmissions at various levels. M embership in these r oles shoul d be restr icted. |
|
162 |
|
|
163 |
The 'login manager' d atabase ro le in Micr osoft Azur e SQL Data base is ha s permissi on to crea te logins. Only the server-lev el princip al login ( created by the provi sioning pr ocess) or members of the login manager da tabase rol e can crea te new log ins. |
|
164 |
|
|
165 |
Only the s erver-leve l principa l login (c reated by the provis ioning pro cess) or m embers of the dbmana ger databa se role ca n create d atabases." ,"EXEC sp_ droproleme mber 'dbma nager', 'M yUser'; |
|
166 |
EXEC sp_dr oprolememb er 'loginm anager', ' MyUser';",
All versio ns of Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
167 |
NIST 800-5 3: AC",
http://msd n.microsof t.com/en-u s/library/ ee336235.a spx
,
dbmanager and loginm anager dat abase role members a re listed.
,
List dbman ager and l oginmanage r database role memb ers.
,
Microsoft Azure SQL Database
,
Finding
,
Role=login manager
,
Grantee=VA -NSOC-DB-S can ,,,,, |
|
168 |
2019-02-04 11:47 UTC -05:00
,
7516
,
Database r ole privil ege assign ment
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Finding
,
Access Con trol
,"Privileg es assigne d to datab ase roles can allow remote use rs access to local d ata, and s hould be l isted and authorized in the sy stem secur ity plan." ,"Privileg es assigne d to datab ase roles can allow remote use rs access to local d ata, and s hould be l isted and authorized in the sy stem secur ity plan. |
|
169 |
|
|
170 |
Note: |
|
171 |
All privil eges assig ned to dat abase role s should b e checked manually." ,
N/A
,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
172 |
NIST 800-5 3: AC",
,
Privileges assigned to databas e roles ar e listed.
,
List of pr ivileges a ssigned to database roles.
,
Microsoft Azure SQL Database
,
Finding
,
Role Name= loginmanag er
,
Permission =SELECT
,
Database=m aster
,
Object=sql _logins ,,, |
|
173 |
2019-02-04 11:47 UTC -05:00
,
7517
,
DDL permis sion assig nments
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Non Findin g
,
Access Con trol
,
Microsoft Azure SQL Database c ontains a number of statement permission s that can be grante d. These s tatement p rivileges are sensit ive and sh ould not b e granted trivially.
,
,"You can revoke sta tement per missions u sing the f ollowing s yntax: |
|
174 |
|
|
175 |
REVOKE [st atement pe rmission] FROM [user or group] ",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
176 |
NIST 800-5 3: AC",
,
Found a DD L statemen t permissi on granted to a user or group.
,
Check for DDL statem ent permis sions whic h have bee n granted to a user or group.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
177 |
2019-02-04 11:47 UTC -05:00
,
7506
,
Database f irewall ru les
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Non Findin g
,
Access Con trol
,"Microsof t Azure SQ L Database provides a relation al databas e service for Azure and other Internet-b ased appli cations. T o help pro tect your data, the Azure SQL Database f irewall pr events all access to your Azur e SQL Data base serve r until yo u specify which comp uters have permissio n. The fir ewall gran ts access based on t he origina ting IP ad dress of e ach reques t.","Micro soft Azure SQL Datab ase provid es a relat ional data base servi ce for Azu re and oth er Interne t-based ap plications . To help protect yo ur data, t he Azure S QL Databas e firewall prevents all access to your A zure SQL D atabase se rver until you speci fy which c omputers h ave permis sion. The firewall g rants acce ss based o n the orig inating IP address o f each req uest. |
|
178 |
|
|
179 |
To configu re your fi rewall, yo u create f irewall ru les that s pecify ran ges of acc eptable IP addresses . You can create fir ewall rule s at the s erver and database l evels. |
|
180 |
|
|
181 |
Database-l evel firew all rules: These rul es enable clients to access in dividual d atabases w ithin your Azure SQL Database server. Th ese rules are create d per data base and a re stored in the ind ividual da tabases (i ncluding m aster). Th ese rules can be hel pful in re stricting access to certain (s ecure) dat abases wit hin the sa me logical server.", "To manage database firewall r ules use s tored proc edures sp_ set_databa se_firewal l_rule and sp_delete _database_ firewall_r ule. For e xample: |
|
182 |
|
|
183 |
-- Create database-l evel firew all settin g for only IP 0.0.0. 4 |
|
184 |
EXECUTE sp _set_datab ase_firewa ll_rule N' Example DB Setting 1 ', '0.0.0. 4', '0.0.0 .4'",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
185 |
NIST 800-5 3: AC","ht tp://msdn. microsoft. com/en-us/ library/az ure/ee6217 82.aspx |
|
186 |
http://msd n.microsof t.com/en-u s/library/ azure/jj55 3530.aspx |
|
187 |
http://msd n.microsof t.com/en-u s/library/ dn269982.a spx",
Defined da tabase fir ewall rule s are list ed.
