Skip to main content

๐Ÿ›ก๏ธ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value๐ŸŸข

  • Contextual name: ๐Ÿ›ก๏ธ SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value๐ŸŸข
  • ID: /ce/ca/google/sql/sqlserver-instance-user-connections-flag
  • Tags:
  • Policy Type: COMPLIANCE_POLICY
  • Policy Categories: RELIABILITY

Logicโ€‹

Similar Policiesโ€‹

Descriptionโ€‹

Open File

Descriptionโ€‹

It is recommended to check the user connections for a Cloud SQL SQL Server instance to ensure that it is not artificially limiting connections.

Rationaleโ€‹

The user connections option specifies the maximum number of simultaneous user connections that are allowed on an instance of SQL Server. The actual number of user connections allowed also depends on the version of SQL Server that you are using, and also the limits of your application or applications and hardware. SQL Server allows a maximum of 32,767 user connections. Because user connections is by default a self-configuring value, with SQL Server adjusting the maximum number of user connections automatically as needed, up to the maximum value allowable. For example, if only 10 users are logged in, 10 user connection objects are allocated. In most cases, you do not have to change the value for this option. The default is 0, which means that the maximum (32,767) user connections are allowed. However if there is a number defined here that limits connections, SQL Server will not allow anymore above this limit. If the connections are at the limit, any new requests will be dropped, potentially causing lost data or outages for those using the database.

... see more

Remediationโ€‹

Open File

Remediationโ€‹

From Google Cloud Consoleโ€‹

  1. Go to the Cloud SQL Instances page in the Google Cloud Console by visiting https://console.cloud.google.com/sql/instances.
  2. Select the SQL Server instance for which you want to enable to database flag.
  3. Click Edit.
  4. Scroll down to the Flags section.
  5. To set a flag that has not been set on the instance before, click Add item, choose the flag user connections from the drop-down menu, and set its value to your organization recommended value.
  6. Click Save to save your changes.
  7. Confirm your changes under Flags on the Overview page.

From Google Cloud CLIโ€‹

  1. Configure the user connections database flag for every Cloud SQL SQL Server database instance using the below command.

         gcloud sql instances patch <INSTANCE_NAME> --database-flags "user connections=[0-32,767]"

Note: This command will overwrite all database flags previously set. To keep those and add new ones, include the values for all flags you want set on the instance; any flag not specifically included is set to its default value. For flags that do not take a value, specify the flag name followed by an equals sign ("=").

