diff --git a/default/serverspec/mysql_spec.rb b/default/serverspec/mysql_spec.rb
index 9c5c151..3239c4f 100644
--- a/default/serverspec/mysql_spec.rb
+++ b/default/serverspec/mysql_spec.rb
@@ -69,49 +69,49 @@
 
 describe 'Checking MySQL-databases for risky entries' do
 
-  # Req. 294 (keine Community-version)
+  # SEC: Req 3.24-1 (keine Community-version)
   describe command("mysql -uroot -p#{ENV['mysql_password']} mysql -s -e 'select version();' | tail -1") do
     its(:stdout) { should_not match(/Community/) }
   end
 
-  # Req. 296 (version > 5)
+  # SEC: Req 3.24-1 (version > 5)
   describe command("mysql -uroot -p#{ENV['mysql_password']} mysql -s -e 'select substring(version(),1,1);' | tail -1") do
     its(:stdout) { should match(/^5/) }
   end
 
-  # Req. 297 (keine default-datenbanken)
+  # SEC: Req 3.24-2 (keine default-datenbanken)
   describe command("mysql -uroot -p#{ENV['mysql_password']} -s -e 'show databases like \"test\";'") do
     its(:stdout) { should_not match(/test/) }
   end
 
-  # Req. 298 (keine anonymous-benutzer)
+  # SEC: Req 3.24-3 (keine anonymous-benutzer)
   describe command("mysql -uroot -p#{ENV['mysql_password']} mysql -s -e 'select count(*) from mysql.user where user=\"\";' | tail -1") do
     its(:stdout) { should match(/^0/) }
   end
 
-  # Req. 300 (keine benutzerkonten ohne kennwort)
+  # SEC: Req 3.24-5 (keine benutzerkonten ohne kennwort)
   describe command("mysql -uroot -p#{ENV['mysql_password']} mysql -s -e 'select count(*) from mysql.user where length(password)=0 or password=\"\";' | tail -1") do
     its(:stdout) { should match(/^0/) }
   end
 
-  # Req. 317 (no grant privileges)
+  # SEC: Req 3.24-23 (no grant privileges)
   describe command("mysql -uroot -p#{ENV['mysql_password']} mysql -s -e 'select count(*) from mysql.user where grant_priv=\"y\" and User!=\"root\" and User!=\"debian-sys-maint\";' | tail -1") do
     its(:stdout) { should match(/^0/) }
   end
 
-  # Req. 321 (keine host-wildcards)
+  # SEC: Req 3.24-27 (keine host-wildcards)
   describe command("mysql -uroot -p#{ENV['mysql_password']} mysql -s -e 'select count(*) from mysql.user where host=\"%\"' | tail -1") do
     its(:stdout) { should match(/^0/) }
   end
 
-  # Req. 322 (root-login nur von localhost)
+  # SEC: Req 3.24-28 (root-login nur von localhost)
   describe command("mysql -uroot -p#{ENV['mysql_password']} mysql -s -e 'select count(*) from mysql.user where user=\"root\" and host not in (\"localhost\",\"127.0.0.1\",\"::1\")' | tail -1") do
     its(:stdout) { should match(/^0/) }
   end
 
 end
 
-# Req. 299 (nur eine instanz pro server)
+# SEC: Req 3.24-4 (nur eine instanz pro server)
 describe 'Req. 299: check for multiple instances' do
   describe command('ps aux | grep mysqld | egrep -v "grep|mysqld_safe|logger" | wc -l') do
     its(:stdout) { should match(/^1$/) }
@@ -120,55 +120,60 @@
 
 describe 'Parsing configfiles for unwanted entries' do
 
-  # Req. 301 (safe-user-create = 1)
+  # SEC: Req 3.24-6 (safe-user-create = 1)
   describe file(tmp_config_file) do
     its(:content) { should match_key_value('safe-user-create', '1') }
   end
 
-  # Req. 302 (no old_passwords)
+  # SEC: Req 3.24-7 (no old_passwords)
   describe file(tmp_config_file) do
     its(:content) { should_not match_key_value('old_passwords', '1') }
   end
 
-  # Req. 305 (user = mysql)
+  # SEC: Req 3.24-8 (secure-auth = 1)
+  describe file(tmp_config_file) do
+    its(:content) { should match_key_value('secure-auth', '1') }
+  end
+
+  # SEC: Req 3.24-11 (user = mysql)
   describe file(tmp_config_file) do
     its(:content) { should match_key_value('user', 'mysql') }
   end
 
-  # Req. 307 (skip-symbolic-links = 1)
+  # SEC: Req 3.24-13 (skip-symbolic-links = 1)
   describe file(tmp_config_file) do
     its(:content) { should match_key_value('skip-symbolic-links', '1') }
   end
 
-  # Req. 309 (secure-file-priv)
+  # SEC: Req 3.24-15 (secure-file-priv)
   describe file(tmp_config_file) do
     its(:content) { should match(/^\s*?secure-file-priv/) }
   end
 
-  # Req. 310 (local-infile = 0)
+  # SEC: Req 3.24-16 (local-infile = 0)
   describe file(tmp_config_file) do
     its(:content) { should match_key_value('local-infile', '0') }
   end
 
-  # Req. 315 (skip-show-database)
+  # SEC: Req 3.24-21 (skip-show-database)
   describe file(tmp_config_file) do
     its(:content) { should match(/^\s*?skip-show-database/) }
   end
 
-  # Req. 316 (skip-grant-tables)
+  # SEC: Req 3.24-22 (skip-grant-tables)
   describe file(tmp_config_file) do
     its(:content) { should_not match(/^\s*?skip-grant-tables/) }
   end
 
-  # Req. 320 (kein "allow-suspicious-udfs")
+  # SEC: Req 3.24-26 (kein "allow-suspicious-udfs")
   describe file(tmp_config_file) do
     its(:content) { should match_key_value('allow-suspicious-udfs', '0') }
   end
 
 end
 
-# Req. 311, 312, 313
-describe 'Req. 311, 312, 313: Mysql-data owner, group and permissions' do
+# SEC: Req 3.24-17, SEC: Req 3.24-18, SEC: Req 3.24-19
+describe 'SEC: Req 3.24-17, SEC: Req 3.24-18, SEC: Req 3.24-19: Mysql-data owner, group and permissions' do
 
   describe file(mysql_data_path) do
     it { should be_directory }