From MS SQL Server 2014 Instance Security Technical Implementation Guide
Part of SRG-APP-000456-DB-000390
Associated with: CCI-002605
While it is important to apply SQL Server updates in a timely manner, it is also incumbent upon the database administrator and/or system administrator to ensure that their deployment will not interfere with the operation of the database and its applications. Other than in emergency situations, SQL Server updates must be applied to appropriately configured non-production systems, and the resulting version of SQL Server assessed for correct operation.
Obtain evidence that SQL Server software updates are tested before being applied to production servers, and that any exceptions are approved by the ISSM. If such evidence cannot be obtained, or the evidence that is obtained indicates a pattern of noncompliance, this is a finding.
Institute and adhere to policies and procedures to ensure that SQL Server updates are tested prior to installation on production servers.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer