Trustworthy Bit
This rule determines whether the dbo role for a database is assigned to the sysadmin fixed server role and the database has its trustworthy bit set to ON.
If these conditions are met, a privileged database user can elevate privileges to the sysadmin role. In this role, the user can create and run unsafe assemblies that compromise the system.
Best Practices Recommendations
Turn off the trustworthy bit or revoke sysadmin permissions from the dbo database role.
For More Information
See Also
Monitor and Enforce Best Practices by Using Policy-Based Management