policy.yamlโ€‹

Open File

Linked Framework Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
๐Ÿ’ผ CIS GCP v1.2.0 โ†’ ๐Ÿ’ผ 6.3.3 Ensure 'user connections' database flag for Cloud SQL SQL Server instance is set as appropriate - Level 1 (Automated)1no data
๐Ÿ’ผ CIS GCP v1.3.0 โ†’ ๐Ÿ’ผ 6.3.3 Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value - Level 1 (Automated)1no data
๐Ÿ’ผ CIS GCP v2.0.0 โ†’ ๐Ÿ’ผ 6.3.3 Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value - Level 1 (Automated)1no data
๐Ÿ’ผ CIS GCP v3.0.0 โ†’ ๐Ÿ’ผ 6.3.3 Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value - Level 1 (Automated)1no data
๐Ÿ’ผ Cloudaware Framework โ†’ ๐Ÿ’ผ System Configuration45no data
๐Ÿ’ผ FedRAMP High Security Controls โ†’ ๐Ÿ’ผ CM-1 Policy and Procedures (L)(M)(H)3no data
๐Ÿ’ผ FedRAMP High Security Controls โ†’ ๐Ÿ’ผ CM-2 Baseline Configuration (L)(M)(H)3130no data
๐Ÿ’ผ FedRAMP High Security Controls โ†’ ๐Ÿ’ผ CM-6 Configuration Settings (L)(M)(H)212no data
๐Ÿ’ผ FedRAMP High Security Controls โ†’ ๐Ÿ’ผ CM-7 Least Functionality (L)(M)(H)31833no data
๐Ÿ’ผ FedRAMP High Security Controls โ†’ ๐Ÿ’ผ CM-9 Configuration Management Plan (M)(H)8no data
๐Ÿ’ผ FedRAMP High Security Controls โ†’ ๐Ÿ’ผ SA-3 System Development Life Cycle (L)(M)(H)4no data
๐Ÿ’ผ FedRAMP High Security Controls โ†’ ๐Ÿ’ผ SA-8 Security and Privacy Engineering Principles (L)(M)(H)6no data
๐Ÿ’ผ FedRAMP High Security Controls โ†’ ๐Ÿ’ผ SA-10 Developer Configuration Management (M)(H)3no data
๐Ÿ’ผ FedRAMP Low Security Controls โ†’ ๐Ÿ’ผ CM-1 Policy and Procedures (L)(M)(H)3no data
๐Ÿ’ผ FedRAMP Low Security Controls โ†’ ๐Ÿ’ผ CM-2 Baseline Configuration (L)(M)(H)29no data
๐Ÿ’ผ FedRAMP Low Security Controls โ†’ ๐Ÿ’ผ CM-6 Configuration Settings (L)(M)(H)11no data
๐Ÿ’ผ FedRAMP Low Security Controls โ†’ ๐Ÿ’ผ CM-7 Least Functionality (L)(M)(H)29no data
๐Ÿ’ผ FedRAMP Low Security Controls โ†’ ๐Ÿ’ผ SA-3 System Development Life Cycle (L)(M)(H)4no data
๐Ÿ’ผ FedRAMP Low Security Controls โ†’ ๐Ÿ’ผ SA-8 Security and Privacy Engineering Principles (L)(M)(H)6no data
๐Ÿ’ผ FedRAMP Moderate Security Controls โ†’ ๐Ÿ’ผ CM-1 Policy and Procedures (L)(M)(H)3no data
๐Ÿ’ผ FedRAMP Moderate Security Controls โ†’ ๐Ÿ’ผ CM-2 Baseline Configuration (L)(M)(H)330no data
๐Ÿ’ผ FedRAMP Moderate Security Controls โ†’ ๐Ÿ’ผ CM-6 Configuration Settings (L)(M)(H)112no data
๐Ÿ’ผ FedRAMP Moderate Security Controls โ†’ ๐Ÿ’ผ CM-7 Least Functionality (L)(M)(H)333no data
๐Ÿ’ผ FedRAMP Moderate Security Controls โ†’ ๐Ÿ’ผ CM-9 Configuration Management Plan (M)(H)8no data
๐Ÿ’ผ FedRAMP Moderate Security Controls โ†’ ๐Ÿ’ผ SA-3 System Development Life Cycle (L)(M)(H)4no data
๐Ÿ’ผ FedRAMP Moderate Security Controls โ†’ ๐Ÿ’ผ SA-8 Security and Privacy Engineering Principles (L)(M)(H)6no data
๐Ÿ’ผ FedRAMP Moderate Security Controls โ†’ ๐Ÿ’ผ SA-10 Developer Configuration Management (M)(H)3no data
๐Ÿ’ผ ISO/IEC 27001:2022 โ†’ ๐Ÿ’ผ 8.1 User end point devices813no data
๐Ÿ’ผ ISO/IEC 27001:2022 โ†’ ๐Ÿ’ผ 8.9 Configuration management12no data
๐Ÿ’ผ NIST CSF v1.1 โ†’ ๐Ÿ’ผ PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality)426no data
๐Ÿ’ผ NIST CSF v2.0 โ†’ ๐Ÿ’ผ DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events142no data
๐Ÿ’ผ NIST CSF v2.0 โ†’ ๐Ÿ’ผ GV.OC-03: Legal, regulatory, and contractual requirements regarding cybersecurity - including privacy and civil liberties obligations - are understood and managed7no data
๐Ÿ’ผ NIST CSF v2.0 โ†’ ๐Ÿ’ผ GV.OV-01: Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction3no data
๐Ÿ’ผ NIST CSF v2.0 โ†’ ๐Ÿ’ผ GV.PO-01: Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced3no data
