| 1.7 Ensure MariaDB is Run Under a Sandbox Environment | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.5 Point-in-Time Recovery | CONTINGENCY PLANNING |
| 2.7 Lock Out Accounts if Not Currently in Use | ACCESS CONTROL |
| 2.8 Ensure Socket Peer-Credential Authentication is Used Appropriately | CONFIGURATION MANAGEMENT |
| 2.9 Ensure MariaDB is Bound to an IP Address | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 2.10 Limit Accepted Transport Layer Security (TLS) Versions | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.11 Require Client-Side Certificates (X.509) | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.12 Ensure Only Approved Ciphers are Used | SYSTEM AND SERVICES ACQUISITION |
| 4.8 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.9 Enable data-at-rest encryption in MariaDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
| 6.3 Ensure 'log_warnings' is Set to '2' | AUDIT AND ACCOUNTABILITY |
| 6.4 Ensure Audit Logging Is Enabled | AUDIT AND ACCOUNTABILITY |
| 6.6 Ensure Binary and Relay Logs are Encrypted | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.4 Ensure only approved ciphers are used for Replication | SYSTEM AND SERVICES ACQUISITION |
| CIS_MariaDB_10.6_Benchmark_v1.1.0_L2_Database.audit from CIS MariaDB 10.6 Benchmark | |
