DISA Oracle MySQL 8.0 v2r2 DB

Audit Details

Name: DISA Oracle MySQL 8.0 v2r2 DB

Updated: 11/22/2024

Authority: DISA STIG

Plugin: MySQLDB

Revision: 1.0

Estimated Item Count: 96

File Details

Filename: DISA_STIG_Oracle_MySQL_8.0_v2r2_Database.audit

Size: 306 kB

MD5: 4e7570f9a0f2a192cf7831e34af952a2
SHA256: 88019a4d995b44935ae945b84453b81f05376fe92344b240ae8ae21740b929e4

Audit Items

DescriptionCategories
DISA_STIG_Oracle_MySQL_8.0_v2r2_Database.audit from DISA Oracle MySQL 8.0 v2r2 STIG
MYS8-00-000100 - MySQL Database Server 8.0 must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.

ACCESS CONTROL

MYS8-00-000200 - MySQL Database Server 8.0 must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.

ACCESS CONTROL

MYS8-00-000300 - MySQL Database Server 8.0 must produce audit records containing sufficient information to establish what type of events occurred.

AUDIT AND ACCOUNTABILITY

MYS8-00-000800 - The MySQL Database Server 8.0 must include additional, more detailed, organizationally defined information in the audit records for audit events identified by type, location, or subject.

AUDIT AND ACCOUNTABILITY

MYS8-00-001500 - The MySQL Database Server 8.0 must protect against a user falsely repudiating having performed organization-defined actions.

AUDIT AND ACCOUNTABILITY

MYS8-00-001600 - The MySQL Database Server 8.0 must be configured to provide audit record generation capability for DoD-defined auditable events within all database components.

AUDIT AND ACCOUNTABILITY

MYS8-00-001700 - The MySQL Database Server 8.0 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.

AUDIT AND ACCOUNTABILITY

MYS8-00-001800 - The MySQL Database Server 8.0 must be able to generate audit records when privileges/permissions are retrieved.

AUDIT AND ACCOUNTABILITY

MYS8-00-001900 - The MySQL Database Server 8.0 must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-002000 - The MySQL Database Server 8.0 must be able to generate audit records when security objects are accessed.

AUDIT AND ACCOUNTABILITY

MYS8-00-002100 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to access security objects occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-002200 - The MySQL Database Server 8.0 must generate audit records when categories of information (e.g., classification levels/security levels) are accessed.

AUDIT AND ACCOUNTABILITY

MYS8-00-002300 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to access categories of information (e.g., classification levels/security levels) occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-002400 - The MySQL Database Server 8.0 must generate audit records when privileges/permissions are added.

AUDIT AND ACCOUNTABILITY

MYS8-00-002500 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to add privileges/permissions occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-002600 - The MySQL Database Server 8.0 must generate audit records when privileges/permissions are modified.

AUDIT AND ACCOUNTABILITY

MYS8-00-002700 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify privileges/permissions occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-002800 - The MySQL Database Server 8.0 must generate audit records when security objects are modified.

AUDIT AND ACCOUNTABILITY

MYS8-00-002900 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify security objects occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-003000 - The MySQL Database Server 8.0 must generate audit records when categories of information (e.g., classification levels/security levels) are modified.

AUDIT AND ACCOUNTABILITY

MYS8-00-003100 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to modify categories of information (e.g., classification levels/security levels) occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-003200 - The MySQL Database Server 8.0 must generate audit records when privileges/permissions are deleted.

AUDIT AND ACCOUNTABILITY

MYS8-00-003300 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to delete privileges/permissions occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-003400 - The MySQL Database Server 8.0 must generate audit records when security objects are deleted.

AUDIT AND ACCOUNTABILITY

MYS8-00-003500 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to delete security objects occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-003600 - The MySQL Database Server 8.0 must generate audit records when categories of information (e.g., classification levels/security levels) are deleted.

AUDIT AND ACCOUNTABILITY

MYS8-00-003700 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to delete categories of information (e.g., classification levels/security levels) occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-003800 - The MySQL Database Server 8.0 must generate audit records when successful logons or connections occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-003900 - The MySQL Database Server 8.0 must generate audit records when unsuccessful logons or connection attempts occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-004000 - The MySQL Database Server 8.0 must generate audit records for all privileged activities or other system-level access.

AUDIT AND ACCOUNTABILITY

MYS8-00-004100 - The MySQL Database Server 8.0 must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-004200 - The MySQL Database Server 8.0 must generate audit records showing starting and ending time for user access to the database(s).

AUDIT AND ACCOUNTABILITY

MYS8-00-004300 - The MySQL Database Server 8.0 must generate audit records when concurrent logons/connections by the same user from different workstations.

AUDIT AND ACCOUNTABILITY

MYS8-00-004400 - The MySQL Database Server 8.0 must be able to generate audit records when successful accesses to objects occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-004500 - The MySQL Database Server 8.0 must generate audit records when unsuccessful accesses to objects occur.

AUDIT AND ACCOUNTABILITY

MYS8-00-004600 - The MySQL Database Server 8.0 must generate audit records for all direct access to the database(s).

AUDIT AND ACCOUNTABILITY

MYS8-00-004700 - The MySQL Database Server 8.0, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation.

IDENTIFICATION AND AUTHENTICATION

MYS8-00-004800 - The MySQL Database Server 8.0 must enforce authorized access to all PKI private keys stored/utilized by the MySQL Database Server 8.0.

IDENTIFICATION AND AUTHENTICATION

MYS8-00-004900 - The MySQL Database Server 8.0 must map the PKI-authenticated identity to an associated user account.

IDENTIFICATION AND AUTHENTICATION

MYS8-00-005000 - If Database Management System (DBMS) authentication using passwords is employed, the DBMS must enforce the DOD standards for password complexity and lifetime - DBMS authentication using passwords is employed, the DBMS must enforce the DoD standards for password complexity and lifetime.

IDENTIFICATION AND AUTHENTICATION

MYS8-00-005100 - If passwords are used for authentication, the MySQL Database Server 8.0 must store only hashed, salted representations of passwords.

IDENTIFICATION AND AUTHENTICATION

MYS8-00-005200 - If passwords are used for authentication, the MySQL Database Server 8.0 must transmit only encrypted representations of passwords.

IDENTIFICATION AND AUTHENTICATION

MYS8-00-005300 - The MySQL Database Server 8.0 must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

IDENTIFICATION AND AUTHENTICATION

MYS8-00-005400 - The MySQL Database Server 8.0 must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

ACCESS CONTROL

MYS8-00-005500 - The MySQL Database Server 8.0 must be configured in accordance with the security configuration settings based on DoD security configuration and implementation guidance, including STIGs, NSA configuration guides, CTOs, DTMs, and IAVMs.

CONFIGURATION MANAGEMENT

MYS8-00-005600 - Default demonstration and sample databases, database objects, and applications must be removed.

CONFIGURATION MANAGEMENT

MYS8-00-005700 - Unused database components, MySQL Database Server 8.0 software, and database objects must be removed.

CONFIGURATION MANAGEMENT

MYS8-00-005800 - Unused database components which are integrated in the MySQL Database Server 8.0 and cannot be uninstalled must be disabled.

CONFIGURATION MANAGEMENT

MYS8-00-006000 - The MySQL Database Server 8.0 must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

CONFIGURATION MANAGEMENT