Mohammad Darab has a quick summary of the Department of Defense’s STIG overview for SQL Server 2016:
To make it easier for people in charge of “STIG’ing” their SQL Server 2016 environment, this blog is aimed to go over the newest MS SQL Server 2016 STIG Overview document (Version 1, Release 1) that was released on 09 March 2018. If you want to read through the whole document you can download it here. Otherwise, below is my summation of the relevant sections.
This overview document was developed by both Microsoft and DISA for the Department of Defense.
The entire overview document is 9 pages (including title page, etc.)
Click through for Mohammad’s summary. Also check out Chris Bell’s sp_woxcompliant.