,
List datab ase firewa ll rules d efined.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
188 |
2019-02-04 11:47 UTC -05:00
,
7504
,
Applicatio n object o wnership
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Non Findin g
,
Access Con trol
,"Microsof t Azure SQ L Database objects i nclude tab les, views , stored p rocedures, triggers. The user that creat es an obje ct becomes the objec t owner. F or securit y and perf ormance re asons, onl y the data base owner should be allowed t o create a nd own obj ects. Chec king for o bjects tha t were not created b y the data base owner helps ens ure that T rojan hors es and oth er unautho rized chan ges have n ot been ma de to the server."," Microsoft Azure SQL Database o bjects inc lude table s, views, stored pro cedures, t riggers. T he user th at creates an object becomes t he object owner. For security and perfor mance reas ons, only the databa se owner s hould be a llowed to create and own objec ts. Checki ng for obj ects that were not c reated by the databa se owner h elps ensur e that Tro jan horses and other unauthori zed change s have not been made to the se rver. |
|
189 |
|
|
190 |
Objects th at are own ed by user s ""dbo"", ""sys"" a nd ""INFOR MATION_SCH EMA"" are Not a Find ing. |
|
191 |
|
|
192 |
If any oth er account s are not authorized , this is a Finding. ","Create database a ccounts de dicated fo r applicat ion object ownership . To simpl ify access authoriza tions, use a single account fo r each app lication t o avoid cr oss chaini ng of owne rship, whi ch makes s ecurity co nfiguratio n more com plex and d egrades sy stem perfo rmance. |
|
193 |
|
|
194 |
Document a ll authori zed applic ation obje ct ownersh ip in the System Sec urity Plan .",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
195 |
CCE: CCE-1 9528-9 |
|
196 |
NIST 800-5 3: AC",
http://msd n.microsof t.com/en-u s/library/ ms178618.a spx
,"Object o wners diff erent from dbo, sys and INFORM ATION_SCHE MA are lis ted.","Lis t object o wners diff erent from dbo, sys and INFORM ATION_SCHE MA.",
Microsoft Azure SQL Database ,,,,,,,, |
|
197 |
2019-02-04 11:47 UTC -05:00
,
7519
,
Contained database u ser with p assword fo und
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Non Findin g
,
Access Con trol
,"Containe d database users wit h password s are auth enticated by the dat abase, thi s means th at access to a conta ined datab ase is gra nted at th e database level. Ea ch contain ed databas e user sho uld be rev iewed to v erify that there are no securi ty threats related t o the auth entication process." ,"A contai ned databa se include s all data base setti ngs and me tadata req uired to d efine the database a nd has no configurat ion depend encies on the master database. Contained database users can connect to the datab ase withou t authenti cating as a login in the maste r database . |
|
198 |
|
|
199 |
Each conta ined datab ase user s hould be r eviewed to verify th at there a re no secu rity threa ts related to the au thenticati on process .",
Review the list of c ontained d atabase us ers to mak e sure tha t there ar e no secur ity threat s related to the aut henticatio n process.
,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
200 |
NIST 800-5 3: IA |
|
201 |
NIST 800-5 3: AC","ht tp://azure .microsoft .com/en-us /documenta tion/artic les/sql-da tabase-pre view-whats -new/ |
|
202 |
http://msd n.microsof t.com/libr ary/azure/ ff929071.a spx",
Contained database u sers have been found .
,
List conta ined datab ase users.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
203 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Non Findin g
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
204 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
205 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
206 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
207 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
208 |
2019-02-04 11:47 UTC -05:00
,
7503
,
Server Inf ormation
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Fact
,
Applicatio n Integrit y
,
Server inf ormation s hould be a vailable f or auditin g and docu mentation.
,"It is im portant to have read ily availa ble inform ation abou t the serv ers in the network, to allow f or documen tation, au diting, an d updates deployment planning. |
|
209 |
System adm ins should have acce ss at leas t to the s erver addr ess, commu nication p orts, inst ance names and versi on.",
Document e ach server with all data colle cted and u pdate it p eriodicall y.
,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ap plication Integrity |
|
210 |
NIST 800-5 3: MA",
,
Server inf ormation i s reported .
,
Reports se rver infor mation.
,
Microsoft Azure SQL Database
,
Fact
,
P ORT = PORT ,
Version=12 .0.2000.8
,
Platform=M icrosoft W indows
,
Instance N ame=SQLDat abase
,
Service Pa ck=RTM
,
Edition=SQ L Azure
,
Address=52 .238.116.3 2
|
|
211 |
2019-02-04 11:47 UTC -05:00
,
7505
,
Server fir ewall rule s
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Fact
,
Access Con trol
,"Microsof t Azure SQ L Database provides a relation al databas e service for Azure and other Internet-b ased appli cations. T o help pro tect your data, the Azure SQL Database f irewall pr events all access to your Azur e SQL Data base serve r until yo u specify which comp uters have permissio n. The fir ewall gran ts access based on t he origina ting IP ad dress of e ach reques t.","Micro soft Azure SQL Datab ase provid es a relat ional data base servi ce for Azu re and oth er Interne t-based ap plications . To help protect yo ur data, t he Azure S QL Databas e firewall prevents all access to your A zure SQL D atabase se rver until you speci fy which c omputers h ave permis sion. The firewall g rants acce ss based o n the orig inating IP address o f each req uest. |
|
212 |
|
|
213 |
To configu re your fi rewall, yo u create f irewall ru les that s pecify ran ges of acc eptable IP addresses . You can create fir ewall rule s at the s erver and database l evels. |
|
214 |
|
|
215 |
Server-lev el firewal l rules: T hese rules enable cl ients to a ccess your entire Az ure SQL Da tabase ser ver, that is, all th e database s within t he same lo gical serv er. These rules are stored in the master database. ","To mana ge server firewall r ules use s tored proc edures sp_ set_firewa ll_rule an d sp_delet e_firewall _rule. For example: |
|
216 |
|
|
217 |
-- Create server-lev el firewal l setting for only I P 0.0.0.4 |
|
218 |
EXECUTE sp _set_firew all_rule N 'Example s etting 1', '0.0.0.4' , '0.0.0.4 '",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
219 |
NIST 800-5 3: AC","ht tp://msdn. microsoft. com/en-us/ library/az ure/ee6217 82.aspx |
|
220 |
http://msd n.microsof t.com/en-u s/library/ azure/jj55 3530.aspx |
|
221 |
http://msd n.microsof t.com/en-u s/library/ dn269982.a spx",
Defined se rver firew all rules are listed .
