| 1.1 Place Databases on Non-System Partitions | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.1 Backup Policy in Place | CONTINGENCY PLANNING |
| 2.1.2 Verify Backups are Good | CONTINGENCY PLANNING |
| 2.1.3 Secure Backup Credentials | ACCESS CONTROL, CONTINGENCY PLANNING, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 The Backups Should be Properly Secured | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.6 Disaster Recovery (DR) Plan | CONTINGENCY PLANNING |
| 2.1.7 Backup of Configuration and Related Files | CONTINGENCY PLANNING |
| 2.2 Dedicate the Machine Running MySQL | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.4 Do Not Reuse Usernames | ACCESS CONTROL |
| 2.5 Ensure Non-Default, Unique Cryptographic Material is in Use - 'ssl_cert' | IDENTIFICATION AND AUTHENTICATION |
| 2.5 Ensure Non-Default, Unique Cryptographic Material is in Use - 'ssl_key' | IDENTIFICATION AND AUTHENTICATION |
| 2.6 Ensure Password Complexity is Configured - validate_password_dictionary_file | IDENTIFICATION AND AUTHENTICATION |
| 2.6 Ensure Password Complexity is Configured - validate_password_length | IDENTIFICATION AND AUTHENTICATION |
| 2.6 Ensure Password Complexity is Configured - validate_password_mixed_case_count | IDENTIFICATION AND AUTHENTICATION |
| 2.6 Ensure Password Complexity is Configured - validate_password_number_count | IDENTIFICATION AND AUTHENTICATION |
| 2.6 Ensure Password Complexity is Configured - validate_password_policy | IDENTIFICATION AND AUTHENTICATION |
| 2.6 Ensure Password Complexity is Configured - validate_password_special_char_count | IDENTIFICATION AND AUTHENTICATION |
| 2.11 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROL | ACCESS CONTROL |
| 2.11 Implement Connection Delays to Limit Failed Login Attempts - connection_control_failed_connections_threshold | ACCESS CONTROL |
| 2.11 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS | ACCESS CONTROL |
| 2.11 Implement Connection Delays to Limit Failed Login Attempts - connection_control_max_connection_delay | ACCESS CONTROL |
| 2.11 Implement Connection Delays to Limit Failed Login Attempts - connection_control_min_connection_delay | ACCESS CONTROL |
| 4.1 Ensure the Latest Security Patches are Applied | SYSTEM AND SERVICES ACQUISITION |
| 4.2 Ensure Example or Test Databases are Not Installed on Production Servers | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure 'local_infile' Is Disabled | CONFIGURATION MANAGEMENT |
| 4.6 Ensure Symbolic Links are Disabled | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.7 Ensure the 'daemon_memcached' Plugin Is Disabled | CONFIGURATION MANAGEMENT |
| 4.8 Ensure the 'secure_file_priv' is Configured Correctly | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1 Ensure Only Administrative Users Have Full Database Access | ACCESS CONTROL |
| 5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
| 5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
| 5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
| 5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
| 5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
| 5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users | ACCESS CONTROL, MEDIA PROTECTION |
| 5.9 Ensure DML/DDL Grants Are Limited to Specific Databases and Users | ACCESS CONTROL, MEDIA PROTECTION |
| 5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 6.1 Ensure 'log_error' Is Not Empty | AUDIT AND ACCOUNTABILITY |
| 6.2 Ensure Log Files Are Stored on a Non-System Partition | AUDIT AND ACCOUNTABILITY |
| 7.1 Ensure 'old_passwords' Is Not Set to '1' - ON | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure 'secure_auth' is Set to 'ON' - ON | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - '@@global.sql_mode' | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - '@@session.sql_mode' | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 7.5 Ensure Passwords are Set for All MySQL Accounts | IDENTIFICATION AND AUTHENTICATION |
| 7.6 Ensure Password Complexity Policies are in Place - 'validate_password_dictionary_file' | IDENTIFICATION AND AUTHENTICATION |
| 7.6 Ensure Password Complexity Policies are in Place - 'validate_password_length' | IDENTIFICATION AND AUTHENTICATION |
| 7.6 Ensure Password Complexity Policies are in Place - 'validate_password_mixed_case_count' | IDENTIFICATION AND AUTHENTICATION |
| 7.6 Ensure Password Complexity Policies are in Place - 'validate_password_number_count' | IDENTIFICATION AND AUTHENTICATION |
| 7.6 Ensure Password Complexity Policies are in Place - 'validate_password_policy' | IDENTIFICATION AND AUTHENTICATION |
| 7.6 Ensure Password Complexity Policies are in Place - 'validate_password_special_char_count' | IDENTIFICATION AND AUTHENTICATION |
