SQL Server Vulnerability Scanning Done Right
Looking for a reliable SQL Server vulnerability scanning tool to help evaluate your SQL server's security posture against DISA's Security Technical Implementation Guidelines (STIGs)?
ASSET automates DISA's manual SQL 2014 & 2016 STIG checks against SQL servers and produces instance and database checklists in the required .xccdf 1.1 xml format, saving you hours—if not days—of tedious and error-prone manual labor. When you use ASSET to execute your SQL STIG checks, it will:
- Quickly and reliably perform nearly ALL of the DISA mandated SQL STIG vulnerability checks
- Automatically evaluate scan results, assigning the appropriate status (Not a Finding, Open, Not Applicable) where possible, and...
- Provide the information necessary to support that status, or facilitate any further review
- Include customizable Finding Details language based on scan results
- Output directly to a DISA SQL 2014 or 2016 STIG checklist. (No more copying and pasting the results from your own ad-hoc scripts into the checklists!)
- Produce the both Instance and/or Database checklists
- Target multiple databases on a single SQL server at once and automatically produce individual checklists for each one
- Supports Windows and SQL Authentication
- Open Source version available (with signed contract) if command requires it
- Unattended execution feature facilitates easy integration with other vulnerability scanning products
Until DISA additional versions, these checks are applicable to SQL Server 2022, SQL Server 2019, SQL Server 2016, & SQL Server 2014.
REQUIREMENTS
- Windows 64-bit Operating System with:
- .NET 4.5 or higher
- PowerShell 5 or higher
- Execution policy remotesigned
This is a one year subscription download - Per AD Domain license. Expires 10/1/2025.
SAM.gov UEI: TYSCNN1FN7T6
DADMS ID: 134267