CIS MySQL 5.6 Community Database L1 v2.0.0

Audit Details

Name: CIS MySQL 5.6 Community Database L1 v2.0.0

Updated: 6/17/2024

Authority: CIS

Plugin: MySQLDB

Revision: 1.1

Estimated Item Count: 60

File Details

Filename: CIS_MySQL_5.6_Community_Benchmark_v2.0.0_LEVEL_1_Database.audit

Size: 115 kB

MD5: f48c81ee09ddd7e56d4f6f23191488ad
SHA256: 099b50ed3e1fb2612864b830f5cf1eb16d4f648817b9aab321d8dfb6ece2458c

Audit Items

DescriptionCategories
1.1 Place Databases on Non-System Partitions

SYSTEM AND COMMUNICATIONS PROTECTION

2.1.1 Backup Policy in Place

CONTINGENCY PLANNING

2.1.2 Verify Backups are Good

CONTINGENCY PLANNING

2.1.3 Secure Backup Credentials

ACCESS CONTROL, CONTINGENCY PLANNING, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.4 The Backups Should be Properly Secured

CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.6 Disaster Recovery (DR) Plan

CONTINGENCY PLANNING

2.1.7 Backup of Configuration and Related Files

CONTINGENCY PLANNING

2.2 Dedicate the Machine Running MySQL

SYSTEM AND COMMUNICATIONS PROTECTION

2.4 Do Not Reuse Usernames

ACCESS CONTROL

2.5 Ensure Non-Default, Unique Cryptographic Material is in Use - 'ssl_cert'

IDENTIFICATION AND AUTHENTICATION

2.5 Ensure Non-Default, Unique Cryptographic Material is in Use - 'ssl_key'

IDENTIFICATION AND AUTHENTICATION

2.6 Ensure Password Complexity is Configured - validate_password_dictionary_file

IDENTIFICATION AND AUTHENTICATION

2.6 Ensure Password Complexity is Configured - validate_password_length

IDENTIFICATION AND AUTHENTICATION

2.6 Ensure Password Complexity is Configured - validate_password_mixed_case_count

IDENTIFICATION AND AUTHENTICATION

2.6 Ensure Password Complexity is Configured - validate_password_number_count

IDENTIFICATION AND AUTHENTICATION

2.6 Ensure Password Complexity is Configured - validate_password_policy

IDENTIFICATION AND AUTHENTICATION

2.6 Ensure Password Complexity is Configured - validate_password_special_char_count

IDENTIFICATION AND AUTHENTICATION

2.11 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROL

ACCESS CONTROL

2.11 Implement Connection Delays to Limit Failed Login Attempts - connection_control_failed_connections_threshold

ACCESS CONTROL

2.11 Implement Connection Delays to Limit Failed Login Attempts - CONNECTION_CONTROL_FAILED_LOGIN_ATTEMPTS

ACCESS CONTROL

2.11 Implement Connection Delays to Limit Failed Login Attempts - connection_control_max_connection_delay

ACCESS CONTROL

2.11 Implement Connection Delays to Limit Failed Login Attempts - connection_control_min_connection_delay

ACCESS CONTROL

4.1 Ensure the Latest Security Patches are Applied

SYSTEM AND SERVICES ACQUISITION

4.2 Ensure Example or Test Databases are Not Installed on Production Servers

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.4 Ensure 'local_infile' Is Disabled

CONFIGURATION MANAGEMENT

4.6 Ensure Symbolic Links are Disabled

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.7 Ensure the 'daemon_memcached' Plugin Is Disabled

CONFIGURATION MANAGEMENT

4.8 Ensure the 'secure_file_priv' is Configured Correctly

ACCESS CONTROL, MEDIA PROTECTION

5.1 Ensure Only Administrative Users Have Full Database Access

ACCESS CONTROL

5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users

ACCESS CONTROL

5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users

ACCESS CONTROL, MEDIA PROTECTION

5.9 Ensure DML/DDL Grants Are Limited to Specific Databases and Users

ACCESS CONTROL, MEDIA PROTECTION

5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER

PLANNING, SYSTEM AND SERVICES ACQUISITION

6.1 Ensure 'log_error' Is Not Empty

AUDIT AND ACCOUNTABILITY

6.2 Ensure Log Files Are Stored on a Non-System Partition

AUDIT AND ACCOUNTABILITY

7.1 Ensure 'old_passwords' Is Not Set to '1' - ON

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.2 Ensure 'secure_auth' is Set to 'ON' - ON

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - '@@global.sql_mode'

PLANNING, SYSTEM AND SERVICES ACQUISITION

7.4 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - '@@session.sql_mode'

PLANNING, SYSTEM AND SERVICES ACQUISITION

7.5 Ensure Passwords are Set for All MySQL Accounts

IDENTIFICATION AND AUTHENTICATION

7.6 Ensure Password Complexity Policies are in Place - 'validate_password_dictionary_file'

IDENTIFICATION AND AUTHENTICATION

7.6 Ensure Password Complexity Policies are in Place - 'validate_password_length'

IDENTIFICATION AND AUTHENTICATION

7.6 Ensure Password Complexity Policies are in Place - 'validate_password_mixed_case_count'

IDENTIFICATION AND AUTHENTICATION

7.6 Ensure Password Complexity Policies are in Place - 'validate_password_number_count'

IDENTIFICATION AND AUTHENTICATION

7.6 Ensure Password Complexity Policies are in Place - 'validate_password_policy'

IDENTIFICATION AND AUTHENTICATION

7.6 Ensure Password Complexity Policies are in Place - 'validate_password_special_char_count'

IDENTIFICATION AND AUTHENTICATION