This document is derived from research conducted utilizing the SQL Server 2005 environment on Windows XP Desktops and Windows 2003 servers. This document provides the necessary settings and procedures for the secure installation, setup, configuration, and operation of an MS SQL Server 2005 system. With the use of the settings and procedures in this document, an SQL Server 2005 database may be secured from conventional out of the box threats. Recognizing the nature of security cannot and should not be limited to only the application the scope of this document is not limited to only SQL Server 2005 specific settings or configurations, but also addresses backups, archive logs, best practices processes and procedures that are applicable to general software and hardware security.
Proper use of the Recommendations requires careful analysis and adaptation to specific user requirements. The Recommendations are not in any way intended to be a quick fix for anyone's information security needs. It is extremely important to conduct testing of security configurations on non-production systems prior to implementing them on production systems.
Database System Administrators
Refer to Known Issues.
Differs for Public and Private consumers, please read disclaimer information from the CIS web site located at: http://www.cisecurity.org/sub_form.html
Differs for Public and Private consumers, please read licensing information from the CIS web site located at http://www.cisecurity.org/sub_form.html
02-19-2009-Version 1.1.1 01-12-2010-Version 1.2.0