,
Lists serv er firewal l rules de fined.
,
Microsoft Azure SQL Database
,
Fact
,
Start IP A ddress=0.0 .0.0
,
Name=Allow AllWindows AzureIps
,
End IP Add ress=0.0.0 .0 ,,,, |
|
222 |
2019-02-04 11:47 UTC -05:00
,
7505
,
Server fir ewall rule s
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Fact
,
Access Con trol
,"Microsof t Azure SQ L Database provides a relation al databas e service for Azure and other Internet-b ased appli cations. T o help pro tect your data, the Azure SQL Database f irewall pr events all access to your Azur e SQL Data base serve r until yo u specify which comp uters have permissio n. The fir ewall gran ts access based on t he origina ting IP ad dress of e ach reques t.","Micro soft Azure SQL Datab ase provid es a relat ional data base servi ce for Azu re and oth er Interne t-based ap plications . To help protect yo ur data, t he Azure S QL Databas e firewall prevents all access to your A zure SQL D atabase se rver until you speci fy which c omputers h ave permis sion. The firewall g rants acce ss based o n the orig inating IP address o f each req uest. |
|
223 |
|
|
224 |
To configu re your fi rewall, yo u create f irewall ru les that s pecify ran ges of acc eptable IP addresses . You can create fir ewall rule s at the s erver and database l evels. |
|
225 |
|
|
226 |
Server-lev el firewal l rules: T hese rules enable cl ients to a ccess your entire Az ure SQL Da tabase ser ver, that is, all th e database s within t he same lo gical serv er. These rules are stored in the master database. ","To mana ge server firewall r ules use s tored proc edures sp_ set_firewa ll_rule an d sp_delet e_firewall _rule. For example: |
|
227 |
|
|
228 |
-- Create server-lev el firewal l setting for only I P 0.0.0.4 |
|
229 |
EXECUTE sp _set_firew all_rule N 'Example s etting 1', '0.0.0.4' , '0.0.0.4 '",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
230 |
NIST 800-5 3: AC","ht tp://msdn. microsoft. com/en-us/ library/az ure/ee6217 82.aspx |
|
231 |
http://msd n.microsof t.com/en-u s/library/ azure/jj55 3530.aspx |
|
232 |
http://msd n.microsof t.com/en-u s/library/ dn269982.a spx",
Defined se rver firew all rules are listed .
,
Lists serv er firewal l rules de fined.
,
Microsoft Azure SQL Database
,
Fact
,
Start IP A ddress=159 .129.0.1
,
Name=VANAT
,
End IP Add ress=159.1 29.15.254 ,,,, |
|
233 |
2019-02-04 11:47 UTC -05:00
,
7514
,
Unauthoriz ed stored procedures and funct ions
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Fact
,
Access Con trol
,"Microsof t Azure SQ L Database is capabl e of provi ding a wid e variety of functio ns and ser vices. Som e of the f unctions a nd service s, provide d by defau lt, may no t be neces sary to su pport esse ntial orga nizational operation s.","Micro soft Azure SQL Datab ase is cap able of pr oviding a wide varie ty of func tions and services. Some of th e function s and serv ices, prov ided by de fault, may not be ne cessary to support e ssential o rganizatio nal operat ions. Addi tionally, it is some times conv enient to provide mu ltiple ser vices from a single component of an info rmation sy stem (e.g. , email an d web serv ices), but doing so increases risk over limiting t he service s provided by any on e componen t.",
Review the list of u ser-define d stored p rocedures and functi ons: make sure there are no un authorized ones.
,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
234 |
NIST 800-5 3: AC",
http://msd n.microsof t.com/en-u s/library/ ms187926.a spx
,
User-defin ed stored procedures and funct ions found .
,
List user- defined st ored proce dures and functions.
,
Microsoft Azure SQL Database
,
Fact
,
Name=fn_sy sdac_get_c urrentuser name
,
Schema=dbo ,,,,, |
|
235 |
2019-02-04 11:47 UTC -05:00
,
7513
,
Shared acc ount autho rization
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Fact
,
Access Con trol
,
Some appli cations us e a single account t o connect to the dat abase. Thi s account does not p rovide ind ividual ac countabili ty for act ions taken on the DB MS or data .
,"Whenever a single database a ccount is used to co nnect to t he databas e, a secon dary authe ntication method tha t provides individua l accounta bility is required. This scena rio most f requently occurs whe n an exter nally host ed applica tion authe nticates i ndividual users to t he applica tion and t he applica tion uses a single a ccount to retrieve o r update d atabase in formation on behalf of the ind ividual us ers. |
|
236 |
The list o f current DBMS users should be reviewed by the DBA to make a final det ermination on whethe r accounts listed ar e shared a ccounts.",
N/A
,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
237 |
NIST 800-5 3: AU",
http://msd n.microsof t.com/en-u s/library/ azure/ee33 6235.aspx
,
The follow ing user a ccounts we re found o n the serv er. Review them agai nst those listed in the System Security Plan or au thorized u ser list.
,
Shows a li st of the currently defined us er account s to be re viewed by the DBA.
,
Microsoft Azure SQL Database
,
Fact
,
Login=VA-N SOC-DB-Sca n ,,,,,, |
|
238 |
2019-02-04 11:47 UTC -05:00
,
7513
,
Shared acc ount autho rization
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\maste r
,
Fact
,
Access Con trol
,
Some appli cations us e a single account t o connect to the dat abase. Thi s account does not p rovide ind ividual ac countabili ty for act ions taken on the DB MS or data .
