Check | Description |
---|---|
| Windows authentication is used to connect to the database. |
| Strong passwords are used and enforced. |
| If SQL Server authentication is used, the credentials are secured over the network by using IPSec or SSL, or by installing a database server certificate. |
| If SQL Server authentication is used, connection strings are encrypted by using DPAPI and are stored in a secure location. |
| Application connects using a least-privileged account. The sa account or other privileged accounts that are members of the sysadmin or db_owner roles are not used for application logins. |