CIS PostgreSQL 14 DB v 1.2.0

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS PostgreSQL 14 DB v 1.2.0

Updated: 2/4/2026

Authority: CIS

Plugin: PostgreSQLDB

Revision: 1.3

Estimated Item Count: 55

File Details

Filename: CIS_PostgreSQL_14_v1.2.0_L1_Database.audit

Size: 118 kB

MD5: 07780a9c1ae1cbeb5a7dca8b96a8f5ba
SHA256: ee5d17af3c2fa4d4592e9aaf9519ea6f30a117b9256bfe9a8e2fef4934fe24b1

Audit Items

DescriptionCategories
1.2 Install only required packages
1.5 Ensure the Latest Security Patches are Applied
3.1.2 Ensure the log destinations are set correctly
3.1.3 Ensure the logging collector is enabled
3.1.4 Ensure the log file destination directory is set correctly
3.1.5 Ensure the filename pattern for log files is set correctly
3.1.6 Ensure the log file permissions are set correctly
3.1.7 Ensure 'log_truncate_on_rotation' is enabled
3.1.8 Ensure the maximum log file lifetime is set correctly
3.1.9 Ensure the maximum log file size is set correctly
3.1.10 Ensure the correct syslog facility is selected
3.1.11 Ensure syslog messages are not suppressed
3.1.12 Ensure syslog messages are not lost due to size
3.1.13 Ensure the program name for PostgreSQL syslog messages is correct
3.1.14 Ensure the correct messages are written to the server log
3.1.15 Ensure the correct SQL statements generating errors are recorded
3.1.16 Ensure 'debug_print_parse' is disabled
3.1.17 Ensure 'debug_print_rewritten' is disabled
3.1.18 Ensure 'debug_print_plan' is disabled
3.1.19 Ensure 'debug_pretty_print' is enabled
3.1.20 Ensure 'log_connections' is enabled
3.1.21 Ensure 'log_disconnections' is enabled
3.1.22 Ensure 'log_error_verbosity' is set correctly
3.1.23 Ensure 'log_hostname' is set correctly
3.1.24 Ensure 'log_line_prefix' is set correctly
3.1.25 Ensure 'log_statement' is set correctly
3.1.26 Ensure 'log_timezone' is set correctly
3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled
4.3 Ensure excessive administrative privileges are revoked
4.4 Lock Out Accounts if Not Currently in Use
4.5 Ensure excessive function privileges are revoked
4.6 Ensure excessive DML privileges are revoked
4.7 Ensure Row Level Security (RLS) is configured correctly
4.8 Ensure the set_user extension is installed
4.9 Make use of predefined roles
5.2 Ensure PostgreSQL is Bound to an IP Address
5.5 Ensure per-account connection limits are used

ACCESS CONTROL

5.6 Ensure Password Complexity is configured
6.1 Understanding attack vectors and runtime parameters
6.2 Ensure 'backend' runtime parameters are configured correctly
6.3 Ensure 'Postmaster' Runtime Parameters are Configured
6.4 Ensure 'SIGHUP' Runtime Parameters are Configured
6.5 Ensure 'Superuser' Runtime Parameters are Configured
6.6 Ensure 'User' Runtime Parameters are Configured
6.8 Ensure TLS is enabled and configured correctly
6.9 Ensure the TLSv1.0 and TLSv1.1 Protocols are Disabled
6.11 Ensure the pgcrypto extension is installed and configured correctly
7.1 Ensure a replication-only user is created and used for streaming replication
7.2 Ensure logging of replication commands is configured
7.3 Ensure base backups are configured and functional