DISA STIG Crunchy Data PostgreSQL DB v3r1

Audit Details

Name: DISA STIG Crunchy Data PostgreSQL DB v3r1

Updated: 10/21/2024

Authority: DISA STIG

Plugin: PostgreSQLDB

Revision: 1.0

Estimated Item Count: 74

File Details

Filename: DISA_STIG_Crunchy_Data_PostgreSQL_v3r1_Database.audit

Size: 222 kB

MD5: 7fd6d54844e9fdfa1c9d55341f6c9f5d
SHA256: 8e5efbbda37d2678ef7ffee5cab75b928673fd5885ef003bfcfb86ba688c5eab

Audit Items

DescriptionCategories
CD12-00-000100 - PostgreSQL must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

CONFIGURATION MANAGEMENT

CD12-00-000200 - PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events.

AUDIT AND ACCOUNTABILITY

CD12-00-000300 - Security-relevant software updates to PostgreSQL must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

SYSTEM AND INFORMATION INTEGRITY

CD12-00-000600 - PostgreSQL must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

SYSTEM AND INFORMATION INTEGRITY

CD12-00-001200 - PostgreSQL must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.

ACCESS CONTROL

CD12-00-001800 - PostgreSQL must check the validity of all data inputs except those specifically identified by the organization.

SYSTEM AND INFORMATION INTEGRITY

CD12-00-001900 - PostgreSQL and associated applications must reserve the use of dynamic code execution for situations that require it.

SYSTEM AND INFORMATION INTEGRITY

CD12-00-002000 - PostgreSQL and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.

SYSTEM AND INFORMATION INTEGRITY

CD12-00-002400 - PostgreSQL must record time stamps, in audit records and application data that can be mapped to Coordinated Universal Time (UTC, formerly GMT).

AUDIT AND ACCOUNTABILITY

CD12-00-002700 - PostgreSQL must provide an immediate alert to appropriate support staff of all audit log failures.

AUDIT AND ACCOUNTABILITY

CD12-00-002800 - PostgreSQL must be configurable to overwrite audit log records, oldest first (First-In-First-Out [FIFO]), in the event of unavailability of space for more audit log records.

AUDIT AND ACCOUNTABILITY

CD12-00-002900 - PostgreSQL must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.

AUDIT AND ACCOUNTABILITY

CD12-00-003000 - PostgreSQL must maintain the confidentiality and integrity of information during reception.

SYSTEM AND COMMUNICATIONS PROTECTION

CD12-00-003200 - The PostgreSQL software installation account must be restricted to authorized users.

CONFIGURATION MANAGEMENT

CD12-00-003300 - Database software, including PostgreSQL configuration files, must be stored in dedicated directories separate from the host OS and other applications.

CONFIGURATION MANAGEMENT

CD12-00-003500 - PostgreSQL must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.

AUDIT AND ACCOUNTABILITY

CD12-00-003600 - Execution of software modules (to include functions and trigger procedures) with elevated privileges must be restricted to necessary cases only.

ACCESS CONTROL

CD12-00-003700 - When invalid inputs are received, PostgreSQL must behave in a predictable and documented manner that reflects organizational and system objectives.

SYSTEM AND INFORMATION INTEGRITY

CD12-00-004100 - PostgreSQL must produce audit records of its enforcement of access restrictions associated with changes to the configuration of PostgreSQL or database(s).

CONFIGURATION MANAGEMENT

CD12-00-004400 - PostgreSQL must generate audit records when categorized information (e.g., classification levels/security levels) is accessed.

AUDIT AND ACCOUNTABILITY

CD12-00-004500 - PostgreSQL must generate audit records when unsuccessful attempts to access security objects occur.

AUDIT AND ACCOUNTABILITY

CD12-00-004600 - PostgreSQL must generate audit records when unsuccessful logons or connection attempts occur.

AUDIT AND ACCOUNTABILITY

CD12-00-004700 - PostgreSQL must generate audit records showing starting and ending time for user access to the database(s).

