Detections
Analytics

CIS Oracle MySQL Enterprise Edition 8.0 v1.4.0 L1 Database

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Oracle MySQL Enterprise Edition 8.0 v1.4.0 L1 Database

Updated: 12/16/2025

Authority: CIS

Plugin: MySQLDB

Revision: 1.1

Estimated Item Count: 39

File Details

Filename: CIS_MySQL_8.0_Enterprise_Benchmark_v1.4.0_Level_1_Database.audit

Size: 75 kB

MD5: baba0ade55d7418d2ea9fbc0f59550ea
SHA256: b2fe8c6f6952eaaf369bad7c122728a98bc2acd2f20cd4dfa48293a9d5817189

Audit Items

DescriptionCategories
2.5 Do Not Reuse Usernames
2.7 Ensure 'password_lifetime' is Less Than or Equal to '365'
2.8 Ensure Password Resets Require Strong Passwords
2.18 Implement Connection Delays to Limit Failed Login Attempts
4.1 Ensure the Latest Security Patches are Applied
4.2 Ensure Example or Test Databases are Not Installed on Production Servers
4.4 Harden Usage for 'local_infile' on MySQL Clients
4.6 Ensure Symbolic Links are Disabled
4.7 Ensure the 'daemon_memcached' Plugin is Disabled
4.8 Ensure the 'secure_file_priv' is Configured Correctly
5.1 Ensure Only Administrative Users Have Full Database Access
5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users
5.4 Ensure 'SUPER' is Not Granted to Non-Administrative Users
5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users
5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users
5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users
5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users
5.9 Ensure DML/DDL Grants are Limited to Specific Databases and Users
5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER
5.11 Ensure Proper Use Of 'SET_ANY_DEFINER'
5.12 Ensure Proper Use Of ALLOW_NONEXISTENT_DEFINER
6.1 Ensure 'log_error' is configured correctly
6.2 Ensure Log Files are Stored on a Non-System Partition
6.5 Ensure Audit Filters Capture Connection Attempts
6.8 Ensure the Audit Plugin Can't be Unloaded
7.1 Ensure default_authentication_plugin is Set to a Secure Option
7.3 Ensure Passwords are Set for All MySQL Accounts
7.4 Set 'default_password_lifetime' to Require a Yearly Password Change
7.5 Ensure Password Complexity Policies are in Place
7.6 Ensure No Users Have Wildcard Hostnames
7.7 Ensure No Anonymous Accounts Exist
8.1 Ensure 'require_secure_transport' is Set to 'ON' and/or 'have_ssl' is Set to 'YES'
8.2 Ensure 'ssl_type' is Set to 'ANY', 'X509', or 'SPECIFIED' for All Remote Users
8.3 Set Maximum Connection Limits for Server and per User
9.1 Ensure Replication Traffic is Secured
9.2 Ensure 'SOURCE_SSL_VERIFY_SERVER_CERT' is Set to 'YES' or '1'
9.4 Ensure 'super_priv' is Not Set to 'Y' for Replication Users
10.1 Ensure All Group Replication Traffic is Secured
CIS_MySQL_8.0_Enterprise_Benchmark_v1.4.0_Level_1_Database.audit from CIS Oracle MySQL 8.0 Enterprise Edition Benchmark