DISA STIG PostgreSQL 9.x on RHEL OS v2r4

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG PostgreSQL 9.x on RHEL OS v2r4

Updated: 8/26/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.2

Estimated Item Count: 52

File Details

Filename: DISA_STIG_PostgreSQL_9-x_on_RHEL_v2r4_OS.audit

Size: 190 kB

MD5: 5efc83a992c0ac0f598e135cddd03923
SHA256: 0ddab27ecedfc16e6ffcbd34e3f6d1082332cc7a56f11eb697b3891fcd63f738

Audit Items

DescriptionCategories
DISA_STIG_PostgreSQL_9-x_on_RHEL_v2r4_OS.audit from DISA PostgreSQL 9.x v2r4 STIG
PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log directory
PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log files
PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log_file_mode
PGS9-00-000500 - PostgreSQL must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.
PGS9-00-000700 - Privileges to change PostgreSQL software modules must be limited.
PGS9-00-000710 - PostgreSQL must limit privileges to change functions and triggers, and links to software external to PostgreSQL.
PGS9-00-000800 - If passwords are used for authentication, PostgreSQL must transmit only encrypted representations of passwords.
PGS9-00-000900 - PostgreSQL must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
PGS9-00-001100 - PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in transmission.
PGS9-00-001300 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (functions, trigger procedures, links to software external to PostgreSQL, etc.) must be restricted to authorized users - s used to modify database structure and logic modules must be restricted to authorized users.
PGS9-00-001400 - PostgreSQL must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).
PGS9-00-001700 - PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in storage.
PGS9-00-002100 - PostgreSQL must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
PGS9-00-002200 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.
PGS9-00-002300 - The audit information produced by PostgreSQL must be protected from unauthorized deletion - log directory
PGS9-00-002300 - The audit information produced by PostgreSQL must be protected from unauthorized deletion - log files
PGS9-00-002300 - The audit information produced by PostgreSQL must be protected from unauthorized deletion - log_file_mode
PGS9-00-002500 - PostgreSQL must reveal detailed error messages only to the ISSO, ISSM, SA and DBA.
PGS9-00-002600 - PostgreSQL must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
PGS9-00-003000 - PostgreSQL must maintain the confidentiality and integrity of information during reception.
PGS9-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership.
PGS9-00-003300 - Database software, including PostgreSQL configuration files, must be stored in dedicated directories separate from the host OS and other applications.
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions.
PGS9-00-004200 - The audit information produced by PostgreSQL must be protected from unauthorized read access - log directory
PGS9-00-004200 - The audit information produced by PostgreSQL must be protected from unauthorized read access - log files
PGS9-00-004200 - The audit information produced by PostgreSQL must be protected from unauthorized read access - log_file_mode
PGS9-00-004300 - When updates are applied to PostgreSQL software, any software components that have been replaced or made unnecessary must be removed.
PGS9-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation.
PGS9-00-007200 - PostgreSQL must maintain the confidentiality and integrity of information during preparation for transmission.
PGS9-00-008000 - PostgreSQL must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes.
PGS9-00-008200 - PostgreSQL must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owners requirements.
PGS9-00-008400 - PostgreSQL must prohibit user installation of logic modules (functions, trigger procedures, views, etc.) without explicit privileged status.
PGS9-00-008500 - PostgreSQL must separate user functionality (including user interface services) from database management functionality.
PGS9-00-009100 - Access to external executables must be disabled or restricted - du
PGS9-00-009200 - Unused database components which are integrated in PostgreSQL and cannot be uninstalled must be disabled.
PGS9-00-009400 - PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in process.
PGS9-00-009600 - PostgreSQL must enforce access restrictions associated with changes to the configuration of PostgreSQL or database(s).
PGS9-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity - alert
PGS9-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity - capacity
PGS9-00-010200 - PostgreSQL must enforce authorized access to all PKI private keys stored/utilized by PostgreSQL.
PGS9-00-010700 - PostgreSQL must protect its audit features from unauthorized access - Logs
PGS9-00-010700 - PostgreSQL must protect its audit features from unauthorized access - roles.
PGS9-00-010700 - PostgreSQL must protect its audit features from unauthorized access.
PGS9-00-011200 - PostgreSQL must protect its audit features from unauthorized removal.
PGS9-00-011500 - PostgreSQL must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).
PGS9-00-011800 - PostgreSQL must map the PKI-authenticated identity to an associated user account.
PGS9-00-012000 - Access to database files must be limited to relevant processes and to authorized, administrative users.
PGS9-00-012200 - PostgreSQL must protect its audit configuration from unauthorized modification.
PGS9-00-012300 - PostgreSQL must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations.