Detections
Analytics

EnterpriseDB PostgreSQL Advanced Server OS Linux v1r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: EnterpriseDB PostgreSQL Advanced Server OS Linux v1r1

Updated: 8/28/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.2

Estimated Item Count: 39

File Details

Filename: DISA_STIG_EnterpriseDB_Postgres_Advanced_Server_v1r1_OS_Linux.audit

Size: 94.7 kB

MD5: e21ba1f52d8bca1c256a77e240aefaf9
SHA256: 2056df30bd469b5ab2887f085c66b9bd813b807f9f26f26c80b7ce20ceb6622f

Audit Items

DescriptionCategories
DISA_STIG_EnterpriseDB_PostgreSQL_Advanced_Server_v1r1_OS_Linux.audit from DISA EnterpriseDB Postgres Advanced Server (EPAS) v1r1 STIG
EPAS-00-000700 - The EDB Postgres Advanced Server must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.
EPAS-00-000800 - The EDB Postgres Advanced Server must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
EPAS-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
EPAS-00-002300 - The EDB Postgres Advanced Server must, by default, shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure.
EPAS-00-002400 - The EDB Postgres Advanced Server must be configurable to overwrite audit log records, oldest first (First-In-First-Out [FIFO]), in the event of unavailability of space for more audit log records.
EPAS-00-002600 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized read access.
EPAS-00-002700 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized modification.
EPAS-00-002800 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion.
EPAS-00-002900 - The EDB Postgres Advanced Server must protect its audit features from unauthorized access.
EPAS-00-003000 - The EDB Postgres Advanced Server must protect its audit configuration from unauthorized modification.
EPAS-00-003100 - The EDB Postgres Advanced Server must protect its audit features from unauthorized removal.
EPAS-00-003200 - Software, applications, and configuration files that are part of, or related to, the EDB Postgres Advanced Server installation must be monitored to discover unauthorized changes.
EPAS-00-003400 - Database software, including EDB Postgres Advanced Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications.
EPAS-00-003600 - The role(s)/group(s) used to modify database structure and logic modules must be restricted to authorized users.
EPAS-00-003800 - Unused database components, EDB Postgres Advanced Server software, and database objects must be removed.
EPAS-00-003900 - Unused database components which are integrated in the EDB Postgres Advanced Server and cannot be uninstalled must be disabled.
EPAS-00-004000 - Access to external executables must be disabled or restricted.
EPAS-00-004200 - The EDB Postgres Advanced Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).
EPAS-00-004400 - If passwords are used for authentication, the EDB Postgres Advanced Server must transmit only encrypted representations of passwords.
EPAS-00-004500 - The EDB Postgres Advanced Server, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation.
EPAS-00-004600 - The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/used by the EDB Postgres Advanced Server.
EPAS-00-004700 - The DBMS must map the PKI-authenticated identity to an associated user account.
EPAS-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations.
EPAS-00-004950 - The EDB Postgres Advanced Server must be configured on a platform that has a NIST-certified FIPS 140-2 or 140-3 installation of OpenSSL.
EPAS-00-005000 - The EDB Postgres Advanced Server must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users).
EPAS-00-005100 - The EDB Postgres Advanced Server must separate user functionality (including user interface services) from database management functionality.
EPAS-00-006100 - Access to database files must be limited to relevant processes and to authorized, administrative users.
EPAS-00-007300 - The EDB Postgres Advanced Server must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.
EPAS-00-007400 - The EDB Postgres Advanced Server must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
EPAS-00-008700 - The EDB Postgres Advanced Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance.
EPAS-00-009100 - The EDB Postgres Advanced Server must only accept end entity certificates issued by DOD PKI or DOD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.
EPAS-00-009200 - The EDB Postgres Advanced Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.
EPAS-00-009300 - The EDB Postgres Advanced Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.
EPAS-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission.
EPAS-00-012700 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures.
EPAS-00-012800 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes.
EPAS-00-012900 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the requirements of the data owner.
EPAS-00-013200 - EDB Postgres Advanced Server products must be a version supported by the vendor.