Detections
Analytics

CIS MySQL 8.0 Enterprise Database L2 v1.3.0

Audit Details

Name: CIS MySQL 8.0 Enterprise Database L2 v1.3.0

Updated: 2/5/2024

Authority: CIS

Plugin: MySQLDB

Revision: 1.1

Estimated Item Count: 20

File Details

Filename: CIS_MySQL_8.0_Enterprise_Benchmark_v1.3.0_Level_2_Database.audit

Size: 53.1 kB

MD5: 8ef602d2cfd78d8a6b47588867b8f428
SHA256: 4b04555fd08532f8596f2137823ec1e89be32b2c5b4ca2a8008eba5eeadcb3fc

Audit Items

DescriptionCategories
2.1.5 Point-in-Time Recovery

CONTINGENCY PLANNING

2.2.1 Ensure Binary and Relay Logs are Encrypted

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.9 Require Current Password for Password Reset

IDENTIFICATION AND AUTHENTICATION

2.10 Use Dual Passwords to Enable Higher Frequency Password Rotation

IDENTIFICATION AND AUTHENTICATION

2.11 Lock Out Accounts if Not Currently in Use

ACCESS CONTROL

2.12 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly

SYSTEM AND SERVICES ACQUISITION

2.13 Ensure Socket Peer-Credential Authentication is Used Appropriately

CONFIGURATION MANAGEMENT

2.14 Ensure MySQL is Bound to an IP Address

PLANNING, SYSTEM AND SERVICES ACQUISITION

2.15 Limit Accepted Transport Layer Security (TLS) Versions

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.16 Require Client-Side Certificates (X.509)

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

2.17 Ensure Only Approved Ciphers are Used

SYSTEM AND SERVICES ACQUISITION

4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES'

PLANNING, SYSTEM AND SERVICES ACQUISITION

4.10 Use MySQL TDE for At-Rest Data Encryption

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users

ACCESS CONTROL

6.3 Ensure 'log_error_verbosity' is Set to '2'

AUDIT AND ACCOUNTABILITY

6.6 Ensure ALL Events are Audited

AUDIT AND ACCOUNTABILITY

6.7 Set audit_log_strategy to SYNCHRONOUS or SEMISYNCRONOUS

AUDIT AND ACCOUNTABILITY

9.3 Ensure 'master_info_repository' is Set to 'TABLE'

CONFIGURATION MANAGEMENT

10.2 Allowlist Approved Servers Belonging to a MySQL InnoDB Cluster

ACCESS CONTROL, MEDIA PROTECTION

CIS_MySQL_8.0_Enterprise_Benchmark_v1.3.0_Level_2_Database.audit from CIS Oracle MySQL 8.0 Enterprise Edition Benchmark