| 1.1 Ensure packages are obtained from authorized repositories | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.2 Install only required packages | CONFIGURATION MANAGEMENT |
| 1.3 Ensure systemd Service Files Are Enabled | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 1.4 Ensure Data Cluster Initialized Successfully | ACCESS CONTROL, MEDIA PROTECTION |
| 1.6 Verify That 'PGPASSWORD' is Not Set in Users' Profiles | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.7 Verify That the 'PGPASSWORD' Environment Variable is Not in Use | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 2.1 Ensure the file permissions mask is correct | ACCESS CONTROL, MEDIA PROTECTION |
| 2.2 Ensure extension directory has appropriate ownership and permissions | ACCESS CONTROL, MEDIA PROTECTION |
| 2.3 Disable PostgreSQL Command History | MEDIA PROTECTION |
| 2.4 Ensure Passwords are Not Stored in the service file | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.1 Ensure Interactive Login is Disabled | ACCESS CONTROL |
| 4.2 Ensure sudo is configured correctly | ACCESS CONTROL |
| 5.3 Ensure login via 'local' UNIX Domain Socket is configured correctly | IDENTIFICATION AND AUTHENTICATION |
| 5.4 Ensure login via 'host' TCP/IP Socket is configured correctly | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.10 Ensure Weak SSL/TLS Ciphers Are Disabled | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2 Ensure the backup and restore tool, 'pgBackRest', is installed and configured | CONTINGENCY PLANNING |
| CIS_PostgreSQL_13_v1.2.0_L1_OS_Linux.audit from CIS PostgreSQL 13 Benchmark v1.2.0 | |
