Professional Documents
Culture Documents
Commvault Compliance With Level 1 Controls For CIS Microsoft SQL Server 2016 Benchmark v1.1.0
Commvault Compliance With Level 1 Controls For CIS Microsoft SQL Server 2016 Benchmark v1.1.0
Security Controls
CIS Microsoft SQL Server 2016 Benchmark v1.1.0
Friday, 9 July 2021
Commvault Compliance with Level 1 Controls of CIS Microsoft SQL Server 2016 Benchmark v1.1.0
The security controls in Level 1 provide a clear security benefit. The following table
presents the compliance of the Commvault software with the Level 1 controls.
1 Installation,
Updates and
Patches
1.1 Ensure Latest SQL Yes The workflow engine that is built-in with
Server Service Packs the Commvault software performs
and Hotfixes are automatic updates of the SQL server.
Installed (Not
Scored)
2 Surface Area
Reduction
2.2 Ensure 'CLR Enabled' No The Commvault software uses the CLR
Server Configuration functionality and the functionality cannot
Option is set to '0' be disabled. So, the software does not
(Scored) support this control.
2.10 Ensure Unnecessary Yes, requires Communication with the Commvault SQL
SQL Server manual Server instance is done through TCP/IP
Protocols are set to configuratio protocol. You can disable all other
'Disabled' (Not n protocols. For instructions, see Enable or
Scored) Disable a Server Network Protocol.
2.11 Ensure SQL Server is Yes, requires A default installation of SQL Server 2014
configured to use manual and later versions uses a dynamic port.
non-standard ports configuratio For security reasons, you can configure a
(Not Scored) n different port. For instructions, see
Configure a Server to Listen on a Specific
TCP Port.
2.12 Ensure 'Hide Yes, requires To support this control, you must
Instance' option is manual manually hide the SQL server instance.
set to 'Yes' for configuratio For instructions, see Hiding the SQL
Production SQL n Server Instance.
Server instances
(Scored)
3 Authentication and
Authorization
3.7 Ensure the SQL N/A The Commvault software does not
Server’s Full-Text contain Full-Text Service Account. So, this
Service Account is control is not applicable.
Not an
Administrator (Not
Scored)
4 Password Policies
4.2 Ensure No
'CHECK_EXPIRATION
' Option is set to
'ON' for All SQL
Authenticated
Logins Within the
Sysadmin Role
(Scored)
5 Auditing and
Logging
6 Application
Development
7 Encryption
8 Appendix:
Additional
Considerations
8.1 Ensure 'SQL Server Yes, requires By default, the CommServe software uses
Browser Service' is manual the Microsoft SQL Server Browser service
configured correctly configuratio to enable clients and other Commvault
(Not Scored) n applications to connect to the
CommServe database through dynamic
ports.
The development release and timing of future product releases remains at Commvault’s sole discretion.
Commvault is providing the following information in accordance with Commvault's standard product
communication policies. Any resulting features, functionality, and enhancements or timing of release of such
features, functionality, and enhancements are at the sole discretion of Commvault and may be modified without
notice. All product roadmap or other similar information does not represent a commitment to deliver any
material, code, or functionality, and should not be relied upon in making a purchasing decision.
Visit the Commvault Documentation website for complete documentation of Commvault products.