Best practices

SQL Server instance with ‘external scripts enabled’ flag set to ‘on’

Platform(s)
Compliance Frameworks
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCPA
  • ,
  • coppa
  • ,
  • CPRA
  • ,
  • GCP CIS
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • pipeda
  • ,
  • UK Cyber Essentials

Description

We have found that {GcpSQLInstance} has 'external scripts enabled' flag set to 'on'. 'external scripts enabled' allows the execution of scripts with certain remote language extensions. This property is OFF by default. When Advanced Analytics Services is installed, setup can optionally set this property to 'on', which could adversely affect the security of the system, hence this should be disabled.