prevasio-sql-server2
Region: westus
Overview
Critical
0High
1Medium
8Low
1Informational
0Security issues (10)
| Severity | Non-Compliance | Issue | Remediation | Read more | Action |
|---|---|---|---|---|---|
| Low | CIS 4.1.2 | SQL Server has no private endpoints configured. | To connect your virtual network to services in Azure without a public IP address at the source or destination, ensure the SQL Servers are accessible only through private endpoints. | More info | |
| Medium | — | SQL Server has no auto-failover groups configured. | To enable database replication and automatic failover, ensure that SQL Servers are using auto-failover groups. | More info | |
| Medium | CIS 4.4.2 PCI DSS (Old Protocols) HIPAA (Encryption) | SQL Server has TLS version set to EnforcementDisabled, while the desired TLS version is 1.2. | To comply with the industry standards, ensure TLS 1.2 or higher is used for all TLS connections to SQL Servers. | More info | |
| Medium | — | SQL Server has Advanced Data Security disabled. | To provide a set of advanced SQL security capabilities for your SQL Database Servers, ensure that Advanced Data Security is enabled within your SQL Server configuration settings. | More info | |
| Medium | SQL Server has no Email Account Admins enabled. | To send monitored data for unusual activity, vulnerabilities, and threats to the account admins and subscription owners, ensure that advanced data security for SQL Servers has Email Account Admins enabled. | More info | ||
| High | SQL Server has no list of emails configured to which alerts could be sent upon detection of anomalous activities. | To send alerts on unusual activity, vulnerabilities, and threats, specify email address(es) under "Send alerts to" in Advanced Threat Protection settings of Microsoft Defender for SQL. | More info | ||
| Medium | CIS 4.1.1 PCI DSS 10.2 HIPAA (Audit) | SQL Server has Database Auditing disabled. | To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that SQL Server Auditing is enabled. | More info | |
| Medium | PCI DSS 10.2 HIPAA (Audit) | SQL Server has Audit Action and Groups disabled. | To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure SQL Server Audit Action and Groups is configured to at least include SUCCESSFUL_DATABASE_AUTHENTICATION_GROUP, FAILED_DATABASE_AUTHENTICATION_GROUP and BATCH_COMPLETED_GROUP. | More info | |
| Medium | CIS 4.1.4 | SQL Server uses no Active Directory administrator. | To centrally manage identity and access to your SQL Database Servers, ensure that SQL Servers use an Active Directory administrator. | More info | |
| Medium | CIS 4.1.3 | SQL Server has TDE (Transparent data encryption) that uses Microsoft managed key instead of BYOK (Bring Your Own Key). | For greater control, transparency and increasing security by having full control of the encryption keys, ensure your SQL Server data at rest is protected with a key from your own Azure key vault. | More info |