Detections
Analytics

EDB PostgreSQL Advanced Server v11 DB Audit v2r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: EDB PostgreSQL Advanced Server v11 DB Audit v2r2

Updated: 6/17/2024

Authority: DISA STIG

Plugin: PostgreSQLDB

Revision: 1.2

Estimated Item Count: 55

File Details

Filename: DISA_STIG_EDB_PostgreSQL_Advanced_Server_v11_Windows_v2r2_Database.audit

Size: 187 kB

MD5: 20a6ee853d9d9c818d048ca81cb48e5b
SHA256: c3c236840fe2480cd45f26aa0ea3a78f4efe54e1f6e2ce5cd6b4ea7f0a4c61c8

Audit Items

DescriptionCategories
EP11-00-000100 - The EDB Postgres Advanced Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types - Administrators
EP11-00-000100 - The EDB Postgres Advanced Server must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types - Users
EP11-00-000800 - The EDB Postgres Advanced Server must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
EP11-00-000900 - The EDB Postgres Advanced Server must protect against a user falsely repudiating by ensuring all accounts are individual, unique, and not shared.
EP11-00-001000 - The EDB Postgres Advanced Server must be configured to provide audit record generation capability for DoD-defined auditable events within all EDB Postgres Advanced Server/database components.
EP11-00-001200 - The EDB Postgres Advanced Server must generate audit records for DoD-defined auditable events.
EP11-00-001400 - The EDB Postgres Advanced Server must initiate support of session auditing upon startup - edb_audit
EP11-00-001400 - The EDB Postgres Advanced Server must initiate support of session auditing upon startup - edb_audit_statement
EP11-00-002200 - The EDB Postgres Advanced Server must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.
EP11-00-003210 - EDB Postgres Advanced Server software modules, to include stored procedures, functions, and triggers must be monitored to discover unauthorized changes.
EP11-00-003300 - The EDB Postgres Advanced Server software installation account must be restricted to authorized users.
EP11-00-003500 - Database objects (including but not limited to tables, indexes, storage, stored procedures, functions, triggers, links to software external to the EDB Postgres Advanced Server, etc.) must be owned by database/EDB Postgres Advanced Server principals authorized for ownership.
EP11-00-003700 - Default, demonstration and sample databases, database objects, and applications must be removed.
EP11-00-004100 - The EDB Postgres Advanced Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments - address
EP11-00-004100 - The EDB Postgres Advanced Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments - port
EP11-00-004250 - If DBMS authentication, using passwords, is employed, EDB Postgres Advanced Server must enforce the DoD standards for password complexity and lifetime.
EP11-00-004300 - If passwords are used for authentication, the EDB Postgres Advanced Server must store only hashed, salted representations of passwords.
EP11-00-004810 - Applications must obscure feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals.
EP11-00-004820 - When using command-line tools such as psql, users must use a logon method that does not expose the password.
EP11-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for all cryptographic operations including generation of cryptographic hashes and data protection - version
EP11-00-005000 - The DBMS must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).
EP11-00-005100 - The EDB Postgres Advanced Server must separate user functionality (including user interface services) from database management functionality.
EP11-00-005600 - In the event of a system failure, the DBMS must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.
EP11-00-005800 - The EDB Postgres Advanced Server must isolate security functions from non-security functions.
EP11-00-005900 - Database contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.
EP11-00-006200 - The EDB Postgres Advanced Server must check the validity of all data inputs except those specifically identified by the organization.
EP11-00-006300 - The EDB Postgres Advanced Server and associated applications must reserve the use of dynamic code execution for situations that require it.
EP11-00-006400 - The EDB Postgres Advanced Server and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.
EP11-00-006500 - The EDB Postgres Advanced Server must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.
EP11-00-006600 - The EDB Postgres Advanced Server must reveal detailed error messages only to the ISSO, ISSM, SA, and DBA.
EP11-00-006700 - The EDB Postgres Advanced Server must automatically terminate a user session after organization-defined conditions or trigger events requiring session disconnect.
EP11-00-006900 - The EDB Postgres Advanced Server must associate organization-defined types of security labels having organization-defined security label values with information in storage.
EP11-00-007000 - The EDB Postgres Advanced Server must associate organization-defined types of security labels having organization-defined security label values with information in process.
EP11-00-007100 - The EDB Postgres Advanced Server must associate organization-defined types of security labels having organization-defined security label values with information in transmission.
EP11-00-007300 - EDB Postgres Advanced Server must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.
EP11-00-007400 - The EDB Postgres Advanced Server must prevent non-privileged users from executing privileged functions, to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
EP11-00-007500 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.
EP11-00-007510 - Execution of software modules (to include stored procedures, functions, and triggers) with elevated privileges must be restricted to necessary cases only.
EP11-00-007700 - The EDB Postgres Advanced Server must utilize centralized management of the content captured in audit records generated by all components of the EDB Postgres Advanced Server.
EP11-00-007800 - The EDB Postgres Advanced Server must provide centralized configuration of the content to be captured in audit records generated by all components of the EDB Postgres Advanced Server.
EP11-00-007900 - The EDB Postgres Advanced Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.
EP11-00-008100 - The EDB Postgres Advanced Server must provide an immediate real-time alert to appropriate support staff of all audit failure events requiring real-time alerts.
EP11-00-008800 - The EDB Postgres Advanced Server must require users to re-authenticate when organization-defined circumstances or situations require re-authentication.
EP11-00-009500 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during preparation for transmission.
EP11-00-009600 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during reception.
EP11-00-009700 - When invalid inputs are received, the EDB Postgres Advanced Server must behave in a predictable and documented manner that reflects organizational and system objectives.
EP11-00-009900 - Security-relevant software updates to the EDB Postgres Advanced Server must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).
EP11-00-011800 - The EDB Postgres Advanced Server must generate audit records when successful/unsuccessful logons, connections, or connection attempts occur.
EP11-00-012200 - The EDB Postgres Advanced Server must generate audit records showing starting and ending time for user access to the database(s) and concurrent logons/connections by the same user from different workstations - edb_audit_connect
EP11-00-012200 - The EDB Postgres Advanced Server must generate audit records showing starting and ending time for user access to the database(s) and concurrent logons/connections by the same user from different workstations - edb_audit_disconnect