| CD16-00-000600 - PostgreSQL must allow only the information system security manager (ISSM), or individuals or roles appointed by the ISSM, to select which events are to be audited. | AUDIT AND ACCOUNTABILITY |
| CD16-00-002000 - The audit information produced by PostgreSQL must be protected from unauthorized read access. | AUDIT AND ACCOUNTABILITY |
| CD16-00-002100 - The audit information produced by PostgreSQL must be protected from unauthorized modification. | AUDIT AND ACCOUNTABILITY |
| CD16-00-002200 - The audit information produced by PostgreSQL must be protected from unauthorized deletion. | AUDIT AND ACCOUNTABILITY |
| CD16-00-002300 - PostgreSQL must protect its audit features from unauthorized access. | AUDIT AND ACCOUNTABILITY |
| CD16-00-002400 - PostgreSQL must protect its audit configuration from unauthorized modification. | AUDIT AND ACCOUNTABILITY |
| CD16-00-002500 - PostgreSQL must protect its audit features from unauthorized removal. | AUDIT AND ACCOUNTABILITY |
| CD16-00-002600 - PostgreSQL must limit privileges to change software modules, to include stored procedures, functions and triggers, and links to software external to PostgreSQL. | CONFIGURATION MANAGEMENT |
| CD16-00-002700 - The PostgreSQL software installation account must be restricted to authorized users. | CONFIGURATION MANAGEMENT |
| CD16-00-002800 - Database software, including PostgreSQL configuration files, must be stored in dedicated directories, or DASD pools, separate from the host OS and other applications. | CONFIGURATION MANAGEMENT |
| CD16-00-002900 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to the DBMS, etc.) must be owned by database/PostgreSQL principals authorized for ownership. | CONFIGURATION MANAGEMENT |
| CD16-00-003000 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (stored procedures, functions, triggers, links to software external to PostgreSQL, etc.) must be restricted to authorized users. | CONFIGURATION MANAGEMENT |
| CD16-00-003300 - Unused database components that are integrated in PostgreSQL and cannot be uninstalled must be disabled. | CONFIGURATION MANAGEMENT |
| CD16-00-003600 - PostgreSQL must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | IDENTIFICATION AND AUTHENTICATION |
| CD16-00-003900 - If passwords are used for authentication, PostgreSQL must transmit only encrypted representations of passwords. | IDENTIFICATION AND AUTHENTICATION |
| CD16-00-004000 - PostgreSQL, when using PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | IDENTIFICATION AND AUTHENTICATION |
| CD16-00-004200 - PostgreSQL must map the PKI-authenticated identity to an associated user account. | IDENTIFICATION AND AUTHENTICATION |
| CD16-00-004400 - PostgreSQL must use NIST FIPS 140-2/140-3 validated cryptographic modules for cryptographic operations. | IDENTIFICATION AND AUTHENTICATION |
| CD16-00-005200 - PostgreSQL must protect the confidentiality and integrity of all information at rest. | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD16-00-005400 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy. | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD16-00-005600 - Access to database files must be limited to relevant processes and to authorized, administrative users. | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD16-00-005700 - PostgreSQL must check the validity of all data inputs except those specifically identified by the organization. | SYSTEM AND INFORMATION INTEGRITY |
| CD16-00-005800 - PostgreSQL and associated applications must reserve the use of dynamic code execution for situations that require it. | SYSTEM AND INFORMATION INTEGRITY |
| CD16-00-007300 - PostgreSQL must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity. | AUDIT AND ACCOUNTABILITY |
| CD16-00-007400 - PostgreSQL must provide an immediate real-time alert to appropriate support staff of all audit log failures. | AUDIT AND ACCOUNTABILITY |
| CD16-00-008100 - PostgreSQL must require users to reauthenticate when organization-defined circumstances or situations require reauthentication. | IDENTIFICATION AND AUTHENTICATION |
| CD16-00-009100 - When updates are applied to the PostgreSQL software, any software components that have been replaced or made unnecessary must be removed. | SYSTEM AND INFORMATION INTEGRITY |
| CD16-00-009500 - PostgreSQL must generate audit records when unsuccessful attempts to access security objects occur. | AUDIT AND ACCOUNTABILITY |
| DISA_STIG_Crunchy_Data_Postgres_16_v1r2_Unix.audit from DISA Crunchy Data Postgres 16 STIG v1r2 | |