STIGQter: STIG Summary: Oracle MySQL 8.0 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:

The MySQL Database Server 8.0 must maintain the confidentiality and integrity of information during preparation for transmission.

DISA Rule

SV-235186r638812_rule

Vulnerability Number

V-235186

Group Title

SRG-APP-000441-DB-000378

Rule Version

MYS8-00-011300

Severity

CAT II

CCI(s)

• CCI-002420 - The information system maintains the confidentiality and/or integrity of information during preparation for transmission.

Weight

10

Fix Recommendation

Turn on require_secure_transport. In this mode the server permits only TCP/IP connections encrypted using TLS/SSL, or connections that use a socket file (on UNIX) or shared memory (on Windows).

The server rejects nonsecure connection attempts, which fail with an ER_SECURE_TRANSPORT_REQUIRED error.

set persist require_secure_transport=ON;

Check Contents

If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, this is not a finding.

Run the following:
select @@require_secure_transport;

The value should be 1 (ON) versus 0 (OFF), if the value is 0 (OFF), this is a finding.

Vulnerability Number

V-235186

Documentable

False

Rule Version

MYS8-00-011300

Severity Override Guidance

If the data owner does not have a strict requirement for ensuring data integrity and confidentiality is maintained at every step of the data transfer and handling process, this is not a finding.

Run the following:
select @@require_secure_transport;

The value should be 1 (ON) versus 0 (OFF), if the value is 0 (OFF), this is a finding.

Check Content Reference

M

Target Key

5277

Comments