Unauthorized user accounts should not exist.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-2508 | DG0070-SQLServer9 | SV-24088r1_rule | IAAC-1 | Medium |
| Description |
|---|
| Unauthorized user accounts provide unauthorized access to the database and may allow access to database objects. Only authorized users should be granted database accounts. |
| STIG | Date |
|---|---|
| Microsoft SQL Server 2005 Instance Security Technical Implementation Guide | 2015-04-03 |
Details
| Check Text ( None ) |
|---|
| None |
| Fix Text (F-20403r1_fix) |
|---|
| Develop, document and implement procedures for authorizing creation and changes to user accounts. Monitor user accounts to verify that they remain authorized. Drop user accounts that are no longer authorized. |