DISA MariaDB Enterprise 10.x STIG v2r5 Unix

Audit Details

Name: DISA MariaDB Enterprise 10.x STIG v2r5 Unix

Updated: 7/7/2026

Authority: DISA STIG

Plugin: Unix

Revision: 1.0

Estimated Item Count: 20

File Details

Filename: DISA_STIG_MariaDB_Enterprise_10.x_v2r5_Unix.audit

Size: 59 kB

MD5: 370d856bf9bd2c1366f391aeb06d58df
SHA256: d424e615961e3eae7cc50053a03b7b9d198c736931aafd877015da8d85b205a7

Audit Items

DescriptionCategories
DISA_STIG_MariaDB_Enterprise_10.x_v2r5_Unix.audit from DISA MariaDB Enterprise 10.x STIG v2r5
MADB-10-000800 - MariaDB must be able to generate audit records when unsuccessful attempts to retrieve privileges/permissions occur.

AUDIT AND ACCOUNTABILITY

MADB-10-001700 - MariaDB must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.

AUDIT AND ACCOUNTABILITY

MADB-10-002700 - The MariaDB software installation account must be restricted to authorized users.

CONFIGURATION MANAGEMENT

MADB-10-002800 - Database software, including MariaDB configuration files, must be stored in dedicated directories, separate from the host OS and other applications.

CONFIGURATION MANAGEMENT

MADB-10-003800 - If passwords are used for authentication, MariaDB must store only hashed, salted representations of passwords.

IDENTIFICATION AND AUTHENTICATION

MADB-10-004100 - MariaDB must enforce authorized access to all PKI private keys stored/used by the DBMS.

IDENTIFICATION AND AUTHENTICATION

MADB-10-004300 - MariaDB must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.

IDENTIFICATION AND AUTHENTICATION

MADB-10-004400 - MariaDB must use NIST FIPS 140-2/140-3 validated cryptographic modules for cryptographic operations.

IDENTIFICATION AND AUTHENTICATION

MADB-10-005400 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.

SYSTEM AND COMMUNICATIONS PROTECTION

MADB-10-005500 - MariaDB must prevent unauthorized and unintended information transfer via shared system resources.

SYSTEM AND COMMUNICATIONS PROTECTION

MADB-10-005600 - Access to database files must be limited to relevant processes and to authorized, administrative users.

SYSTEM AND COMMUNICATIONS PROTECTION

MADB-10-005900 - MariaDB and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.

SYSTEM AND INFORMATION INTEGRITY

MADB-10-007400 - MariaDB must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.

AUDIT AND ACCOUNTABILITY

MADB-10-007500 - MariaDB must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts.

AUDIT AND ACCOUNTABILITY

MADB-10-008000 - MariaDB must produce audit records of its enforcement of access restrictions associated with changes to the configuration of the DBMS or database(s).

CONFIGURATION MANAGEMENT

MADB-10-008500 - MariaDB must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.

SYSTEM AND COMMUNICATIONS PROTECTION

MADB-10-009200 - When updates are applied to the MariaDB software, any software components that have been replaced or made unnecessary must be removed.

SYSTEM AND INFORMATION INTEGRITY

MADB-10-009300 - Security-relevant software updates to MariaDB must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

SYSTEM AND INFORMATION INTEGRITY

MADB-10-012400 - MariaDB must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.

AUDIT AND ACCOUNTABILITY