| 1.1 Place Databases on Non-System Partitions | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.2 Use Dedicated Least Privileged Account for MySQL Daemon/Service | ACCESS CONTROL |
| 1.4 Verify That the MYSQL_PWD Environment Variable Is Not In Use | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.6 Verify That 'MYSQL_PWD' is Not Set in Users' Profiles - .profile | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.1 Backup Policy in Place | CONTINGENCY PLANNING |
| 2.1.2 Verify Backups are Good | CONTINGENCY PLANNING |
| 2.1.3 Secure Backup Credentials | ACCESS CONTROL, CONTINGENCY PLANNING, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.4 The Backups Should be Properly Secured | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.6 Disaster Recovery (DR) Plan | CONTINGENCY PLANNING |
| 2.1.7 Backup of Configuration and Related Files | CONTINGENCY PLANNING |
| 2.2 Dedicate the Machine Running MySQL | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Do Not Specify Passwords in Command Line | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Ensure Non-Default, Unique Cryptographic Material is in Use | SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.1 Ensure 'datadir' Has Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
| 3.2 Ensure 'log_bin_basename' Files Have Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
| 3.3 Ensure 'log_error' Has Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
| 3.4 Ensure 'slow_query_log' Has Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
| 3.5 Ensure 'relay_log_basename' Files Have Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
| 3.6 Ensure 'general_log_file' Has Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
| 3.7 Ensure SSL Key Files Have Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
| 3.8 Ensure Plugin Directory Has Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
| 3.9 Ensure 'audit_log_file' Has Appropriate Permissions | ACCESS CONTROL, MEDIA PROTECTION |
| 3.10 Secure MySQL Keyring - keyring_file_data_path | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.cnf | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.ini | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables' - %WINDIR%\my.cnf | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables' - %WINDIR%\my.ini | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables' - C:\my.cnf | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables' - C:\my.ini | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables' - Doesn't exist | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables' - MYSQL_INSTALL\my.cnf | ACCESS CONTROL, MEDIA PROTECTION |
| 4.5 Ensure 'mysqld' is Not Started With '--skip-grant-tables' - MYSQL_INSTALL\my.ini | ACCESS CONTROL, MEDIA PROTECTION |
| 6.4 Ensure 'log-raw' is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.cnf | MEDIA PROTECTION |
| 6.4 Ensure 'log-raw' is Set to 'OFF' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.ini | MEDIA PROTECTION |
| 6.4 Ensure 'log-raw' is Set to 'OFF' - %WINDIR%\my.cnf | MEDIA PROTECTION |
| 6.4 Ensure 'log-raw' is Set to 'OFF' - %WINDIR%\my.ini | MEDIA PROTECTION |
| 6.4 Ensure 'log-raw' is Set to 'OFF' - C:\my.cnf | MEDIA PROTECTION |
| 6.4 Ensure 'log-raw' is Set to 'OFF' - C:\my.ini | MEDIA PROTECTION |
| 6.4 Ensure 'log-raw' is Set to 'OFF' - MYSQL_INSTALL\my.cnf | MEDIA PROTECTION |
| 6.4 Ensure 'log-raw' is Set to 'OFF' - MYSQL_INSTALL\my.ini | MEDIA PROTECTION |
| 7.2 Ensure Passwords are Not Stored in the Global Configuration | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Passwords are Not Stored in the Global Configuration - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.cnf | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Passwords are Not Stored in the Global Configuration - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.ini | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Passwords are Not Stored in the Global Configuration - %WINDIR%\my.cnf | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Passwords are Not Stored in the Global Configuration - %WINDIR%\my.ini | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Passwords are Not Stored in the Global Configuration - C:\my.ini | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Passwords are Not Stored in the Global Configuration - MYSQL_INSTALL\my.cnf | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.2 Ensure Passwords are Not Stored in the Global Configuration - MYSQL_INSTALL\my.ini | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.cnf | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 7.3 Ensure 'sql_mode' Contains 'NO_AUTO_CREATE_USER' - %PROGRAMDATA%\MySQL\MySQL Server 5.7\my.ini | PLANNING, SYSTEM AND SERVICES ACQUISITION |
