| DISA_STIG_MariaDB_Enterprise_10.x_v2r5_Unix.audit from DISA MariaDB Enterprise 10.x STIG v2r5 | |
| MADB-10-000800 - MariaDB must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. | AUDIT AND ACCOUNTABILITY |
| MADB-10-001700 - MariaDB must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure. | AUDIT AND ACCOUNTABILITY |
| MADB-10-002700 - The MariaDB software installation account must be restricted to authorized users. | CONFIGURATION MANAGEMENT |
| MADB-10-002800 - Database software, including MariaDB configuration files, must be stored in dedicated directories, separate from the host OS and other applications. | CONFIGURATION MANAGEMENT |
| MADB-10-003800 - If passwords are used for authentication, MariaDB must store only hashed, salted representations of passwords. | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004100 - MariaDB must enforce authorized access to all PKI private keys stored/used by the DBMS. | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004300 - MariaDB must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-004400 - MariaDB must use NIST FIPS 140-2/140-3 validated cryptographic modules for cryptographic operations. | IDENTIFICATION AND AUTHENTICATION |
| MADB-10-005400 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-005500 - MariaDB must prevent unauthorized and unintended information transfer via shared system resources. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-005600 - Access to database files must be limited to relevant processes and to authorized, administrative users. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-005900 - MariaDB and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | SYSTEM AND INFORMATION INTEGRITY |
| MADB-10-007400 - MariaDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity. | AUDIT AND ACCOUNTABILITY |
| MADB-10-007500 - MariaDB must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts. | AUDIT AND ACCOUNTABILITY |
| MADB-10-008000 - MariaDB must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s). | CONFIGURATION MANAGEMENT |
| MADB-10-008500 - MariaDB must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions. | SYSTEM AND COMMUNICATIONS PROTECTION |
| MADB-10-009200 - When updates are applied to the MariaDB software, any software components that have been replaced or made unnecessary must be removed. | SYSTEM AND INFORMATION INTEGRITY |
| MADB-10-009300 - Security-relevant software updates to MariaDB must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | SYSTEM AND INFORMATION INTEGRITY |
| MADB-10-012400 - MariaDB must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems. | AUDIT AND ACCOUNTABILITY |