,"Whenever a single database a ccount is used to co nnect to t he databas e, a secon dary authe ntication method tha t provides individua l accounta bility is required. This scena rio most f requently occurs whe n an exter nally host ed applica tion authe nticates i ndividual users to t he applica tion and t he applica tion uses a single a ccount to retrieve o r update d atabase in formation on behalf of the ind ividual us ers. |
|
239 |
The list o f current DBMS users should be reviewed by the DBA to make a final det ermination on whethe r accounts listed ar e shared a ccounts.",
N/A
,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
240 |
NIST 800-5 3: AU",
http://msd n.microsof t.com/en-u s/library/ azure/ee33 6235.aspx
,
The follow ing user a ccounts we re found o n the serv er. Review them agai nst those listed in the System Security Plan or au thorized u ser list.
,
Shows a li st of the currently defined us er account s to be re viewed by the DBA.
,
Microsoft Azure SQL Database
,
Fact
,
Login=wvrs qladmin ,,,,,, |
|
241 |
2019-02-04 11:47 UTC -05:00
,
7500
,
dbmanager or loginma nager data base role granted
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Skipped
,
Access Con trol
,
Roles are used to gr ant permis sions in S QL Databas e. Microso ft Azure S QL Databas e has two predefined roles 'db manager' a nd 'loginm anager' th at are use d to grant administr ative perm issions at various l evels. Mem bership in these rol es should be restric ted.
,"Roles ar e used to grant perm issions in SQL Datab ase. Micro soft Azure SQL Datab ase has tw o predefin ed roles ' dbmanager' and 'logi nmanager' that are u sed to gra nt adminis trative pe rmissions at various levels. M embership in these r oles shoul d be restr icted. |
|
242 |
|
|
243 |
The 'login manager' d atabase ro le in Micr osoft Azur e SQL Data base is ha s permissi on to crea te logins. Only the server-lev el princip al login ( created by the provi sioning pr ocess) or members of the login manager da tabase rol e can crea te new log ins. |
|
244 |
|
|
245 |
Only the s erver-leve l principa l login (c reated by the provis ioning pro cess) or m embers of the dbmana ger databa se role ca n create d atabases." ,"EXEC sp_ droproleme mber 'dbma nager', 'M yUser'; |
|
246 |
EXEC sp_dr oprolememb er 'loginm anager', ' MyUser';",
All versio ns of Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
247 |
NIST 800-5 3: AC",
http://msd n.microsof t.com/en-u s/library/ ee336235.a spx
,
dbmanager and loginm anager dat abase role members a re listed.
,
List dbman ager and l oginmanage r database role memb ers.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
248 |
2019-02-04 11:47 UTC -05:00
,
7505
,
Server fir ewall rule s
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Skipped
,
Access Con trol
,"Microsof t Azure SQ L Database provides a relation al databas e service for Azure and other Internet-b ased appli cations. T o help pro tect your data, the Azure SQL Database f irewall pr events all access to your Azur e SQL Data base serve r until yo u specify which comp uters have permissio n. The fir ewall gran ts access based on t he origina ting IP ad dress of e ach reques t.","Micro soft Azure SQL Datab ase provid es a relat ional data base servi ce for Azu re and oth er Interne t-based ap plications . To help protect yo ur data, t he Azure S QL Databas e firewall prevents all access to your A zure SQL D atabase se rver until you speci fy which c omputers h ave permis sion. The firewall g rants acce ss based o n the orig inating IP address o f each req uest. |
|
249 |
|
|
250 |
To configu re your fi rewall, yo u create f irewall ru les that s pecify ran ges of acc eptable IP addresses . You can create fir ewall rule s at the s erver and database l evels. |
|
251 |
|
|
252 |
Server-lev el firewal l rules: T hese rules enable cl ients to a ccess your entire Az ure SQL Da tabase ser ver, that is, all th e database s within t he same lo gical serv er. These rules are stored in the master database. ","To mana ge server firewall r ules use s tored proc edures sp_ set_firewa ll_rule an d sp_delet e_firewall _rule. For example: |
|
253 |
|
|
254 |
-- Create server-lev el firewal l setting for only I P 0.0.0.4 |
|
255 |
EXECUTE sp _set_firew all_rule N 'Example s etting 1', '0.0.0.4' , '0.0.0.4 '",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
256 |
NIST 800-5 3: AC","ht tp://msdn. microsoft. com/en-us/ library/az ure/ee6217 82.aspx |
|
257 |
http://msd n.microsof t.com/en-u s/library/ azure/jj55 3530.aspx |
|
258 |
http://msd n.microsof t.com/en-u s/library/ dn269982.a spx",
Defined se rver firew all rules are listed .
,
Lists serv er firewal l rules de fined.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
259 |
2019-02-04 11:47 UTC -05:00
,
7513
,
Shared acc ount autho rization
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Skipped
,
Access Con trol
,
Some appli cations us e a single account t o connect to the dat abase. Thi s account does not p rovide ind ividual ac countabili ty for act ions taken on the DB MS or data .
,"Whenever a single database a ccount is used to co nnect to t he databas e, a secon dary authe ntication method tha t provides individua l accounta bility is required. This scena rio most f requently occurs whe n an exter nally host ed applica tion authe nticates i ndividual users to t he applica tion and t he applica tion uses a single a ccount to retrieve o r update d atabase in formation on behalf of the ind ividual us ers. |
|
260 |
The list o f current DBMS users should be reviewed by the DBA to make a final det ermination on whethe r accounts listed ar e shared a ccounts.",
N/A
,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
261 |
NIST 800-5 3: AU",
http://msd n.microsof t.com/en-u s/library/ azure/ee33 6235.aspx
,
The follow ing user a ccounts we re found o n the serv er. Review them agai nst those listed in the System Security Plan or au thorized u ser list.
