DISA STIG VMware vSphere 6.7 PostgreSQL v1r2

Audit Details

Name: DISA STIG VMware vSphere 6.7 PostgreSQL v1r2

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 26

File Details

Filename: DISA_STIG_VMware_vSphere_6.7_PostgreSQL_v1r2.audit

Size: 52.9 kB

MD5: 50cca835413ebee8d91e0e3c456d502b
SHA256: 969b89623cf9088204fcb33e7db6d2226a92bc4c90b5550bc01e764236690b2d

Audit Items

DescriptionCategories
DISA_STIG_VMware_vSphere_6.7_PostgreSQL_v1r2.audit from DISA VMware vSphere 6.7 PostgreSQL v1r2 STIG
VCPG-67-000001 - VMware Postgres must limit the number of connections.

ACCESS CONTROL

VCPG-67-000002 - VMware Postgres log files must contain required fields.

AUDIT AND ACCOUNTABILITY

VCPG-67-000003 - VMware Postgres configuration files must not be accessible by unauthorized users.

AUDIT AND ACCOUNTABILITY

VCPG-67-000004 - VMware Postgres must be configured to overwrite older logs when necessary.

AUDIT AND ACCOUNTABILITY

VCPG-67-000005 - VMware Postgres database must protect log files from unauthorized access and modification.

AUDIT AND ACCOUNTABILITY

VCPG-67-000008 - All VCDB tables must be owned by the 'vc' user account - vc user account.

CONFIGURATION MANAGEMENT

VCPG-67-000009 - VMware Postgres must limit modify privileges to authorized accounts.

CONFIGURATION MANAGEMENT

VCPG-67-000011 - VMware Postgres must be configured to use the correct port.

CONFIGURATION MANAGEMENT

VCPG-67-000012 - VMware Postgres must require authentication on all connections.

IDENTIFICATION AND AUTHENTICATION

VCPG-67-000013 - VMware Postgres must be configured to use TLS.

IDENTIFICATION AND AUTHENTICATION

VCPG-67-000014 - VMware Postgres must enforce authorized access to all PKI private keys.

IDENTIFICATION AND AUTHENTICATION

VCPG-67-000015 - VMware Postgres must use FIPS 140-2 approved TLS ciphers.

IDENTIFICATION AND AUTHENTICATION

VCPG-67-000016 - VMware Postgres must write log entries to disk prior to returning operation success or failure - fsync

SYSTEM AND COMMUNICATIONS PROTECTION

VCPG-67-000016 - VMware Postgres must write log entries to disk prior to returning operation success or failure - full_page_writes

SYSTEM AND COMMUNICATIONS PROTECTION

VCPG-67-000016 - VMware Postgres must write log entries to disk prior to returning operation success or failure - synchronous_commit

SYSTEM AND COMMUNICATIONS PROTECTION

VCPG-67-000017 - VMware Postgres must not allow schema access to unauthorized accounts.

SYSTEM AND COMMUNICATIONS PROTECTION

VCPG-67-000018 - Data from the vPostgres database must be protected from unauthorized transfer.

SYSTEM AND COMMUNICATIONS PROTECTION

VCPG-67-000019 - VMware Postgres must provide non-privileged users with minimal error information.

SYSTEM AND INFORMATION INTEGRITY

VCPG-67-000020 - VMware Postgres must have log collection enabled.

AUDIT AND ACCOUNTABILITY

VCPG-67-000021 - VMware Postgres must be configured to log to stderr.

AUDIT AND ACCOUNTABILITY

VCPG-67-000022 - Rsyslog must be configured to monitor VMware Postgres logs - first

AUDIT AND ACCOUNTABILITY

VCPG-67-000022 - Rsyslog must be configured to monitor VMware Postgres logs - log

AUDIT AND ACCOUNTABILITY

VCPG-67-000023 - VMware Postgres must use Coordinated Universal Time (UTC) for log timestamps.

AUDIT AND ACCOUNTABILITY

VCPG-67-000024 - VMware Postgres must set client-side character encoding to UTF-8.

SYSTEM AND INFORMATION INTEGRITY

VCPG-67-000999 - The version of PostgreSQL running on the system must be a supported version.

SYSTEM AND INFORMATION INTEGRITY