STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 2 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to MariaDB Enterprise 10.x Security Technical Implementation Guide

V-265882

CAT I (High)

MariaDB products must be an enterprise version supported by the vendor.

Rule ID

SV-265882r1193305_rule

STIG

MariaDB Enterprise 10.x Security Technical Implementation Guide

Version

V2R5

CCIs

CCI-003376

Discussion

Unsupported commercial and database systems should not be used, because fixes to newly identified bugs will not be implemented by the vendor. The lack of support can result in potential vulnerabilities.Systems at unsupported servicing levels or releases will not receive security updates for new vulnerabilities, which leaves them subject to exploitation. When maintenance updates and patches are no longer available, the database software is no longer considered supported and should be upgraded or decommissioned. Only Enterprise editions of MariaDB are supported. The Community edition is unsupported. MariaDB Enterprise is the only way to guarantee no malicious or unsupported code has been introduced to systems. Note: The only way to access MariaDB Enterprise server is to have an active MariaDB Enterprise subscription and login. If access is needed, email gov@mariadb.com for assistance.

Check Content

Review the version and release information and check if a suitable enterprise edition is in use: 

MariaDB> SELECT VARIABLE_NAME, VARIABLE_VALUE
 FROM information_schema.GLOBAL_VARIABLES
 WHERE VARIABLE_NAME IN ('version', 'version_comment', 'version_suffix');

Example output for Enterprise 10.6 would be:

+-----------------------------+
| 10.6.25-MariaDB-enterprise |
+-----------------------------+

In Enterprise, the version field itself will contain "-enterprise", and sometimes additional enterprise-specific variables/plugins appear (e.g., enterprise encryption or backup-related variables), but the version string is the definitive indicator. In Community, the version field is usually empty or generic and has no enterprise indicators.

Access the vendor website MariaDB Enterprise download page and check supported releases: https://mariadb.com/downloads/enterprise/enterprise-server/

Pick the corresponding operating system such as Ubuntu, Red Hat, Rocky, or another from drop-down list.

If MariaDB Community Software or an older MariaDB Enterprise version that has reached end of life (EOL) is in use, this is a finding.

Fix Text

Remove or decommission all unsupported software products.

Upgrade unsupported DBMS or unsupported components to a supported version of the product.