| 2.5 Do Not Reuse Usernames | ACCESS CONTROL |
| 2.7 Ensure 'password_lifetime' is Less Than or Equal to '365' | IDENTIFICATION AND AUTHENTICATION |
| 2.8 Ensure Password Resets Require Strong Passwords | IDENTIFICATION AND AUTHENTICATION |
| 2.18 Implement Connection Delays to Limit Failed Login Attempts | ACCESS CONTROL |
| 4.1 Ensure the Latest Security Patches are Applied | SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure Example or Test Databases are Not Installed on Production Servers | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.4 Harden Usage for 'local_infile' on MySQL Clients | CONFIGURATION MANAGEMENT |
| 4.6 Ensure Symbolic Links are Disabled | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.7 Ensure the 'daemon_memcached' Plugin is Disabled | CONFIGURATION MANAGEMENT |
| 4.8 Ensure the 'secure_file_priv' is Configured Correctly | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1 Ensure Only Administrative Users Have Full Database Access | ACCESS CONTROL |
| 5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
| 5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
| 5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
| 5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
| 5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
| 5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users | ACCESS CONTROL, MEDIA PROTECTION |
| 5.9 Ensure DML/DDL Grants are Limited to Specific Databases and Users | ACCESS CONTROL, MEDIA PROTECTION |
| 5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 5.11 Ensure Proper Use Of 'SET_ANY_DEFINER' | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 5.12 Ensure Proper Use Of ALLOW_NONEXISTENT_DEFINER | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 6.1 Ensure 'log_error' is configured correctly | AUDIT AND ACCOUNTABILITY |
| 6.2 Ensure Log Files are Stored on a Non-System Partition | AUDIT AND ACCOUNTABILITY |
| 7.1 Ensure default_authentication_plugin is Set to a Secure Option | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure Passwords are Set for All MySQL Accounts | IDENTIFICATION AND AUTHENTICATION |
| 7.4 Set 'default_password_lifetime' to Require a Yearly Password Change | ACCESS CONTROL |
| 7.5 Ensure Password Complexity Policies are in Place | IDENTIFICATION AND AUTHENTICATION |
| 7.6 Ensure No Users Have Wildcard Hostnames | ACCESS CONTROL, MEDIA PROTECTION |
| 7.7 Ensure No Anonymous Accounts Exist | ACCESS CONTROL |
| 8.1 Ensure 'require_secure_transport' is Set to 'ON' and/or 'have_ssl' is Set to 'YES' | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2 Ensure 'ssl_type' is Set to 'ANY', 'X509', or 'SPECIFIED' for All Remote Users | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.3 Set Maximum Connection Limits for Server and per User | SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.1 Ensure Replication Traffic is Secured | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2 Ensure 'SOURCE_SSL_VERIFY_SERVER_CERT' is Set to 'YES' or '1' | CONFIGURATION MANAGEMENT |
| 9.4 Ensure 'super_priv' is Not Set to 'Y' for Replication Users | ACCESS CONTROL |
| 10.1 Ensure All Group Replication Traffic is Secured | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_MySQL_8.0_Community_Benchmark_v1.1.0_Level_1_Database.audit from CIS Oracle MySQL 8.0 Community Edition Benchmark | |
