STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to MS SQL Server 2016 Instance Security Technical Implementation Guide

V-213993

CAT II (Medium)

When updates are applied to SQL Server software, any software components that have been replaced or made unnecessary must be removed.

Rule ID

SV-213993r961677_rule

STIG

MS SQL Server 2016 Instance Security Technical Implementation Guide

Version

V3R6

CCIs

CCI-002617

Discussion

Previous versions of DBMS components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some DBMSs' installation tools may remove older versions of software automatically from the information system. In other cases, manual review and removal will be required. In planning installations and upgrades, organizations must include steps (automated, manual, or both) to identify and remove the outdated modules. A transition period may be necessary when both the old and the new software are required. This should be taken into account in the planning.

Check Content

From the server documentation, obtain a listing of required components.  
 
Generate a listing of components installed on the server. 
 
Click Start >> Type "SQL Server 2016 Installation Center" >> Launch the program >> Click Tools >> Click "Installed SQL Server features discovery report" 
 
Compare the feature listing against the required components listing. If any features are installed, but are not required, this is a finding.

Fix Text

Remove all features that are not required.