| 1.1 Ensure the Pre-Installation Planning Checklist Has Been Implemented | CIS Apache HTTP Server 2.4 v2.3.0 L1 | Unix | CONFIGURATION MANAGEMENT, SYSTEM AND INFORMATION INTEGRITY |
| 1.7 Ensure MySQL is Run Under a Sandbox Environment | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1.2 Verify Backups are Good | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS Unix | Unix | CONTINGENCY PLANNING |
| 2.1.4 Point-in-Time Recovery | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS MySQLDB | MySQLDB | CONTINGENCY PLANNING |
| 2.1.6 Backup of Configuration and Related Files | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS Unix | Unix | CONTINGENCY PLANNING |
| 2.2.1 Ensure Binary and Relay Logs are Encrypted | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS MySQLDB | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.3 Dedicate the Machine Running MySQL | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS Unix | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.5 Do Not Reuse Usernames | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL |
| 2.8 Ensure Password Resets Require Strong Passwords | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 2.9 Require Current Password for Password Reset | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS MySQLDB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 2.10 Use Dual Passwords to Enable Higher Frequency Password Rotation | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS MySQLDB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 2.12 Ensure AES Encryption Mode for AES_ENCRYPT/AES_DECRYPT is Configured Correctly | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS MySQLDB | MySQLDB | SYSTEM AND SERVICES ACQUISITION |
| 2.14 Ensure MySQL is Bound to an IP Address | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS MySQLDB | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 2.16 Require Client-Side Certificates (X.509) | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.18 Implement Connection Delays to Limit Failed Login Attempts | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL |
| 4.4 Harden Usage for 'local_infile' on MySQL Clients | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | CONFIGURATION MANAGEMENT |
| 4.6 Ensure Symbolic Links are Disabled | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 4.8 Ensure the 'secure_file_priv' is Configured Correctly | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.9 Ensure 'sql_mode' Contains 'STRICT_ALL_TABLES' | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS MySQLDB | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 5.1 Ensure Only Administrative Users Have Full Database Access | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL |
| 5.2 Ensure 'FILE' is Not Granted to Non-Administrative Users | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL |
| 5.3 Ensure 'PROCESS' is Not Granted to Non-Administrative Users | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL |
| 5.3.3.2.3 Ensure password complexity is configured | CIS Debian Linux 13 v1.0.0 L1 Workstation | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.5 Ensure 'SHUTDOWN' is Not Granted to Non-Administrative Users | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL |
| 5.6 Ensure 'CREATE USER' is Not Granted to Non-Administrative Users | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL |
| 5.7 Ensure 'GRANT OPTION' is Not Granted to Non-Administrative Users | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL |
| 5.8 Ensure 'REPLICATION SLAVE' is Not Granted to Non-Administrative Users | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.9 Ensure DML/DDL Grants are Limited to Specific Databases and Users | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.10 Securely Define Stored Procedures and Functions DEFINER and INVOKER | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 5.11 Ensure Proper Use Of 'SET_ANY_DEFINER' | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | PLANNING, SYSTEM AND SERVICES ACQUISITION |
| 6.1 Ensure 'log_error' is configured correctly | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.2 Ensure Log Files are Stored on a Non-System Partition | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 6.3 Ensure 'log_error_verbosity' is Set to '2' | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS MySQLDB | MySQLDB | AUDIT AND ACCOUNTABILITY |
| 7.1 Ensure default_authentication_plugin is Set to a Secure Option | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Set 'default_password_lifetime' to Require a Yearly Password Change | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL |
| 7.5 Ensure Password Complexity Policies are in Place | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| 8.1 Ensure 'require_secure_transport' is Set to 'ON' | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 9.2 Ensure 'SOURCE_SSL_VERIFY_SERVER_CERT' is Set to 'YES' or '1' | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | CONFIGURATION MANAGEMENT |
| 9.3 Ensure 'master_info_repository' is Set to 'TABLE' | CIS Oracle MySQL Community Server 8.0 v1.2.0 L2 MySQL RDBMS MySQLDB | MySQLDB | CONFIGURATION MANAGEMENT |
| 9.4 Ensure 'super_priv' is Not Set to 'Y' for Replication Users | CIS Oracle MySQL Community Server 8.0 v1.2.0 L1 MySQL RDBMS MySQLDB | MySQLDB | ACCESS CONTROL |
| 18.9.11.2.1 (BL) Ensure 'Allow enhanced PINs for startup' is set to 'Enabled' | CIS Microsoft Windows 8.1 v2.4.1 L2 Bitlocker | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.2 Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Windows 7 Workstation Level 1 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.2 Ensure 'Choose how BitLocker-protected operating system drives can be recovered' is set to 'Enabled' | CIS Windows 7 Workstation Level 2 + Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.9.11.2.7 Ensure 'Choose how BitLocker-protected operating system drives can be recovered: Save BitLocker recovery information to AD DS for operating system drives' is set to 'Enabled: True' | CIS Windows 7 Workstation Bitlocker v3.2.0 | Windows | CONTINGENCY PLANNING, SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.9.1.8 (L1) Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 10 EMS Gateway v3.0.0 L1 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.8 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 11 Enterprise v5.0.1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.1.8 Ensure 'Choose how BitLocker-protected fixed drives can be recovered: Configure storage of BitLocker recovery information to AD DS' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| 18.10.10.3.8 (BL) Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 10 Enterprise v4.0.0 L1 BL NG | Windows | MEDIA PROTECTION |
| 18.10.10.3.8 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 11 Enterprise v5.0.1 BL | Windows | MEDIA PROTECTION |
| 18.10.10.3.8 Ensure 'Choose how BitLocker-protected removable drives can be recovered: Configure storage of BitLocker recovery information to AD DS:' is set to 'Enabled: Backup recovery passwords and key packages' | CIS Microsoft Windows 11 Enterprise v5.0.1 L1 BL | Windows | MEDIA PROTECTION |
