AzTS

1.0.2

module/ConfigurationProvider/ControlConfigurations/Services/DBForMySQLFlexibleServer.json

                                {

  "FeatureName": "DBForMySqlFlexibleServer",

  "IsMaintenanceMode": false,

  "Controls": [

    {

      "ControlID": "Azure_DBForMySQLFlexibleServer_DP_Enable_SSL_Trial",

      "Description": "[Trial] Azure Database for MySQL - Flexible Servers Announcing SSL enforcement",

      "Id": "DBForMySqlFS100",

      "ControlSeverity": "High",

      "Automated": "Yes",

      "MethodName": "CheckMySQLFlexibleServerSecureTransport",

      "DisplayName": "[Trial] Azure Database for MySQL - Flexible Servers Announcing SSL enforcement",

      "Rationale": "Enforcing secure transport between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application.",

      "Recommendation": "To configure secure transport for client communication, Go to Azure Portal --> Azure Database for MySQL flexible server -->Server parameters --> set parameter 'require-secure-transport' as 'ON'",

      "Tags": [

        "Baseline",

        "DP"

      ],

      "Category": "Encrypt data in transit",

      "ControlRequirements": "Data must be encrypted in transit and at rest",

      "ControlSettings": {

        "RequireSecureTransport": "ON"

      },

      "ControlEvaluationDetails": {

        "RequiredProperties": [

          "DBForMySqlFSRequireSecureTransport"

        ]

      },

      "Enabled": true,

      "CustomTags": [ "Trial", "Daily", "SN:MySQLFLEXIBLESERVERS_SSL" ]

    },

    {

      "ControlID": "Azure_DBForMySQLFlexibleServer_DP_Use_Secure_TLS_Version_Trial",

      "Description": "[Trial] Azure Database for MySQL - Flexible Servers Announcing SSL enforcement and minimum TLS version choice",

      "Id": "DBForMySqlFS110",

      "ControlSeverity": "High",

      "Automated": "Yes",

      "MethodName": "CheckMySQLFlexibleServerTLSVersion",

      "DisplayName": "[Trial] Azure Database for MySQL - Flexible Servers Announcing SSL enforcement and minimum TLS version choice",

      "Rationale": "TLS provides privacy and data integrity between client and server. Using approved TLS version significantly reduces risks from security design issues and security bugs that may be present in older versions.",

      "Recommendation": "To configure secure transport for client communication, Go to Azure Portal --> Azure Database for MySQL flexible server -->Server parameters --> set parameter 'tls_version' as 'TLSV1.2' and unselect other lower versions like TLSV1",

      "Tags": [

        "Baseline",

        "DP"

      ],

      "Category": "Encrypt data in transit",

      "ControlRequirements": "Data must be encrypted in transit and at rest",

      "ControlSettings": {

        "MinReqTLSVersion": "1.2",

        "CurrentTLSversionPatternInAPIResponse": "TLSV"

      },

      "ControlEvaluationDetails": {

        "RequiredProperties": [

          "DBForMySqlFSTLSVersion"

        ]

      },

      "Enabled": true,

      "CustomTags": [ "Trial", "Daily", "SN:MySQLFLEXIBLESERVERS_TLS" ]

    }

  ]

}