CIS-CAT Pro Assessor v4 HTML Report shows unexpected Database Name for MSSQL Assessment

Owned by Nick Romanzo, created
Last updated: Apr 01, 2024 by Andrew Dannenberger
1 min read

Product Name

CIS-CAT Pro Assessor v4

Product Version

All

Date

Sep 20, 2023

 

Problem

The HTML report and assessment evidence is showing the incorrect Database name.

 

Solution

The title of the HTML report will only show the last database.

Some recommendations require that each contained database be checked in order to ensure compliance. One example would be recommendation: 3.3 - Ensure 'Orphaned Users' are Dropped From SQL Server Databases. For any recommendation which will check each contained database, the artifact type will be “Independent: SQL Server Query Each Database”.

The recommendations which don’t explicitly state to check all contained databases are checking settings which will be the same across all databases. So while the database specified in the connection string is the database to which it will connect, the result would be consistent across all contained databases. As such it’s not necessary to connect to each database to check the configuration, i.e. the default or any named database will suffice. If the databaseName property is omitted, the default database will be used.

Keywords; Database DatabaseName jdbc sql

Content by Label

Copyright © 2023

Center for Internet Security®