Checklist Details for CIS SQL Server 2005 Benchmark v1.2.0

(Checklist Revisions)

Checklist Highlights

Checklist Name:
CIS SQL Server 2005 Benchmark
Review Status:
Third Party: Center for Internet Security (CIS)
Target Product:
Target Product CPE Name Product Category
Microsoft SQL Server 2005 cpe:/a:microsoft:sql_server:2005 (View CVEs)
  • Database Management System
Checklist Summary:
This document is derived from research conducted utilizing the SQL Server 2005 environment on Windows XP Desktops and Windows 2003 servers. This document provides the necessary settings and procedures for the secure installation, setup, configuration, and operation of an MS SQL Server 2005 system. With the use of the settings and procedures in this document, an SQL Server 2005 database may be secured from conventional out of the box threats. Recognizing the nature of security cannot and should not be limited to only the application the scope of this document is not limited to only SQL Server 2005 specific settings or configurations, but also addresses backups, archive logs, best practices processes and procedures that are applicable to general software and hardware security.
Checklist Role:
  • Database Management System
Known Issues:
Proper use of the Recommendations requires careful analysis and adaptation to specific user requirements. The Recommendations are not in any way intended to be a quick fix for anyone's information security needs. It is extremely important to conduct testing of security configurations on non-production systems prior to implementing them on production systems.
Target Audience:
Database System Administrators
Testing Information:
Not provided.
Regulatory Compliance:
Not provided.
Refer to Known Issues.
Differs for Public and Private consumers, please read disclaimer information from the CIS web site located at:
Product Support:
Not provided.
Point of Contact:
Not provided.
Differs for Public and Private consumers, please read licensing information from the CIS web site located at
Change History:
02-19-2009-Version 1.1.1
01-12-2010-Version 1.2.0
NIST checklist record last modified on 05/10/2011