STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Microsoft Azure SQL Database Security Technical Implementation Guide

V-255346

CAT II (Medium)

Azure SQL Database must only use approved firewall settings deemed by the organization to be secure, including denying public network access.

Rule ID

SV-255346r961470_rule

STIG

Microsoft Azure SQL Database Security Technical Implementation Guide

Version

V2R3

CCIs

CCI-001762

Discussion

Use of nonsecure firewall settings, such as allowing public access, exposes the system to avoidable threats.

Check Content

Azure SQL Database must only use approved firewall settings, including denying public network access. This value is allowed by default in Azure SQL Database and should be disabled if not otherwise documented and approved.
 
Obtain a list of approved firewall settings from the database documentation. 
 
Verify that the public network access option is set to disabled.
 
If the value is enabled and not in use and specifically approved in the database documentation, this is a finding.

1. From the Azure Portal Dashboard, click "Set Server Firewall".
2. Review the Allow Azure services and resources to access this server option.

Fix Text

Assign the approved policy to Azure SQL Database.
1. From the Azure Portal Dashboard, click on the database.
2. Click "Set Server Firewall".
3. Review the public network access option.
4. Check the box to "Disable" public network access.
5. Click "Save".

For more information about connection policies:
https://docs.microsoft.com/en-us/azure/azure-sql/database/connectivity-architecture