,
Shows a li st of the currently defined us er account s to be re viewed by the DBA.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
262 |
2019-02-04 11:47 UTC -05:00
,
7504
,
Applicatio n object o wnership
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,"Microsof t Azure SQ L Database objects i nclude tab les, views , stored p rocedures, triggers. The user that creat es an obje ct becomes the objec t owner. F or securit y and perf ormance re asons, onl y the data base owner should be allowed t o create a nd own obj ects. Chec king for o bjects tha t were not created b y the data base owner helps ens ure that T rojan hors es and oth er unautho rized chan ges have n ot been ma de to the server."," Microsoft Azure SQL Database o bjects inc lude table s, views, stored pro cedures, t riggers. T he user th at creates an object becomes t he object owner. For security and perfor mance reas ons, only the databa se owner s hould be a llowed to create and own objec ts. Checki ng for obj ects that were not c reated by the databa se owner h elps ensur e that Tro jan horses and other unauthori zed change s have not been made to the se rver. |
|
263 |
|
|
264 |
Objects th at are own ed by user s ""dbo"", ""sys"" a nd ""INFOR MATION_SCH EMA"" are Not a Find ing. |
|
265 |
|
|
266 |
If any oth er account s are not authorized , this is a Finding. ","Create database a ccounts de dicated fo r applicat ion object ownership . To simpl ify access authoriza tions, use a single account fo r each app lication t o avoid cr oss chaini ng of owne rship, whi ch makes s ecurity co nfiguratio n more com plex and d egrades sy stem perfo rmance. |
|
267 |
|
|
268 |
Document a ll authori zed applic ation obje ct ownersh ip in the System Sec urity Plan .",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
269 |
CCE: CCE-1 9528-9 |
|
270 |
NIST 800-5 3: AC",
http://msd n.microsof t.com/en-u s/library/ ms178618.a spx
,"Object o wners diff erent from dbo, sys and INFORM ATION_SCHE MA are lis ted.","Lis t object o wners diff erent from dbo, sys and INFORM ATION_SCHE MA.",
Microsoft Azure SQL Database
,
Finding
,
Schema=db_ owner
,
Database=W ebVRAM_Pre Prod
,
Type=DATAB ASE_ROLE ,,,, |
|
271 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
272 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
273 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
274 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
275 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=DEFAULT_ CONSTRAINT
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=DF_Users _Completed RequestFor m ,, |
|
276 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
277 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
278 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
279 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
280 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=DEFAULT_ CONSTRAINT
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=DF_Users _Inactive ,, |
|
281 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
282 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
283 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
284 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
285 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=DEFAULT_ CONSTRAINT
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=DF_Users _PointOfCo ntact ,, |
|
286 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
287 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
288 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
289 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
290 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=DEFAULT_ CONSTRAINT
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=DF_Users _ShowPII ,, |
|
291 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
292 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
293 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
294 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
295 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=DEFAULT_ CONSTRAINT
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=DF_Stati ons_Inacti ve ,, |
|
296 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
297 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
298 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
299 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
300 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=DEFAULT_ CONSTRAINT
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=DF_Stati ons_IsTest Station ,, |
|
301 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
302 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
303 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
304 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
305 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=DEFAULT_ CONSTRAINT
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=DF_Stati ons_Statio nOffline ,, |
|
306 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
307 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
308 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
309 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
310 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=DEFAULT_ CONSTRAINT
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=DF_Vista Users_Inac tive ,, |
|
311 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
312 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
313 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
314 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
315 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_UserR oles_Acces sLevels ,, |
|
316 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
317 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
318 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
319 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
320 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_UserR oles_Appli cations ,, |
|
321 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
322 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
323 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
324 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
325 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=FK_UserR oles_Creat edByUserID ,, |
|
326 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
327 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
328 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
329 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
330 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_UserR oles_Regio ns ,, |
|
331 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
332 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
333 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
334 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
335 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_UserR oles_Roles ,, |
|
336 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
337 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
338 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
339 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
340 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_UserR oles_Stati ons ,, |
|
341 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
342 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
343 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
344 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
345 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_UserR oles_Updat edByUserID ,, |
|
346 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
347 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
348 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
349 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
350 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_UserR oles_Users ,, |
|
351 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
352 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
353 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
354 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
355 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_UserR oles_Visns ,, |
|
356 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
357 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
358 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
359 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
360 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_Ignor edItems_Ap plicationI D ,, |
|
361 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
362 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
363 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
364 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
365 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_Ignor edItems_It emTypeID ,, |
|
366 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
367 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
368 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
369 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
370 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_Ignor edItems_Pa rentItemID ,, |
|
371 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
372 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
373 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
374 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
375 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_Ignor edItems_St ationID ,, |
|
376 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
377 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
378 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
379 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
380 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_Repli cationLogE vents_Item TypeID ,, |
|
381 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
382 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
383 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
384 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
385 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_Repli cationLogE vents_Repl icationID ,, |
|
386 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
387 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
388 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
389 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
390 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_Repli cationLogs _Stations ,, |
|
391 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
392 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
393 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
394 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
395 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:37 PM
,
Object Nam e=FK_Repli cationLogs _VistaUser s ,, |
|
396 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
397 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
398 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
399 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
400 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:38 PM
,
Object Nam e=FK_Stati ons_Parent StationID ,, |
|
401 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
402 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
403 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
404 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
405 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:38 PM
,
Object Nam e=FK_Stati ons_Visns ,, |
|
406 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
407 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
408 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
409 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
410 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:38 PM
,
Object Nam e=FK_Visns _AltRegion ID ,, |
|
411 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
412 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
413 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
414 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
415 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:38 PM
,
Object Nam e=FK_Visns _RegionID ,, |
|
416 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
417 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
418 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
419 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
420 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=FOREIGN_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:38 PM
,
