DISA STIG PostgreSQL 9.x on RHEL DB v2r1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG PostgreSQL 9.x on RHEL DB v2r1

Updated: 9/1/2021

Authority: DISA STIG

Plugin: Unix

Revision: 1.3

Estimated Item Count: 84

Audit Items

Description	Categories
DISA_STIG_PostgreSQL_9-x_on_RHEL_v2r1_OS.audit from DISA PostgreSQL 9.x v2r1 STIG
PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log directory	AUDIT AND ACCOUNTABILITY
PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log files	CONFIGURATION MANAGEMENT
PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log_file_mode	AUDIT AND ACCOUNTABILITY
PGS9-00-000500 - PostgreSQL must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.	IDENTIFICATION AND AUTHENTICATION
PGS9-00-000700 - Privileges to change PostgreSQL software modules must be limited - binary objects	CONFIGURATION MANAGEMENT
PGS9-00-000700 - Privileges to change PostgreSQL software modules must be limited - data	CONFIGURATION MANAGEMENT
PGS9-00-000700 - Privileges to change PostgreSQL software modules must be limited - shared objects	CONFIGURATION MANAGEMENT
PGS9-00-000710 - PostgreSQL must limit privileges to change functions and triggers, and links to software external to PostgreSQL - config	CONFIGURATION MANAGEMENT
PGS9-00-000710 - PostgreSQL must limit privileges to change functions and triggers, and links to software external to PostgreSQL - database	ACCESS CONTROL
PGS9-00-000800 - If passwords are used for authentication, PostgreSQL must transmit only encrypted representations of passwords.	IDENTIFICATION AND AUTHENTICATION
PGS9-00-000900 - PostgreSQL must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies - authentication	ACCESS CONTROL
PGS9-00-000900 - PostgreSQL must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies - role privileges	ACCESS CONTROL
PGS9-00-000900 - PostgreSQL must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies - table privileges	ACCESS CONTROL
PGS9-00-001100 - PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in transmission.	SYSTEM AND COMMUNICATIONS PROTECTION
PGS9-00-001300 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (functions, trigger procedures, links to software external to PostgreSQL, etc.) must be restricted to authorized users - s used to modify database structure and logic modules must be restricted to authorized users.	ACCESS CONTROL
PGS9-00-001400 - PostgreSQL must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).	IDENTIFICATION AND AUTHENTICATION
PGS9-00-001700 - PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in storage.	SYSTEM AND COMMUNICATIONS PROTECTION
PGS9-00-002100 - PostgreSQL must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.	AUDIT AND ACCOUNTABILITY
PGS9-00-002200 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects - df+	ACCESS CONTROL
PGS9-00-002200 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects - dn	ACCESS CONTROL
PGS9-00-002200 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects - ds	ACCESS CONTROL
PGS9-00-002200 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects - dt	ACCESS CONTROL
PGS9-00-002200 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects - dv	ACCESS CONTROL
PGS9-00-002300 - The audit information produced by PostgreSQL must be protected from unauthorized deletion - log directory	AUDIT AND ACCOUNTABILITY
PGS9-00-002300 - The audit information produced by PostgreSQL must be protected from unauthorized deletion - log files	CONFIGURATION MANAGEMENT
PGS9-00-002300 - The audit information produced by PostgreSQL must be protected from unauthorized deletion - log_file_mode	AUDIT AND ACCOUNTABILITY
PGS9-00-002500 - PostgreSQL must reveal detailed error messages only to the ISSO, ISSM, SA and DBA.	SYSTEM AND INFORMATION INTEGRITY
PGS9-00-002600 - PostgreSQL must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - Config	CONFIGURATION MANAGEMENT
PGS9-00-002600 - PostgreSQL must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - Data	CONFIGURATION MANAGEMENT
PGS9-00-002600 - PostgreSQL must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - Roles	AUDIT AND ACCOUNTABILITY
PGS9-00-003000 - PostgreSQL must maintain the confidentiality and integrity of information during reception.	SYSTEM AND COMMUNICATIONS PROTECTION
PGS9-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership - df+	ACCESS CONTROL
PGS9-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership - dn	ACCESS CONTROL
PGS9-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership - ds	ACCESS CONTROL
PGS9-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership - dt	ACCESS CONTROL
PGS9-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership - dv	ACCESS CONTROL
PGS9-00-003300 - Database software, including PostgreSQL configuration files, must be stored in dedicated directories separate from the host OS and other applications.
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - df+ custom tables	SYSTEM AND COMMUNICATIONS PROTECTION
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - df+ information_schema	SYSTEM AND COMMUNICATIONS PROTECTION
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - df+ pg_catalog	SYSTEM AND COMMUNICATIONS PROTECTION
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - dp custom tables	SYSTEM AND COMMUNICATIONS PROTECTION
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - dp information_schema	SYSTEM AND COMMUNICATIONS PROTECTION
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - dp pg_catalog	SYSTEM AND COMMUNICATIONS PROTECTION
PGS9-00-004200 - The audit information produced by PostgreSQL must be protected from unauthorized read access - log directory	AUDIT AND ACCOUNTABILITY
PGS9-00-004200 - The audit information produced by PostgreSQL must be protected from unauthorized read access - log files	CONFIGURATION MANAGEMENT
PGS9-00-004200 - The audit information produced by PostgreSQL must be protected from unauthorized read access - log_file_mode	AUDIT AND ACCOUNTABILITY
PGS9-00-004300 - When updates are applied to PostgreSQL software, any software components that have been replaced or made unnecessary must be removed.	CONFIGURATION MANAGEMENT
PGS9-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation - hostssl cert	SYSTEM AND COMMUNICATIONS PROTECTION
PGS9-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation - ssl_crl_file	SYSTEM AND COMMUNICATIONS PROTECTION

Detections

Analytics

DISA STIG PostgreSQL 9.x on RHEL DB v2r1

Warning! Audit Deprecated

Audit Details

Audit Items