Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server

MEDIUM

Description

Description:

Ensure 'TLS version' on 'MySQL flexible' servers is set to the default value.

Rationale:

TLS connectivity helps to provide a new layer of security by connecting database server to client applications using Transport Layer Security (TLS). Enforcing TLS connections between database server and client applications helps protect against "man in the middle" attacks by encrypting the data stream between the server and application.

Remediation

From Azure Portal

Login to Azure Portal using https://portal.azure.com
Go to 'Azure Database for MySQL flexible servers'
For each database, click on 'Server parameters' under 'Settings'
In the search box, type in 'tls_version'
Click on the VALUE dropdown, and ensure only 'TLSV1.2' is selected for 'tls_version'

From Azure CLI

Use the below command to set MYSQL flexible databases to used version 1.2 for the 'tls_version' parameter.

az mysql flexible-server parameter set --name tls_version --resource-group --server-name --value TLSV1.2

Policy Details

Rule Reference ID: AC_AZURE_0126

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_mysql_server

Resource Category: Database

Resource Type: MySQL

Frameworks

CSCv8
NIST-800-53
NIST-800-171
NIST-CSF
GDPR
HIPAA
ISO-27001
CSCv7
SOC2
CIS Azure Foundations v1.4.0 Level 1
CIS Azure Foundations v1.5.0 Level 1

Detections

Analytics