Object Nam e=FK_Vista Users_Stat ions ,, |
|
421 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
422 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
423 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
424 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
425 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:33 PM
,
Object Nam e=PK_Acces sLevels ,, |
|
426 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
427 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
428 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
429 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
430 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:33 PM
,
Object Nam e=PK_Appli cations ,, |
|
431 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
432 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
433 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
434 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
435 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:33 PM
,
Object Nam e=PK_Roles ,, |
|
436 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
437 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
438 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
439 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
440 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:33 PM
,
Object Nam e=PK_UserR oles ,, |
|
441 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
442 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
443 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
444 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
445 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:34 PM
,
Object Nam e=PK_Users ,, |
|
446 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
447 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
448 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
449 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
450 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:34 PM
,
Object Nam e=PK_Items ToIgnore ,, |
|
451 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
452 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
453 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
454 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
455 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:34 PM
,
Object Nam e=PK_Itemy pes ,, |
|
456 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
457 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
458 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
459 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
460 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:34 PM
,
Object Nam e=PK_Regio ns ,, |
|
461 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
462 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
463 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
464 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
465 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:34 PM
,
Object Nam e=PK_Repli cationLogE vents ,, |
|
466 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
467 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
468 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
469 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
470 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:34 PM
,
Object Nam e=PK_Repli cationLogs ,, |
|
471 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
472 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
473 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
474 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
475 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:35 PM
,
Object Nam e=PK_Stati ons ,, |
|
476 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
477 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
478 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
479 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
480 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:35 PM
,
Object Nam e=PK_Visns ,, |
|
481 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
482 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
483 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
484 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
485 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:35 PM
,
Object Nam e=PK_Vista Users ,, |
|
486 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
487 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
488 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
489 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
490 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=PRIMARY_ KEY_CONSTR AINT
,
Creation D ate=2/4/20 19 4:20:35 PM
,
Object Nam e=PK_WebLo gs ,, |
|
491 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
492 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
493 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
494 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
495 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=SQL_INLI NE_TABLE_V ALUED_FUNC TION
,
Creation D ate=2/4/20 19 4:20:38 PM
,
Object Nam e=ufnGetEr rorInfo ,, |
|
496 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
497 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
498 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
499 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
500 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=SQL_TABL E_VALUED_F UNCTION
,
Creation D ate=2/4/20 19 4:20:38 PM
,
Object Nam e=ufnSplit ,, |
|
501 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
502 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
503 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
504 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
505 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=SYNONYM
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=UserSecu rityAccess Levels ,, |
|
506 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
507 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
508 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
509 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
510 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=SYNONYM
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=UserSecu rityApplic ations ,, |
|
511 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
512 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
513 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
514 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
515 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=SYNONYM
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=UserSecu rityRegion s ,, |
|
516 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
517 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
518 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
519 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
520 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=SYNONYM
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=UserSecu rityStatio ns ,, |
|
521 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
522 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
523 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
524 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
525 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=SYNONYM
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=UserSecu rityUserRo les ,, |
|
526 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
527 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
528 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
529 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
530 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=SYNONYM
,
Creation D ate=2/4/20 19 4:20:36 PM
,
Object Nam e=UserSecu rityVisns ,, |
|
531 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
532 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
533 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
534 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
535 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:33 PM
,
Object Nam e=AccessLe vels ,, |
|
536 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
537 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
538 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
539 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
540 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:33 PM
,
Object Nam e=Applicat ions ,, |
|
541 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
542 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
543 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
544 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
545 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:33 PM
,
Object Nam e=Roles ,, |
|
546 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
547 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
548 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
549 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
550 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:33 PM
,
Object Nam e=UserRole s ,, |
|
551 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
552 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
553 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
554 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
555 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=db_o wner
,
Schema Nam e=seclyr
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:34 PM
,
Object Nam e=Users ,, |
|
556 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
557 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
558 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
559 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
560 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:34 PM
,
Object Nam e=IgnoredI tems ,, |
|
561 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
562 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
563 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
564 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
565 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:34 PM
,
Object Nam e=ItemType s ,, |
|
566 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
567 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
568 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
569 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
570 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:34 PM
,
Object Nam e=Regions ,, |
|
571 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
572 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
573 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
574 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
575 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:34 PM
,
Object Nam e=Replicat ionLogEven ts ,, |
|
576 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
577 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
578 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
579 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
580 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:34 PM
,
Object Nam e=Replicat ionLogs ,, |
|
581 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
582 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
583 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
584 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
585 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:35 PM
,
Object Nam e=Stations ,, |
|
586 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
587 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
588 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
589 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
590 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:35 PM
,
Object Nam e=Visns ,, |
|
591 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
592 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
593 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
594 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
595 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:35 PM
,
Object Nam e=VistaUse rs ,, |
|
596 |
2019-02-04 11:47 UTC -05:00
,
7502
,
DBMS data definition language use
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Finding
,
Access Con trol
,
A producti on system should not support c hanges to the data d efinitions ; applicat ion users by definit ion and jo b function require o nly the pe rmissions to manipul ate data w ithin data base objec ts and exe cute proce dures with in the dat abase.
