STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
DISA has released the Microsoft SQL Server 2016 STIG Version 1. The requirements of the STIG become effective immediately. The STIG is available at https://iase.disa.mil/stigs/Pages/index.aspx.
For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil
I’ve been performing STIG checks for the DoD for a decade, now, and I finally got tired of waiting for DISA to produce a scap tool for these SQL STIGs and built one myself. ASSET automates DISA’s manual SQL 2014 & 2016 STIG checks against SQL servers and produces instance and database checklists in the required .xccdf 1.1 xml format,
You can see a video of ASSET in action right here: https://borellisecuritysoftware.com/products/asset-automated-sql-security-evaluation-tool