CIS MySQL 8.0 Enterprise Database L2 v1.3.0

Audit Details

Name: CIS MySQL 8.0 Enterprise Database L2 v1.3.0

Updated: 6/17/2024

Authority: CIS

Plugin: MySQLDB

Revision: 1.2

Estimated Item Count: 20

File Details

Filename: CIS_MySQL_8.0_Enterprise_Benchmark_v1.3.0_Level_2_Database.audit

Size: 53.2 kB

MD5: e86f65391e240819b78197a4e5c49255
SHA256: 542397a8fcc6a2af0b7e94a9bf863da647486943524ebd600c9f0491cfd766b1

Audit Items

DescriptionCategories
2.1.5 Point-in-Time Recovery

CONTINGENCY PLANNING

2.2.1 Ensure Binary and Relay Logs are Encrypted

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.9 Require Current Password for Password Reset

IDENTIFICATION AND AUTHENTICATION

2.10 Use Dual Passwords to Enable Higher Frequency Password Rotation

IDENTIFICATION AND AUTHENTICATION

2.11 Lock Out Accounts if Not Currently in Use

ACCESS CONTROL

2.12 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly

SYSTEM AND SERVICES ACQUISITION

2.13 Ensure Socket Peer-Credential Authentication is Used Appropriately

CONFIGURATION MANAGEMENT

2.14 Ensure MySQL is Bound to an IP Address

PLANNING, SYSTEM AND SERVICES ACQUISITION

2.15 Limit Accepted Transport Layer Security (TLS) Versions

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.16 Require Client-Side Certificates (X.509)

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.17 Ensure Only Approved Ciphers are Used

SYSTEM AND SERVICES ACQUISITION

4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES'

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.10 Use MySQL TDE for At-Rest Data Encryption

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users

ACCESS CONTROL

6.3 Ensure 'log_error_verbosity' is Set to '2'

AUDIT AND ACCOUNTABILITY

6.6 Ensure ALL Events are Audited

AUDIT AND ACCOUNTABILITY

6.7 Set audit_log_strategy to SYNCHRONOUS or SEMISYNCRONOUS

AUDIT AND ACCOUNTABILITY

9.3 Ensure 'master_info_repository' is Set to 'TABLE'

CONFIGURATION MANAGEMENT

10.2 Allowlist Approved Servers Belonging to a MySQL InnoDB Cluster

ACCESS CONTROL, MEDIA PROTECTION

CIS_MySQL_8.0_Enterprise_Benchmark_v1.3.0_Level_2_Database.audit from CIS Oracle MySQL 8.0 Enterprise Edition Benchmark