,"The stat ements use d to defin e objects in the dat abase are referred t o as Data Definition Language (DDL) stat ements and include t he CREATE, DROP, and ALTER obj ect statem ents. |
|
597 |
If any obj ect creati on dates d o not coin cide with the softwa re mainten ance and u pgrade log s or are n ot objects documente d as suppo rting dyna mic object creation functions, investiga te the cir cumstances under whi ch the obj ect was cr eated. |
|
598 |
Any requir ement that dynamic o bject crea tion is al lowed for an applica tion shoul d be docum ented.","C oordinate with the a pplication designer to modify the applic ation to u se static objects wi th tempora ry data ra ther than creating a nd using t emporary o bjects. |
|
599 |
Document i n the Syst em Securit y Plan all known obj ect creati on that su pports dyn amic objec t usage.",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
600 |
NIST 800-5 3: SI",
,
There are objects cr eated by n on default users. Th e administ rator shou ld review these to m ake sure t hey are au thorized a nd documen ted.
,
List the o bjects cre ated by no n-default users in t he last da ys for rev ision by t he adminis trator.
,
Microsoft Azure SQL Database
,
Finding
,
Owner=dbo
,
Schema Nam e=dbo
,
Object Typ e=USER_TAB LE
,
Creation D ate=2/4/20 19 4:20:35 PM
,
Object Nam e=WebLogs ,, |
|
601 |
2019-02-04 11:47 UTC -05:00
,
7517
,
DDL permis sion assig nments
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Non Findin g
,
Access Con trol
,
Microsoft Azure SQL Database c ontains a number of statement permission s that can be grante d. These s tatement p rivileges are sensit ive and sh ould not b e granted trivially.
,
,"You can revoke sta tement per missions u sing the f ollowing s yntax: |
|
602 |
|
|
603 |
REVOKE [st atement pe rmission] FROM [user or group] ",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
604 |
NIST 800-5 3: AC",
,
Found a DD L statemen t permissi on granted to a user or group.
,
Check for DDL statem ent permis sions whic h have bee n granted to a user or group.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
605 |
2019-02-04 11:47 UTC -05:00
,
7514
,
Unauthoriz ed stored procedures and funct ions
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Non Findin g
,
Access Con trol
,"Microsof t Azure SQ L Database is capabl e of provi ding a wid e variety of functio ns and ser vices. Som e of the f unctions a nd service s, provide d by defau lt, may no t be neces sary to su pport esse ntial orga nizational operation s.","Micro soft Azure SQL Datab ase is cap able of pr oviding a wide varie ty of func tions and services. Some of th e function s and serv ices, prov ided by de fault, may not be ne cessary to support e ssential o rganizatio nal operat ions. Addi tionally, it is some times conv enient to provide mu ltiple ser vices from a single component of an info rmation sy stem (e.g. , email an d web serv ices), but doing so increases risk over limiting t he service s provided by any on e componen t.",
Review the list of u ser-define d stored p rocedures and functi ons: make sure there are no un authorized ones.
,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
606 |
NIST 800-5 3: AC",
http://msd n.microsof t.com/en-u s/library/ ms187926.a spx
,
User-defin ed stored procedures and funct ions found .
,
List user- defined st ored proce dures and functions.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
607 |
2019-02-04 11:47 UTC -05:00
,
7506
,
Database f irewall ru les
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Non Findin g
,
Access Con trol
,"Microsof t Azure SQ L Database provides a relation al databas e service for Azure and other Internet-b ased appli cations. T o help pro tect your data, the Azure SQL Database f irewall pr events all access to your Azur e SQL Data base serve r until yo u specify which comp uters have permissio n. The fir ewall gran ts access based on t he origina ting IP ad dress of e ach reques t.","Micro soft Azure SQL Datab ase provid es a relat ional data base servi ce for Azu re and oth er Interne t-based ap plications . To help protect yo ur data, t he Azure S QL Databas e firewall prevents all access to your A zure SQL D atabase se rver until you speci fy which c omputers h ave permis sion. The firewall g rants acce ss based o n the orig inating IP address o f each req uest. |
|
608 |
|
|
609 |
To configu re your fi rewall, yo u create f irewall ru les that s pecify ran ges of acc eptable IP addresses . You can create fir ewall rule s at the s erver and database l evels. |
|
610 |
|
|
611 |
Database-l evel firew all rules: These rul es enable clients to access in dividual d atabases w ithin your Azure SQL Database server. Th ese rules are create d per data base and a re stored in the ind ividual da tabases (i ncluding m aster). Th ese rules can be hel pful in re stricting access to certain (s ecure) dat abases wit hin the sa me logical server.", "To manage database firewall r ules use s tored proc edures sp_ set_databa se_firewal l_rule and sp_delete _database_ firewall_r ule. For e xample: |
|
612 |
|
|
613 |
-- Create database-l evel firew all settin g for only IP 0.0.0. 4 |
|
614 |
EXECUTE sp _set_datab ase_firewa ll_rule N' Example DB Setting 1 ', '0.0.0. 4', '0.0.0 .4'",
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
615 |
NIST 800-5 3: AC","ht tp://msdn. microsoft. com/en-us/ library/az ure/ee6217 82.aspx |
|
616 |
http://msd n.microsof t.com/en-u s/library/ azure/jj55 3530.aspx |
|
617 |
http://msd n.microsof t.com/en-u s/library/ dn269982.a spx",
Defined da tabase fir ewall rule s are list ed.
,
List datab ase firewa ll rules d efined.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
618 |
2019-02-04 11:47 UTC -05:00
,
7516
,
Database r ole privil ege assign ment
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Non Findin g
,
Access Con trol
,"Privileg es assigne d to datab ase roles can allow remote use rs access to local d ata, and s hould be l isted and authorized in the sy stem secur ity plan." ,"Privileg es assigne d to datab ase roles can allow remote use rs access to local d ata, and s hould be l isted and authorized in the sy stem secur ity plan. |
|
619 |
|
|
620 |
Note: |
|
621 |
All privil eges assig ned to dat abase role s should b e checked manually." ,
N/A
,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
622 |
NIST 800-5 3: AC",
,
Privileges assigned to databas e roles ar e listed.
