I have a question around the compliance controls and Microsoft SQL Server.
Our DBAs have noticed that the reports are generating control failures for each database instance when in fact the control is actually at the server level. As an example of one such control, 2761 Status of the 'Database Mail XPs' setting is a "global" server setting and configuring it once at the server applies to all instances; it's not a setting that can be applied per instance.
Yet, Qualys is reporting this setting for each instance and if you have over 100 instances on one server it can lead to some very large reports and large numbers of controls failing.
Another example of a server control setting is 2705 Status of the 'remote access' server configuration setting which is also being reported per instance.
Does anyone have an explanation I can pass back to our DBAs as to why these can't be reported once per server or if there is a very good reason why they are being reported per instance?