| 2.1.5 Point-in-Time Recovery | CONTINGENCY PLANNING |
| 2.8 Lock Out Accounts if Not Currently in Use | ACCESS CONTROL |
| 2.9 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly | SYSTEM AND SERVICES ACQUISITION |
| 2.10 Ensure Socket Peer-Credential Authentication is Used Appropriately | CONFIGURATION MANAGEMENT |
| 2.11 Ensure MySQL is Bound to an IP Address | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 2.12 Limit Accepted Transport Layer Security (TLS) Versions | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.13 Require Client-Side Certificates (X.509) | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.14 Ensure Only Approved Ciphers are Used - ssl_cipher | SYSTEM AND SERVICES ACQUISITION |
| 4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.10 Use MySQL TDE for At-Rest Data Encryption | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | ACCESS CONTROL |
| 6.3 Ensure 'log_error_verbosity' is Set to '2' | AUDIT AND ACCOUNTABILITY |
| 6.6 Ensure ALL Events are Audited - audit_log_filter | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 6.6 Ensure ALL Events are Audited - audit_log_user | AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
| 6.7 Set audit_log_strategy to SYNCHRONOUS or SEMISYNCRONOUS | AUDIT AND ACCOUNTABILITY |
| 9.3 Ensure 'master_info_repository' Is Set to 'TABLE' | CONFIGURATION MANAGEMENT |
| CIS_MySQL_5.7_Enterprise_Benchmark_v2.0.0_Level_2_DB.audit from CIS Oracle MySQL 5.7 Enterprise Edition Benchmark | |
