banjo1960
asked on
MS SQL 2008 Hardening Guide
I am configuring SQL 2008 servers for DISA compliance. It looks like the latest STIG is for 2005 (DISA web site and NIST web site).
I download the CIS guide and am working with that, as it contains code snippets.
Can anyone direct me to a set of scripts for SQL 2008 that similar to what the DISA scripts do for Oracle?
Thanks
I download the CIS guide and am working with that, as it contains code snippets.
Can anyone direct me to a set of scripts for SQL 2008 that similar to what the DISA scripts do for Oracle?
Thanks
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
One more question. I use the DISA supplied XCCDF benchmarks for other scans, such as Windows OS. I use the SCAP engine in Retina.
I may have misunderstood, but is there an XCCDF file supplied by DISA that I can use to scan SQL 2008?
I may have misunderstood, but is there an XCCDF file supplied by DISA that I can use to scan SQL 2008?
They are not creating any based on latest faq, as time line is not stated. Maybe the mitre forum on xccdf and oval can share if they see any but probably not from DISA
ASKER
Thanks! I will keep an eye on that.
ASKER
I am aware of the move in this direction.
I will check these things out.
Thanks!