U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CIS SQL Server 2005 Benchmark v1.2.0 Checklist Details (Checklist Revisions)

Supporting Resources:

Target:

Target CPE Name
Microsoft SQL Server 2005 cpe:/a:microsoft:sql_server:2005 (View CVEs)

Checklist Highlights

Checklist Name:
CIS SQL Server 2005 Benchmark
Checklist ID:
137
Version:
v1.2.0
Type:
Compliance
Review Status:
Archived
Authority:
Third Party: Center for Internet Security (CIS)
Original Publication Date:
01/12/2010

Checklist Summary:

This document is derived from research conducted utilizing the SQL Server 2005 environment on Windows XP Desktops and Windows 2003 servers. This document provides the necessary settings and procedures for the secure installation, setup, configuration, and operation of an MS SQL Server 2005 system. With the use of the settings and procedures in this document, an SQL Server 2005 database may be secured from conventional out of the box threats. Recognizing the nature of security cannot and should not be limited to only the application the scope of this document is not limited to only SQL Server 2005 specific settings or configurations, but also addresses backups, archive logs, best practices processes and procedures that are applicable to general software and hardware security.

Checklist Role:

  • Database Server

Known Issues:

Proper use of the Recommendations requires careful analysis and adaptation to specific user requirements. The Recommendations are not in any way intended to be a quick fix for anyone's information security needs. It is extremely important to conduct testing of security configurations on non-production systems prior to implementing them on production systems.

Target Audience:

Database System Administrators

Target Operational Environment:

  • Managed

Testing Information:

Not provided.

Regulatory Compliance:

Not provided.

Comments/Warnings/Miscellaneous:

Refer to Known Issues.

Disclaimer:

Differs for Public and Private consumers, please read disclaimer information from the CIS web site located at: http://www.cisecurity.org/sub_form.html

Product Support:

Not provided.

Point of Contact:

windows-feedback@lists.cisecurity.org

Sponsor:

Not provided.

Licensing:

Differs for Public and Private consumers, please read licensing information from the CIS web site located at http://www.cisecurity.org/sub_form.html

Change History:

02-19-2009-Version 1.1.1
01-12-2010-Version 1.2.0
Updated URL - 7/26/19
updated status to archived - 2/23/24

Dependency/Requirements:

URL Description

References:

Reference URL Description

NIST checklist record last modified on 02/23/2024