Detections
Analytics

CIS MySQL 8.0 Enterprise Database L2 v1.3.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS MySQL 8.0 Enterprise Database L2 v1.3.0

Updated: 4/3/2025

Authority: CIS

Plugin: MySQLDB

Revision: 1.3

Estimated Item Count: 20

Audit Items

DescriptionCategories
2.1.5 Point-in-Time Recovery
2.2.1 Ensure Binary and Relay Logs are Encrypted
2.9 Require Current Password for Password Reset
2.10 Use Dual Passwords to Enable Higher Frequency Password Rotation
2.11 Lock Out Accounts if Not Currently in Use
2.12 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly
2.13 Ensure Socket Peer-Credential Authentication is Used Appropriately
2.14 Ensure MySQL is Bound to an IP Address
2.15 Limit Accepted Transport Layer Security (TLS) Versions
2.16 Require Client-Side Certificates (X.509)
2.17 Ensure Only Approved Ciphers are Used
4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES'
4.10 Use MySQL TDE for At-Rest Data Encryption
5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users
6.3 Ensure 'log_error_verbosity' is Set to '2'
6.6 Ensure ALL Events are Audited
6.7 Set audit_log_strategy to SYNCHRONOUS or SEMISYNCRONOUS
9.3 Ensure 'master_info_repository' is Set to 'TABLE'
10.2 Allowlist Approved Servers Belonging to a MySQL InnoDB Cluster
CIS_MySQL_8.0_Enterprise_Benchmark_v1.3.0_Level_2_Database.audit from CIS Oracle MySQL 8.0 Enterprise Edition Benchmark