| CD16-00-000100 - PostgreSQL must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types. | ACCESS CONTROL |
| CD16-00-000200 - PostgreSQL must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | ACCESS CONTROL |
| CD16-00-000300 - PostgreSQL must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. | ACCESS CONTROL |
| CD16-00-000400 - PostgreSQL must protect against a user falsely repudiating having performed organization-defined actions. | AUDIT AND ACCOUNTABILITY |
| CD16-00-000500 - PostgreSQL must provide audit record generation capability for DOD-defined auditable events within all DBMS/database components. | AUDIT AND ACCOUNTABILITY |
| CD16-00-000600 - PostgreSQL must allow only the information system security manager (ISSM), or individuals or roles appointed by the ISSM, to select which events are to be audited. | AUDIT AND ACCOUNTABILITY |
| CD16-00-000700 - PostgreSQL must be able to generate audit records when privileges/permissions are retrieved. | AUDIT AND ACCOUNTABILITY |
| CD16-00-000800 - PostgreSQL must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. | AUDIT AND ACCOUNTABILITY |
| CD16-00-000900 - PostgreSQL must initiate session auditing upon startup. | AUDIT AND ACCOUNTABILITY |
| CD16-00-001000 - PostgreSQL must produce audit records containing sufficient information to establish what type of events occurred. | AUDIT AND ACCOUNTABILITY |
| CD16-00-001100 - PostgreSQL must produce audit records containing time stamps to establish when the events occurred. | AUDIT AND ACCOUNTABILITY |
| CD16-00-001200 - PostgreSQL must produce audit records containing sufficient information to establish where the events occurred. | AUDIT AND ACCOUNTABILITY |
| CD16-00-001300 - PostgreSQL must produce audit records containing sufficient information to establish the sources (origins) of the events. | AUDIT AND ACCOUNTABILITY |
| CD16-00-001400 - PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events. | AUDIT AND ACCOUNTABILITY |
| CD16-00-001500 - PostgreSQL must produce audit records containing sufficient information to establish the identity of any user/subject or process associated with the event. | AUDIT AND ACCOUNTABILITY |
| CD16-00-001600 - PostgreSQL must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject. | AUDIT AND ACCOUNTABILITY |
| CD16-00-001700 - PostgreSQL must, by default, shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure. | AUDIT AND ACCOUNTABILITY |
| CD16-00-001800 - PostgreSQL must be configurable to overwrite audit log records, oldest first (first-in-first-out [FIFO]), in the event of unavailability of space for more audit log records. | AUDIT AND ACCOUNTABILITY |
| CD16-00-002000 - The audit information produced by PostgreSQL must be protected from unauthorized read access. | AUDIT AND ACCOUNTABILITY |
| CD16-00-002300 - PostgreSQL must protect its audit features from unauthorized access. | AUDIT AND ACCOUNTABILITY |
| CD16-00-002400 - PostgreSQL must protect its audit configuration from unauthorized modification. | AUDIT AND ACCOUNTABILITY |
| CD16-00-003200 - Unused database components, PostgreSQL software, and database objects must be removed. | CONFIGURATION MANAGEMENT |
| CD16-00-003400 - Access to external executables must be disabled or restricted. | CONFIGURATION MANAGEMENT |
| CD16-00-003500 - PostgreSQL must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | CONFIGURATION MANAGEMENT |
| CD16-00-003800 - If passwords are used for authentication, PostgreSQL must store only hashed, salted representations of passwords. | IDENTIFICATION AND AUTHENTICATION |
| CD16-00-004000 - PostgreSQL, when using PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | IDENTIFICATION AND AUTHENTICATION |
| CD16-00-004100 - PostgreSQL must enforce authorized access to all PKI private keys stored/used by PostgreSQL. | IDENTIFICATION AND AUTHENTICATION |
| CD16-00-004500 - PostgreSQL must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users). | IDENTIFICATION AND AUTHENTICATION |
| CD16-00-004600 - PostgreSQL must separate user functionality (including user interface services) from database management functionality. | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD16-00-004700 - PostgreSQL must invalidate session identifiers upon user logout or other session termination. | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD16-00-004900 - PostgreSQL must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values. | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD16-00-005300 - PostgreSQL must isolate security functions from nonsecurity functions. | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD16-00-005900 - PostgreSQL and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | SYSTEM AND INFORMATION INTEGRITY |
| CD16-00-006000 - PostgreSQL must provide nonprivileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | SYSTEM AND INFORMATION INTEGRITY |
| CD16-00-006100 - PostgreSQL must reveal detailed error messages only to the information system security officer (ISSO), information system security manager (ISSM), system administrator (SA), and database administrator (DBA). | SYSTEM AND INFORMATION INTEGRITY |
| CD16-00-006200 - PostgreSQL must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect. | ACCESS CONTROL |
| CD16-00-006400 - PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in storage. | ACCESS CONTROL |
| CD16-00-006500 - PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in process. | ACCESS CONTROL |
| CD16-00-006600 - PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in transmission. | ACCESS CONTROL |
| CD16-00-006700 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects. | ACCESS CONTROL |
| CD16-00-006800 - PostgreSQL must prevent nonprivileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | ACCESS CONTROL |
| CD16-00-006900 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only. | ACCESS CONTROL |
| CD16-00-007000 - PostgreSQL must use centralized management of the content captured in audit records generated by all components of PostgreSQL. | AUDIT AND ACCOUNTABILITY |
| CD16-00-007200 - PostgreSQL must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | AUDIT AND ACCOUNTABILITY |
| CD16-00-007500 - PostgreSQL must record time stamps in audit records and application data that can be mapped to Coordinated Universal Time (UTC), formerly Greenwich Mean Time (GMT). | AUDIT AND ACCOUNTABILITY |
| CD16-00-007600 - PostgreSQL must generate time stamps for audit records and application data with a minimum granularity of one second. | AUDIT AND ACCOUNTABILITY |
| CD16-00-007700 - PostgreSQL must prohibit user installation of logic modules (stored procedures, functions, triggers, views, etc.) without explicit privileged status. | CONFIGURATION MANAGEMENT |
| CD16-00-007800 - PostgreSQL must enforce access restrictions associated with changes to the configuration of the DBMS or database(s). | CONFIGURATION MANAGEMENT |
| CD16-00-007900 - PostgreSQL must produce audit records of its enforcement of access restrictions associated with changes to the configuration of PostgreSQL or database(s). | CONFIGURATION MANAGEMENT |
| CD16-00-008000 - PostgreSQL must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accordance with the Ports, Protocols, and Services Management (PPSM) guidance. | CONFIGURATION MANAGEMENT |