my-sql-instance4
Overview
Critical
1High
1Medium
8Low
1Informational
0Security issues (11)
Severity | Non-Compliance | Issue | Remediation | Read more | Action |
---|---|---|---|---|---|
Medium | — | SQL database instance is publicly accessible from all IP addresses. | To fulfill HIPAA and PCI DSS requirements on strict access and integrity controls, ensure that all SQL instances are configured to accept connections from trusted networks and IP addresses only. | More info | |
Medium | HIPAA (Backup) | SQL database instance has no backup run, and so it can not be restored to a recent point. | To fulfill HIPAA requirements on restoring compromised services, ensure that all SQL instances are configured to have automated (scheduled) backups and can be restored to a recent point. | More info | |
Medium | CIS 6.7 | SQL database instance does not have an automated backup enabled. | Ensure that automated backups are enabled for all SQL database instances. | More info | |
Medium | — | SQL database instance does not have multi-AZ enabled. | Ensure that all SQL instances are created with a secondary AZ to ensure proper failover. | More info | |
Medium | CIS 6.4 PCI DSS 4.2 HIPAA (Encryption) | SQL database instance has SSL/TLS disabled. | To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, enforce all incoming connections to your SQL database instances to use SSL/TLS only. | More info | |
Medium | CIS 6.3.7 | SQL server database instance has "contained database authentication" flag enabled. | To prevent any databases on the server from being contained, ensure the "contained database authentication" SQL Server engine flag is set to Off. | More info | |
Medium | CIS 6.3.2 | SQL server database instance has "cross db ownership chaining" flag enabled. | Unless all of the databases hosted by the SQL Server need to participate in cross-database ownership chaining, ensure the "cross db ownership chaining" SQL Server engine flag is disabled. | More info | |
Critical | — | SQL database instance SSL certificate has expired 34 days ago. | Ensure that all incoming connections to your SQL database instances remain secure by rotating all the server certificates before they expire. | More info | |
Medium | CIS 6.6 | SQL database instance has public IPs. | To reduce the application's attack surface, ensure your SQL database instances are configured to use private IP addresses instead of public IPs. | More info | |
Low | — | SQL database instance has automatic storage increase limit set zero (no limit for storage growth). | To prevent your SQL instance disk size from growing too large and increase service costs, ensure your SQL database instances are configured with an optimal automatic storage increase limit. | More info | |
High | PCI DSS 3.5 HIPAA (Encryption) | SQL database instance is not encrypted using Customer-Managed Keys (CMK). | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, make sure your SQL database instances are encrypted using CMK. | More info |