Can the new SQL Server 2012 STIG checklist from IASE DISA be checked (using STIG Viewer) on SQL Server 2008 databases?
And if so, are there any SQL 2012 checks that are not applicable to SQL 2008? There are 160+ OS and DB checks for MAC IIIS, and we're on a tight schedule to do these checks on multiple servers, so we'd like to first narrow them down to something more manageable. We were previously using the SQL 2005 checklist, but my customer is requiring us to us the newest checklist for SQL 2012, since DISA has skipped the 2008 version. It would be nice to cross-reference the list with the 2005 version, but it's near impossible since it's made up of all new STIG checks and vulnerability IDs. Please see the following links... the first is the checklist itself, and the second is an online reference for the checks: