SQL Server must maintain a separate execution domain for each executing process.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-271359 | SQLI-22-012300 | SV-271359r1111089_rule | Medium |
| Description |
| Database management systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each process has a distinct address space so that communication between processes is controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. |
| STIG | Date |
| Microsoft SQL Server 2022 Instance Security Technical Implementation Guide | 2025-05-30 |
Details
| Check Text (C-75402r1111087_chk) |
| Review the server documentation to determine whether use of CLR assemblies is required. Run the following query to determine whether CLR is enabled for the instance: SELECT name, value, value_in_use FROM sys.configurations WHERE name = 'clr enabled' If "value_in_use" is a "1" and CLR is not required, this is a finding. |
| Fix Text (F-75309r1111088_fix) |
| Disable use of or remove any CLR code that is not authorized. To disable the use of CLR, from the query prompt: EXEC SP_CONFIGURE 'clr enabled', 0; RECONFIGURE WITH OVERRIDE; |