,
List of pr ivileges a ssigned to database roles.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
623 |
2019-02-04 11:47 UTC -05:00
,
7521
,
Applicatio n roles fo und
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Non Findin g
,
Access Con trol
,"Azure SQ L Database v12 inclu des suppor t for Appl ication Ro les, which allows an applicati on to use a set of p ermissions different from thos e granted to each in dividual u ser. The a pplication role is s et by the applicatio n and take s over the permissio ns of the user. Appl ication Ro les should be monito red and au dited to e nsure they are used only by th e applicat ion requir ing them." ,"An appli cation rol e is a dat abase prin cipal that enables a n applicat ion to run with its own, user- like permi ssions. Yo u can use applicatio n roles to enable ac cess to sp ecific dat a to only those user s who conn ect throug h a partic ular appli cation. Un like datab ase roles, applicati on roles c ontain no members an d are inac tive by de fault. App lication r oles are e nabled by using sp_s etapprole, which req uires a pa ssword.",
Verify per missions g ranted to applicatio n roles fo und. Audit applicati on roles u se.
,
Microsoft Azure SQL Database v ersion 12 and later
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
624 |
NIST 800-5 3: AC |
|
625 |
NIST 800-5 3: AU","ht tps://azur e.microsof t.com/en-u s/document ation/arti cles/sql-d atabase-v1 2-whats-ne w/#securit y-enhancem ents |
|
626 |
https://te chnet.micr osoft.com/ en-us/libr ary/ms1909 98.aspx",
An applica tion role was found.
,
Lists all applicatio n roles fo und.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
627 |
2019-02-04 11:47 UTC -05:00
,
7519
,
Contained database u ser with p assword fo und
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Non Findin g
,
Access Con trol
,"Containe d database users wit h password s are auth enticated by the dat abase, thi s means th at access to a conta ined datab ase is gra nted at th e database level. Ea ch contain ed databas e user sho uld be rev iewed to v erify that there are no securi ty threats related t o the auth entication process." ,"A contai ned databa se include s all data base setti ngs and me tadata req uired to d efine the database a nd has no configurat ion depend encies on the master database. Contained database users can connect to the datab ase withou t authenti cating as a login in the maste r database . |
|
628 |
|
|
629 |
Each conta ined datab ase user s hould be r eviewed to verify th at there a re no secu rity threa ts related to the au thenticati on process .",
Review the list of c ontained d atabase us ers to mak e sure tha t there ar e no secur ity threat s related to the aut henticatio n process.
,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
630 |
NIST 800-5 3: IA |
|
631 |
NIST 800-5 3: AC","ht tp://azure .microsoft .com/en-us /documenta tion/artic les/sql-da tabase-pre view-whats -new/ |
|
632 |
http://msd n.microsof t.com/libr ary/azure/ ff929071.a spx",
Contained database u sers have been found .
,
List conta ined datab ase users.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
633 |
2019-02-04 11:47 UTC -05:00
,
7520
,
Applicatio n role pri vilege ass ignment
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Non Findin g
,
Access Con trol
,
Credential s defined for access to applic ation role s may prov ide unauth orized acc ess to dat a. It also can lead to loss of confident iality and integrity of the da ta.
,"An appli cation rol e is a dat abase prin cipal that enables a n applicat ion to run with its own, user- like permi ssions. Yo u can use applicatio n roles to enable ac cess to sp ecific dat a to only those user s who conn ect throug h a partic ular appli cation. Un like datab ase roles, applicati on roles c ontain no members an d are inac tive by de fault. App lication r oles work with both authentica tion modes . Applicat ion roles are enable d by using sp_setapp role, whic h requires a passwor d. |
|
634 |
|
|
635 |
Privileges assigned to databas e applicat ion user r oles can a llow remot e users ac cess to lo cal data, and should be listed and autho rized in t he system security p lan.",
Use the gr ant and re voke comma nds to ass ign the au thorized p rivileges.
,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ac cess Contr ol |
|
636 |
NIST 800-5 3: AC","ht tps://msdn .microsoft .com/en-us /library/m s181491.as px |
|
637 |
https://ms dn.microso ft.com/en- us/library /ms190998. aspx",
Privileges assigned to applica tion roles are liste d.
,
List privi leges assi gned to ap plication roles.
,
Microsoft Azure SQL Database ,,,,,,,, |
|
638 |
2019-02-04 11:47 UTC -05:00
,
7503
,
Server Inf ormation
,
Informatio nal
,
Audit
,
Microsoft Azure SQL Database
,
vac21sqlwv r410\WebVR AM_PreProd
,
Fact
,
Applicatio n Integrit y
,
Server inf ormation s hould be a vailable f or auditin g and docu mentation.
,"It is im portant to have read ily availa ble inform ation abou t the serv ers in the network, to allow f or documen tation, au diting, an d updates deployment planning. |
|
639 |
System adm ins should have acce ss at leas t to the s erver addr ess, commu nication p orts, inst ance names and versi on.",
Document e ach server with all data colle cted and u pdate it p eriodicall y.
,
All versio ns of Micr osoft Azur e SQL Data base
,
CVE-NO-MAT CH
,"SHATTER Control Ca tegory: Ap plication Integrity |
|
640 |
NIST 800-5 3: MA",
,
Server inf ormation i s reported .
,
Reports se rver infor mation.
,
Microsoft Azure SQL Database
,
Fact
,
P ORT = PORT ,
Version=12 .0.2000.8
,
Platform=M icrosoft W indows
,
Instance N ame=SQLDat abase
,
Service Pa ck=RTM
,
Edition=SQ L Azure
,
Address=52 .238.116.3 2
|