๐Ÿ’ผ NIST CSF v2.0 โ†’ ๐Ÿ’ผ GV.PO-02: Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission3no data
๐Ÿ’ผ NIST CSF v2.0 โ†’ ๐Ÿ’ผ GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes10no data
๐Ÿ’ผ NIST CSF v2.0 โ†’ ๐Ÿ’ผ ID.AM-08: Systems, hardware, software, services, and data are managed throughout their life cycles25no data
๐Ÿ’ผ NIST CSF v2.0 โ†’ ๐Ÿ’ผ ID.IM-01: Improvements are identified from evaluations26no data
๐Ÿ’ผ NIST CSF v2.0 โ†’ ๐Ÿ’ผ ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties40no data
๐Ÿ’ผ NIST CSF v2.0 โ†’ ๐Ÿ’ผ ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities41no data
๐Ÿ’ผ NIST CSF v2.0 โ†’ ๐Ÿ’ผ ID.RA-09: The authenticity and integrity of hardware and software are assessed prior to acquisition and use4no data
๐Ÿ’ผ NIST CSF v2.0 โ†’ ๐Ÿ’ผ PR.DS-10: The confidentiality, integrity, and availability of data-in-use are protected142no data
๐Ÿ’ผ NIST CSF v2.0 โ†’ ๐Ÿ’ผ PR.IR-03: Mechanisms are implemented to achieve resilience requirements in normal and adverse situations15no data
๐Ÿ’ผ NIST SP 800-53 Revision 5 โ†’ ๐Ÿ’ผ CM-1 Policy and Procedures3no data
๐Ÿ’ผ NIST SP 800-53 Revision 5 โ†’ ๐Ÿ’ผ CM-2 Baseline Configuration729no data
๐Ÿ’ผ NIST SP 800-53 Revision 5 โ†’ ๐Ÿ’ผ CM-6 Configuration Settings412no data
๐Ÿ’ผ NIST SP 800-53 Revision 5 โ†’ ๐Ÿ’ผ CM-7 Least Functionality923no data
๐Ÿ’ผ NIST SP 800-53 Revision 5 โ†’ ๐Ÿ’ผ CM-9 Configuration Management Plan18no data
๐Ÿ’ผ NIST SP 800-53 Revision 5 โ†’ ๐Ÿ’ผ SA-3 System Development Life Cycle34no data
๐Ÿ’ผ NIST SP 800-53 Revision 5 โ†’ ๐Ÿ’ผ SA-8 Security and Privacy Engineering Principles338no data
๐Ÿ’ผ NIST SP 800-53 Revision 5 โ†’ ๐Ÿ’ผ SA-10 Developer Configuration Management73no data
๐Ÿ’ผ PCI DSS v3.2.1 โ†’ ๐Ÿ’ผ 1.1 Establish and implement firewall and router configuration standards7139no data
๐Ÿ’ผ PCI DSS v3.2.1 โ†’ ๐Ÿ’ผ 1.1.6 Documentation of business justification and approval for use of all services, protocols, and ports allowed, including documentation of security features implemented for those protocols considered to be insecure.127no data
๐Ÿ’ผ PCI DSS v3.2.1 โ†’ ๐Ÿ’ผ 1.1.7 Requirement to review firewall and router rule sets at least every six months.9no data
๐Ÿ’ผ PCI DSS v3.2.1 โ†’ ๐Ÿ’ผ 1.4 Install personal firewall software or equivalent functionality on any portable computing devices that connect to the Internet when outside the network, and which are also used to access the CDE.8no data
๐Ÿ’ผ PCI DSS v3.2.1 โ†’ ๐Ÿ’ผ 1.5 Ensure that security policies and operational procedures for managing firewalls are documented, in use, and known to all affected parties.8no data
๐Ÿ’ผ PCI DSS v3.2.1 โ†’ ๐Ÿ’ผ 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards.5332no data
๐Ÿ’ผ PCI DSS v3.2.1 โ†’ ๐Ÿ’ผ 2.5 Ensure that security policies and operational procedures for managing vendor defaults and other security parameters are documented, in use, and known to all affected parties.8no data
๐Ÿ’ผ PCI DSS v4.0.1 โ†’ ๐Ÿ’ผ 1.1.1 All security policies and operational procedures identified in Requirement 1 are documented, kept up to date, in use, and known to all affected parties.8no data
๐Ÿ’ผ PCI DSS v4.0.1 โ†’ ๐Ÿ’ผ 1.2.1 Configuration standards for NSC rulesets are defined, implemented, maintained.34no data
๐Ÿ’ผ PCI DSS v4.0.1 โ†’ ๐Ÿ’ผ 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need.27no data
๐Ÿ’ผ PCI DSS v4.0.1 โ†’ ๐Ÿ’ผ 1.2.6 Security features are defined and implemented for all services, protocols, and ports that are in use and considered to be insecure, such that the risk is mitigated.27no data
