DISA MariaDB Enterprise 10.x STIG v2r5 MySQLDB

Audit Details

Name: DISA MariaDB Enterprise 10.x STIG v2r5 MySQLDB

Updated: 7/7/2026

Authority: DISA STIG

Plugin: MySQLDB

Revision: 1.0

Estimated Item Count: 89

File Details

Filename: DISA_STIG_MariaDB_Enterprise_10.x_v2r5_MySQLDB.audit

Size: 296 kB

MD5: 5a9fb0e23f2abaf0e26557742ad577a4
SHA256: 8f48238c28a1cb4d54053c56f6a7c438d938c181803181e58c2ce3758e50990e

Audit Items

DescriptionCategories
MADB-10-000100 - MariaDB must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.

ACCESS CONTROL

MADB-10-000200 - MariaDB must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.

ACCESS CONTROL

MADB-10-000300 - MariaDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

ACCESS CONTROL

MADB-10-000400 - MariaDB must protect against a user falsely repudiating having performed organization-defined actions.

AUDIT AND ACCOUNTABILITY

MADB-10-000500 - MariaDB must provide audit record generation capability for DoD-defined auditable events within all DBMS/database components.

AUDIT AND ACCOUNTABILITY

MADB-10-000600 - MariaDB must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.

AUDIT AND ACCOUNTABILITY

MADB-10-000700 - MariaDB must be able to generate audit records when privileges/permissions are retrieved.

AUDIT AND ACCOUNTABILITY

MADB-10-000900 - MariaDB must initiate session auditing upon startup.

AUDIT AND ACCOUNTABILITY

MADB-10-001000 - MariaDB must produce audit records containing sufficient information to establish what type of events occurred.

AUDIT AND ACCOUNTABILITY

MADB-10-001600 - MariaDB must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.

AUDIT AND ACCOUNTABILITY

MADB-10-001800 - MariaDB must be configurable to overwrite audit log records, oldest first (First-In-First-Out - FIFO), in the event of unavailability of space for more audit log records.

AUDIT AND ACCOUNTABILITY

MADB-10-002000 - The audit information produced by MariaDB must be protected from unauthorized read access.

AUDIT AND ACCOUNTABILITY

MADB-10-002100 - The audit information produced by MariaDB must be protected from unauthorized modification.

AUDIT AND ACCOUNTABILITY

MADB-10-002200 - The audit information produced by MariaDB must be protected from unauthorized deletion.

AUDIT AND ACCOUNTABILITY

MADB-10-002300 - MariaDB must protect its audit features from unauthorized access.

AUDIT AND ACCOUNTABILITY

MADB-10-002400 - MariaDB must protect its audit configuration from unauthorized modification.

AUDIT AND ACCOUNTABILITY

MADB-10-002500 - MariaDB must protect its audit features from unauthorized removal.

AUDIT AND ACCOUNTABILITY

MADB-10-002600 - MariaDB must limit privileges to change software modules, to include stored procedures, functions and triggers, and links to software external to the DBMS.

CONFIGURATION MANAGEMENT

MADB-10-002900 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to MariaDB, etc.) must be owned by database/MariaDB principals authorized for ownership.

CONFIGURATION MANAGEMENT

MADB-10-003000 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to the MariaDB, etc.) must be restricted to authorized users.

CONFIGURATION MANAGEMENT

MADB-10-003100 - Default demonstration and sample databases, database objects, and applications must be removed.

CONFIGURATION MANAGEMENT

MADB-10-003200 - Unused database components, DBMS software, and database objects must be removed.

CONFIGURATION MANAGEMENT

MADB-10-003400 - Access to external executables must be disabled or restricted.

CONFIGURATION MANAGEMENT

MADB-10-003500 - MariaDB must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

CONFIGURATION MANAGEMENT

MADB-10-003600 - MariaDB must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

IDENTIFICATION AND AUTHENTICATION

MADB-10-003700 - If MariaDB authentication, using passwords, is employed, then MariaDB must enforce the DOD standards for password complexity.

IDENTIFICATION AND AUTHENTICATION

MADB-10-003750 - If MariaDB authentication using passwords is employed, MariaDB must enforce the DOD standards for password lifetime.

IDENTIFICATION AND AUTHENTICATION

MADB-10-003900 - If passwords are used for authentication, MariaDB must transmit only encrypted representations of passwords.

IDENTIFICATION AND AUTHENTICATION

MADB-10-004000 - MariaDB, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation.

IDENTIFICATION AND AUTHENTICATION

MADB-10-004200 - MariaDB must map PKI ID to an associated user account.

IDENTIFICATION AND AUTHENTICATION

MADB-10-004500 - The MariaDB must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).

IDENTIFICATION AND AUTHENTICATION

MADB-10-004600 - MariaDB must separate user functionality (including user interface services) from database management functionality.

SYSTEM AND COMMUNICATIONS PROTECTION

MADB-10-004700 - MariaDB must invalidate session identifiers upon user logout or other session termination.

SYSTEM AND COMMUNICATIONS PROTECTION

MADB-10-004900 - MariaDB must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.

SYSTEM AND COMMUNICATIONS PROTECTION

MADB-10-005000 - MariaDB must fail to a secure state if system initialization fails, shutdown fails, or aborts fail.

SYSTEM AND COMMUNICATIONS PROTECTION

MADB-10-005100 - In the event of a system failure, MariaDB must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.

SYSTEM AND COMMUNICATIONS PROTECTION

MADB-10-005200 - MariaDB must protect the confidentiality and integrity of all information at rest.

SYSTEM AND COMMUNICATIONS PROTECTION

MADB-10-005700 - MariaDB must check the validity of all data inputs except those specifically identified by the organization.

SYSTEM AND INFORMATION INTEGRITY

MADB-10-005800 - MariaDB and associated applications must reserve the use of dynamic code execution for situations that require it.

SYSTEM AND INFORMATION INTEGRITY

MADB-10-006200 - MariaDB must automatically terminate a user's session after organization-defined conditions or trigger events requiring session disconnect.

ACCESS CONTROL

MADB-10-006300 - MariaDB must provide logout functionality to allow the user to manually terminate a session initiated by that user.

ACCESS CONTROL

MADB-10-006400 - MariaDB must associate organization-defined types of security labels having organization-defined security label values with information in storage.

ACCESS CONTROL

MADB-10-006500 - MariaDB must associate organization-defined types of security labels having organization-defined security label values with information in process.

ACCESS CONTROL

MADB-10-006600 - MariaDB must associate organization-defined types of security labels having organization-defined security label values with information in transmission.

ACCESS CONTROL

MADB-10-006700 - MariaDB must enforce discretionary access control policies, as defined by the data owner, over defined subjects, and objects.

ACCESS CONTROL

MADB-10-006800 - MariaDB must prevent nonprivileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures.

ACCESS CONTROL

MADB-10-006900 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.

ACCESS CONTROL

MADB-10-007300 - MariaDB must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

AUDIT AND ACCOUNTABILITY

MADB-10-007600 - MariaDB must record time stamps, in audit records and application data, that can be mapped to Coordinated Universal Time (UTC, formerly GMT).

AUDIT AND ACCOUNTABILITY

MADB-10-007800 - MariaDB must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status.

CONFIGURATION MANAGEMENT