Well if you go to IASE's web site you can download the SRR scripts for SQL Server. This is a pre-written T-SQL script that will execute against your instance of SQL Server. You can find that here: http://iase.disa.mil/stigs/app_security/database/srrs.html
Caveat about the link above: Authentication is required to access the scripts themselves and that can only be done from government networks. An alternative would be to copy out all the T-SQL scripts within the checklist documents and combine them into one script, that document is publicly available.
A lot of the checks within the checklist have to do with procedural and/or just regular documentation on documenting your environment.
You will not find any applications that will do the checks per the checklist but there are applications out there that can help with reporting on applications and operating systems compliance for HIPPA or PCI. Which most of those are stricter or come close to what the checklist requires.
Thanks so much for the help. I am looking into both options.
answered Jul 12, 2011 at 09:59 AM