2.1.5 Point-in-Time Recovery | CONTINGENCY PLANNING |
2.2.1 Ensure Binary and Relay Logs are Encrypted | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.9 Require Current Password for Password Reset | IDENTIFICATION AND AUTHENTICATION |
2.10 Use Dual Passwords to Enable Higher Frequency Password Rotation | IDENTIFICATION AND AUTHENTICATION |
2.11 Lock Out Accounts if Not Currently in Use | ACCESS CONTROL |
2.12 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly | SYSTEM AND SERVICES ACQUISITION |
2.13 Ensure Socket Peer-Credential Authentication is Used Appropriately | CONFIGURATION MANAGEMENT |
2.14 Ensure MySQL is Bound to an IP Address | PLANNING, SYSTEM AND SERVICES ACQUISITION |
2.15 Limit Accepted Transport Layer Security (TLS) Versions | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.16 Require Client-Side Certificates (X.509) | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
2.17 Ensure Only Approved Ciphers are Used | SYSTEM AND SERVICES ACQUISITION |
4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | PLANNING, SYSTEM AND SERVICES ACQUISITION |
4.10 Use MySQL TDE for At-Rest Data Encryption | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
6.3 Ensure 'log_error_verbosity' is Set to '2' | AUDIT AND ACCOUNTABILITY |
6.6 Ensure ALL Events are Audited | AUDIT AND ACCOUNTABILITY |
6.7 Set audit_log_strategy to SYNCHRONOUS or SEMISYNCRONOUS | AUDIT AND ACCOUNTABILITY |
9.3 Ensure 'master_info_repository' is Set to 'TABLE' | CONFIGURATION MANAGEMENT |
10.2 Allowlist Approved Servers Belonging to a MySQL InnoDB Cluster | ACCESS CONTROL, MEDIA PROTECTION |
CIS_MySQL_8.0_Enterprise_Benchmark_v1.3.0_Level_2_Database.audit from CIS Oracle MySQL 8.0 Enterprise Edition Benchmark | |