STIGQter STIGQter: STIG Summary: Oracle MySQL 8.0 Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Jan 2021:

The MySQL Database Server 8.0 must associate organization-defined types of security labels having organization-defined security label values with information in transmission.

DISA Rule

SV-235184r638812_rule

Vulnerability Number

V-235184

Group Title

SRG-APP-000314-DB-000310

Rule Version

MYS8-00-011000

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Deploy MySQL Views and Stored Procedures or a third-party software, or add custom data structures, data elements and application code, to provide reliable security labeling of information in storage.

Check Contents

If security labeling is not required, this is not a finding.

If security labeling requirements have been specified, check for a MySQL solution using views and Stored Procedures to implement a row-level security solution that reliably maintains labels on information in storage.

For data that have been labeled with a column indicating data is classified read-only, views can be created and secured via access privileges such that a user can only view the data that have a specific tag or tags (e.g., user [x] can only view records that are labeled with the tag of classified).

If a MySQL solution through the use of views and stored procedures or a third party solution does not exist, this is a finding.

Vulnerability Number

V-235184

Documentable

False

Rule Version

MYS8-00-011000

Severity Override Guidance

If security labeling is not required, this is not a finding.

If security labeling requirements have been specified, check for a MySQL solution using views and Stored Procedures to implement a row-level security solution that reliably maintains labels on information in storage.

For data that have been labeled with a column indicating data is classified read-only, views can be created and secured via access privileges such that a user can only view the data that have a specific tag or tags (e.g., user [x] can only view records that are labeled with the tag of classified).

If a MySQL solution through the use of views and stored procedures or a third party solution does not exist, this is a finding.

Check Content Reference

M

Target Key

5277

Comments