STIGQter STIGQter: STIG Summary: Oracle MySQL 8.0 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:

The MySQL Database Server 8.0 must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.

DISA Rule

SV-235148r638812_rule

Vulnerability Number

V-235148

Group Title

SRG-APP-000179-DB-000114

Rule Version

MYS8-00-006200

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Utilize NIST FIPS 140-2 validated cryptographic modules for all cryptographic operations.
See Use MySQL Server OpenSSL FIPS mode. See https://dev.mysql.com/doc/refman/8.0/en/fips-mode.html

Turn on MySQL FIPS mode and restart mysqld
Edit my.cnf
[mysqld]
ssl_fips_mode=ON

or
[mysqld]
ssl_fips_mode=STRICT

ON: Enable FIPS mode.
STRICT: Enable “strict” FIPS mode.

Check Contents

Review DBMS configuration to verify it is using NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.

To check for FIPS validated cryptographic modules for all operations, run this script in the database:
SELECT VARIABLE_NAME, VARIABLE_VALUE
FROM performance_schema.global_variables where variable_name = 'ssl_fips_mode';

The result will be either "ON" or "STRICT". If not, then NIST FIPS 140-2 validated modules are not being used, and this is a finding.

Vulnerability Number

V-235148

Documentable

False

Rule Version

MYS8-00-006200

Severity Override Guidance

Review DBMS configuration to verify it is using NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.

To check for FIPS validated cryptographic modules for all operations, run this script in the database:
SELECT VARIABLE_NAME, VARIABLE_VALUE
FROM performance_schema.global_variables where variable_name = 'ssl_fips_mode';

The result will be either "ON" or "STRICT". If not, then NIST FIPS 140-2 validated modules are not being used, and this is a finding.

Check Content Reference

M

Target Key

5277

Comments