STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to MS SQL Server 2016 Instance Security Technical Implementation Guide

V-213991

CAT II (Medium)

SQL Server must maintain a separate execution domain for each executing process.

Rule ID

SV-213991r1137659_rule

STIG

MS SQL Server 2016 Instance Security Technical Implementation Guide

Version

V3R6

CCIs

CCI-002530

Discussion

Database management systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each process has a distinct address space so that communication between processes is controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces.

Check Content

Review the server documentation to determine whether use of CLR assemblies is required. Run the following query to determine whether CLR is enabled for the instance: 
 
SELECT name, value, value_in_use 
FROM sys.configurations 
WHERE name = 'clr enabled' 
 
If "value_in_use" is a "1" and CLR is not required, this is a finding.

Fix Text

Disable CLR support in SQL Server by executing the following query: 
 
EXEC sp_configure 'clr enabled', 0 
GO 
 
RECONFIGURE 
GO