Detections
Analytics

DISA Oracle MySQL 8.0 v1r4 DB

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA Oracle MySQL 8.0 v1r4 DB

Updated: 6/17/2024

Authority: DISA STIG

Plugin: MySQLDB

Revision: 1.2

Estimated Item Count: 60

Audit Items

DescriptionCategories
MYS8-00-000100 - MySQL Database Server 8.0 must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.
MYS8-00-000800 - The MySQL Database Server 8.0 must include additional, more detailed, organizationally defined information in the audit records for audit events identified by type, location, or subject.
MYS8-00-001500 - The MySQL Database Server 8.0 must protect against a user falsely repudiating having performed organization-defined actions.
MYS8-00-001900 - The MySQL Database Server 8.0 must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur
MYS8-00-002000 - The MySQL Database Server 8.0 must be able to generate audit records when security objects are accessed
MYS8-00-002100 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to access security objects occur
MYS8-00-002200 - The MySQL Database Server 8.0 must generate audit records when categories of information (e.g., classification levels/security levels) are accessed
MYS8-00-002400 - The MySQL Database Server 8.0 must generate audit records when privileges/permissions are added
MYS8-00-002500 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to add privileges/permissions occur
MYS8-00-002600 - The MySQL Database Server 8.0 must generate audit records when privileges/permissions are modified
MYS8-00-002700 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify privileges/permissions occur
MYS8-00-002800 - The MySQL Database Server 8.0 must generate audit records when security objects are modified
MYS8-00-002900 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify security objects occur
MYS8-00-003200 - The MySQL Database Server 8.0 must generate audit records when privileges/permissions are deleted
MYS8-00-003400 - The MySQL Database Server 8.0 must generate audit records when security objects are deleted
MYS8-00-003500 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to delete security objects occur
MYS8-00-003700 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to delete categories of information (e.g., classification levels/security levels) occur
MYS8-00-003800 - The MySQL Database Server 8.0 must generate audit records when successful logons or connections occur
MYS8-00-004000 - The MySQL Database Server 8.0 must generate audit records for all privileged activities or other system-level access
MYS8-00-004100 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur
MYS8-00-004200 - The MySQL Database Server 8.0 must generate audit records showing starting and ending time for user access to the database(s)
MYS8-00-004400 - The MySQL Database Server 8.0 must be able to generate audit records when successful accesses to objects occur
MYS8-00-004500 - The MySQL Database Server 8.0 must generate audit records when unsuccessful accesses to objects occur
MYS8-00-004600 - The MySQL Database Server 8.0 must generate audit records for all direct access to the database(s)
MYS8-00-004700 - The MySQL Database Server 8.0, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation
MYS8-00-004900 - The MySQL Database Server 8.0 must map the PKI-authenticated identity to an associated user account.
MYS8-00-005000 - If Database Management System (DBMS) authentication using passwords is employed, the DBMS must enforce the DoD standards for password complexity and lifetime.
MYS8-00-005100 - If passwords are used for authentication, the MySQL Database Server 8.0 must store only hashed, salted representations of passwords.
MYS8-00-005200 - If passwords are used for authentication, the MySQL Database Server 8.0 must transmit only encrypted representations of passwords.
MYS8-00-005300 - The MySQL Database Server 8.0 must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
MYS8-00-005500 - The MySQL Database Server 8.0 must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs.
MYS8-00-005700 - Unused database components, MySQL Database Server 8.0 software, and database objects must be removed
MYS8-00-005800 - Unused database components which are integrated in the MySQL Database Server 8.0 and cannot be uninstalled must be disabled
MYS8-00-006000 - The MySQL Database Server 8.0 must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments
MYS8-00-006100 - The MySQL Database Server 8.0 must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users)
MYS8-00-006300 - The MySQL Database Server 8.0 must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).
MYS8-00-006400 - The MySQL Database Server 8.0 must separate user functionality (including user interface services) from database management functionality.
MYS8-00-006500 - The MySQL Database Server 8.0 must isolate security functions from non-security functions.
MYS8-00-006600 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.
MYS8-00-006800 - Access to database files must be limited to relevant processes and to authorized, administrative users.
MYS8-00-007000 - The MySQL Database Server 8.0 must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values
MYS8-00-007300 - The MySQL Database Server 8.0 must check the validity of all data inputs except those specifically identified by the organization.
MYS8-00-007400 - The MySQL Database Server 8.0 and associated applications must reserve the use of dynamic code execution for situations that require it.
MYS8-00-007500 - The MySQL Database Server 8.0 and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack
MYS8-00-007800 - The MySQL Database Server 8.0 must initiate session auditing upon startup
MYS8-00-008000 - The MySQL Database Server 8.0 must protect its audit features from unauthorized access.
MYS8-00-008500 - Database software, including MySQL Database Server 8.0 configuration files, must be stored in dedicated directories, or DASD pools (remove), separate from the host OS and other applications
MYS8-00-009000 - The MySQL Database Server 8.0 must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance
MYS8-00-009100 - The MySQL Database Server 8.0 must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status
MYS8-00-009300 - The MySQL Database Server 8.0 must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the MySQL Database Server 8.0 or database(s)