DISA Crunchy Data Postgres 16 STIG v1r2 Unix

Audit Details

Name: DISA Crunchy Data Postgres 16 STIG v1r2 Unix

Updated: 6/30/2026

Authority: DISA STIG

Plugin: Unix

Revision: 1.0

Estimated Item Count: 29

File Details

Filename: DISA_STIG_Crunchy_Data_Postgres_16_v1r2_Unix.audit

Size: 93.1 kB

MD5: 541e91d0d225a731bce02ca36219eb9b
SHA256: 3736cb39c6b42581fd0b9e6fc9b6181e28d97c8df19e768839b794b9609755b8

Audit Items

DescriptionCategories
CD16-00-000600 - PostgreSQL must allow only the information system security manager (ISSM), or individuals or roles appointed by the ISSM, to select which events are to be audited.

AUDIT AND ACCOUNTABILITY

CD16-00-002000 - The audit information produced by PostgreSQL must be protected from unauthorized read access.

AUDIT AND ACCOUNTABILITY

CD16-00-002100 - The audit information produced by PostgreSQL must be protected from unauthorized modification.

AUDIT AND ACCOUNTABILITY

CD16-00-002200 - The audit information produced by PostgreSQL must be protected from unauthorized deletion.

AUDIT AND ACCOUNTABILITY

CD16-00-002300 - PostgreSQL must protect its audit features from unauthorized access.

AUDIT AND ACCOUNTABILITY

CD16-00-002400 - PostgreSQL must protect its audit configuration from unauthorized modification.

AUDIT AND ACCOUNTABILITY

CD16-00-002500 - PostgreSQL must protect its audit features from unauthorized removal.

AUDIT AND ACCOUNTABILITY

CD16-00-002600 - PostgreSQL must limit privileges to change software modules, to include stored procedures, functions and triggers, and links to software external to PostgreSQL.

CONFIGURATION MANAGEMENT

CD16-00-002700 - The PostgreSQL software installation account must be restricted to authorized users.

CONFIGURATION MANAGEMENT

CD16-00-002800 - Database software, including PostgreSQL configuration files, must be stored in dedicated directories, or DASD pools, separate from the host OS and other applications.

CONFIGURATION MANAGEMENT

CD16-00-002900 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to the DBMS, etc.) must be owned by database/PostgreSQL principals authorized for ownership.

CONFIGURATION MANAGEMENT

CD16-00-003000 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to PostgreSQL, etc.) must be restricted to authorized users.

CONFIGURATION MANAGEMENT

CD16-00-003300 - Unused database components that are integrated in PostgreSQL and cannot be uninstalled must be disabled.

CONFIGURATION MANAGEMENT

CD16-00-003600 - PostgreSQL must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

IDENTIFICATION AND AUTHENTICATION

CD16-00-003900 - If passwords are used for authentication, PostgreSQL must transmit only encrypted representations of passwords.

IDENTIFICATION AND AUTHENTICATION

CD16-00-004000 - PostgreSQL, when using PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation.

IDENTIFICATION AND AUTHENTICATION

CD16-00-004200 - PostgreSQL must map the PKI-authenticated identity to an associated user account.

IDENTIFICATION AND AUTHENTICATION

CD16-00-004400 - PostgreSQL must use NIST FIPS 140-2/140-3 validated cryptographic modules for cryptographic operations.

IDENTIFICATION AND AUTHENTICATION

CD16-00-005200 - PostgreSQL must protect the confidentiality and integrity of all information at rest.

SYSTEM AND COMMUNICATIONS PROTECTION

CD16-00-005400 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.

SYSTEM AND COMMUNICATIONS PROTECTION

CD16-00-005600 - Access to database files must be limited to relevant processes and to authorized, administrative users.

SYSTEM AND COMMUNICATIONS PROTECTION

CD16-00-005700 - PostgreSQL must check the validity of all data inputs except those specifically identified by the organization.

SYSTEM AND INFORMATION INTEGRITY

CD16-00-005800 - PostgreSQL and associated applications must reserve the use of dynamic code execution for situations that require it.

SYSTEM AND INFORMATION INTEGRITY

CD16-00-007300 - PostgreSQL must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity.

AUDIT AND ACCOUNTABILITY

CD16-00-007400 - PostgreSQL must provide an immediate real-time alert to appropriate support staff of all audit log failures.

AUDIT AND ACCOUNTABILITY

CD16-00-008100 - PostgreSQL must require users to reauthenticate when organization-defined circumstances or situations require reauthentication.

IDENTIFICATION AND AUTHENTICATION

CD16-00-009100 - When updates are applied to the PostgreSQL software, any software components that have been replaced or made unnecessary must be removed.

SYSTEM AND INFORMATION INTEGRITY

CD16-00-009500 - PostgreSQL must generate audit records when unsuccessful attempts to access security objects occur.

AUDIT AND ACCOUNTABILITY

DISA_STIG_Crunchy_Data_Postgres_16_v1r2_Unix.audit from DISA Crunchy Data Postgres 16 STIG v1r2