Link to home
Create AccountLog in
Avatar of banjo1960
banjo1960Flag for United States of America

asked on

MS SQL 2008 Hardening Guide

I am configuring SQL 2008 servers for DISA compliance.  It looks like the latest STIG is for 2005 (DISA web site and NIST web site).

I download the CIS guide and am working with that, as it contains code snippets.

Can anyone direct me to a set of scripts for SQL 2008 that similar to what  the DISA scripts do for Oracle?

Thanks
ASKER CERTIFIED SOLUTION
Avatar of btan
btan

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of banjo1960

ASKER

Thanks. This is very helpful. Yes I use XCCDF more and more with the STIG benchmarks.

I am aware of the move in this direction.

I will check these things out.

Thanks!
One more question. I use the DISA supplied XCCDF benchmarks for other scans, such as Windows OS.  I use the SCAP engine in Retina.

I may have misunderstood, but is there an XCCDF file supplied by DISA that I can use to scan SQL 2008?
Avatar of btan
btan

They are not creating any based on latest faq, as time line is not stated. Maybe the mitre forum on xccdf and oval can share if they see any but probably not from DISA
Thanks! I will keep an eye on that.