๐Ÿ’ผ PCI DSS v4.0.1 โ†’ ๐Ÿ’ผ 1.2.7 Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective.9no data
๐Ÿ’ผ PCI DSS v4.0.1 โ†’ ๐Ÿ’ผ 1.5.1 Security controls are implemented on any computing devices, including company- and employee-owned devices, that connect to both untrusted networks and the CDE.8no data
๐Ÿ’ผ PCI DSS v4.0.1 โ†’ ๐Ÿ’ผ 2.1.1 All security policies and operational procedures identified in Requirement 2 are documented, kept up to date, in use, and known to all affected parties.8no data
๐Ÿ’ผ PCI DSS v4.0.1 โ†’ ๐Ÿ’ผ 2.2.1 Configuration standards are developed, implemented, and maintained.13no data
๐Ÿ’ผ PCI DSS v4.0 โ†’ ๐Ÿ’ผ 1.1.1 All security policies and operational procedures identified in Requirement 1 are documented, kept up to date, in use, and known to all affected parties.8no data
๐Ÿ’ผ PCI DSS v4.0 โ†’ ๐Ÿ’ผ 1.2.1 Configuration standards for NSC rulesets are defined, implemented, maintained.2434no data
๐Ÿ’ผ PCI DSS v4.0 โ†’ ๐Ÿ’ผ 1.2.5 All services, protocols, and ports allowed are identified, approved, and have a defined business need.1527no data
๐Ÿ’ผ PCI DSS v4.0 โ†’ ๐Ÿ’ผ 1.2.6 Security features are defined and implemented for all services, protocols, and ports that are in use and considered to be insecure, such that the risk is mitigated.627no data
๐Ÿ’ผ PCI DSS v4.0 โ†’ ๐Ÿ’ผ 1.2.7 Configurations of NSCs are reviewed at least once every six months to confirm they are relevant and effective.9no data
๐Ÿ’ผ PCI DSS v4.0 โ†’ ๐Ÿ’ผ 1.5.1 Security controls are implemented on any computing devices, including company- and employee-owned devices, that connect to both untrusted networks and the CDE.8no data
๐Ÿ’ผ PCI DSS v4.0 โ†’ ๐Ÿ’ผ 2.1.1 All security policies and operational procedures identified in Requirement 2 are documented, kept up to date, in use, and known to all affected parties.8no data
๐Ÿ’ผ PCI DSS v4.0 โ†’ ๐Ÿ’ผ 2.2.1 Configuration standards are developed, implemented, and maintained.13no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC7.1-2 Monitors Infrastructure and Software811no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC7.1-3 Implements Change-Detection Mechanisms3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC7.1-4 Detects Unknown or Unauthorized Components3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-1 Manages Changes Throughout the System Lifecycle3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-2 Authorizes Changes3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-3 Designs and Develops Changes3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-4 Documents Changes3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-5 Tracks System Changes3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-6 Configures Software3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-7 Tests System Changes3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-8 Approves System Changes3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-9 Deploys System Changes3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-10 Identifies and Evaluates System Changes3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-11 Identifies Changes in Infrastructure, Data, Software, and Procedures Required to Remediate Incidents3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-12 Creates Baseline Configuration of IT Technology3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-13 Provides for Changes Necessary in Emergency Situations3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-14 Manages Patch Changes3no data
๐Ÿ’ผ SOC 2 โ†’ ๐Ÿ’ผ CC8.1-15 Considers System Resilience3no data