AUDIT AND ACCOUNTABILITY

CD12-00-004800 - PostgreSQL must generate audit records when unsuccessful attempts to modify security objects occur.

AUDIT AND ACCOUNTABILITY

CD12-00-004900 - PostgreSQL must generate audit records when privileges/permissions are added.

AUDIT AND ACCOUNTABILITY

CD12-00-005000 - PostgreSQL must generate audit records when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur.

AUDIT AND ACCOUNTABILITY

CD12-00-005100 - PostgreSQL must generate audit records when successful logons or connections occur.

AUDIT AND ACCOUNTABILITY

CD12-00-005200 - PostgreSQL must generate audit records when security objects are deleted.

AUDIT AND ACCOUNTABILITY

CD12-00-005300 - PostgreSQL must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur.

AUDIT AND ACCOUNTABILITY

CD12-00-005400 - PostgreSQL must generate audit records when unsuccessful attempts to delete privileges/permissions occur.

AUDIT AND ACCOUNTABILITY

CD12-00-005500 - PostgreSQL must be able to generate audit records when privileges/permissions are retrieved.

AUDIT AND ACCOUNTABILITY

CD12-00-005600 - PostgreSQL must generate audit records when unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur.

AUDIT AND ACCOUNTABILITY

CD12-00-005700 - PostgreSQL must generate audit records when unsuccessful accesses to objects occur.

AUDIT AND ACCOUNTABILITY

CD12-00-005800 - PostgreSQL must generate audit records for all privileged activities or other system-level access.

AUDIT AND ACCOUNTABILITY

CD12-00-005900 - PostgreSQL must generate audit records when unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur.

AUDIT AND ACCOUNTABILITY

CD12-00-006000 - PostgreSQL must be able to generate audit records when security objects are accessed.

AUDIT AND ACCOUNTABILITY

CD12-00-006100 - PostgreSQL must generate audit records when privileges/permissions are deleted.

AUDIT AND ACCOUNTABILITY

CD12-00-006200 - PostgreSQL must generate audit records when concurrent logons/connections by the same user from different workstations occur.

AUDIT AND ACCOUNTABILITY

CD12-00-006300 - PostgreSQL must generate audit records when unsuccessful attempts to delete security objects occur.

AUDIT AND ACCOUNTABILITY

CD12-00-006400 - PostgreSQL must generate audit records when privileges/permissions are modified.

AUDIT AND ACCOUNTABILITY

CD12-00-006500 - PostgreSQL must generate audit records when unsuccessful attempts to execute privileged activities or other system-level access occur.

AUDIT AND ACCOUNTABILITY

CD12-00-006600 - PostgreSQL must generate audit records when security objects are modified.

AUDIT AND ACCOUNTABILITY

CD12-00-006700 - PostgreSQL must generate audit records when categories of information (e.g., classification levels/security levels) is modified.

AUDIT AND ACCOUNTABILITY

CD12-00-006800 - PostgreSQL must generate audit records when unsuccessful attempts to modify privileges/permissions occur.

AUDIT AND ACCOUNTABILITY

CD12-00-006900 - PostgreSQL must generate audit records when unsuccessful attempts to add privileges/permissions occur.

AUDIT AND ACCOUNTABILITY

CD12-00-007100 - PostgreSQL must produce audit records containing sufficient information to establish where the events occurred.

AUDIT AND ACCOUNTABILITY

CD12-00-007200 - PostgreSQL must maintain the confidentiality and integrity of information during preparation for transmission.

SYSTEM AND COMMUNICATIONS PROTECTION

CD12-00-007400 - PostgreSQL must be configured to provide audit record generation for DoD-defined auditable events within all DBMS/database components.

AUDIT AND ACCOUNTABILITY

CD12-00-007700 - PostgreSQL must generate time stamps, for audit records and application data, with a minimum granularity of one second.

AUDIT AND ACCOUNTABILITY

CD12-00-007800 - PostgreSQL must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event.

AUDIT AND ACCOUNTABILITY