| PGS9-00-000100 - PostgreSQL must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments. | CONFIGURATION MANAGEMENT |
| PGS9-00-000200 - PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - log_error_verbosity | AUDIT AND ACCOUNTABILITY |
| PGS9-00-000200 - PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - log_line_prefix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-000200 - PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - pgaudit extension installed | AUDIT AND ACCOUNTABILITY |
| PGS9-00-000200 - PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - pgaudit loaded | AUDIT AND ACCOUNTABILITY |
| PGS9-00-000200 - PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - pgaudit.log | AUDIT AND ACCOUNTABILITY |
| PGS9-00-000200 - PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - pgaudit.log_catalog | AUDIT AND ACCOUNTABILITY |
| PGS9-00-000200 - PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - pgaudit.log_level | AUDIT AND ACCOUNTABILITY |
| PGS9-00-000200 - PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - pgaudit.log_parameter | AUDIT AND ACCOUNTABILITY |
| PGS9-00-000200 - PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events - pgaudit.log_statement_once | AUDIT AND ACCOUNTABILITY |
| PGS9-00-000300 - Security-relevant software updates to PostgreSQL must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-000600 - PostgreSQL must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries. | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-001200 - PostgreSQL must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types - roles | ACCESS CONTROL |
| PGS9-00-001200 - PostgreSQL must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types - system | ACCESS CONTROL |
| PGS9-00-001800 - PostgreSQL must check the validity of all data inputs except those specifically identified by the organization. | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-001900 - PostgreSQL and associated applications must reserve the use of dynamic code execution for situations that require it. | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-002000 - PostgreSQL and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack. | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-002400 - PostgreSQL must record time stamps, in audit records and application data, that can be mapped to Coordinated Universal Time (UTC, formerly GMT). | AUDIT AND ACCOUNTABILITY |
| PGS9-00-002700 - PostgreSQL must provide an immediate real-time alert to appropriate support staff of all audit log failures. | AUDIT AND ACCOUNTABILITY |
| PGS9-00-003000 - PostgreSQL must maintain the confidentiality and integrity of information during reception. | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-003200 - The PostgreSQL software installation account must be restricted to authorized users. | CONFIGURATION MANAGEMENT |
| PGS9-00-003500 - PostgreSQL must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject. | AUDIT AND ACCOUNTABILITY |
| PGS9-00-003600 - Execution of software modules (to include functions and trigger procedures) with elevated privileges must be restricted to necessary cases only. | ACCESS CONTROL |
| PGS9-00-003700 - When invalid inputs are received, PostgreSQL must behave in a predictable and documented manner that reflects organizational and system objectives. | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-003800 - PostgreSQL must utilize centralized management of the content captured in audit records generated by all components of PostgreSQL - log_destination | AUDIT AND ACCOUNTABILITY |
| PGS9-00-003800 - PostgreSQL must utilize centralized management of the content captured in audit records generated by all components of PostgreSQL - syslog_facility | AUDIT AND ACCOUNTABILITY |
| PGS9-00-004100 - PostgreSQL must produce audit records of its enforcement of access restrictions associated with changes to the configuration of PostgreSQL or database(s). | CONFIGURATION MANAGEMENT |
| PGS9-00-004400 - PostgreSQL must generate audit records when categorized information (e.g., classification levels/security levels) is accessed. | AUDIT AND ACCOUNTABILITY |
| PGS9-00-004500 - PostgreSQL must generate audit records when unsuccessful attempts to access security objects occur. | AUDIT AND ACCOUNTABILITY |
| PGS9-00-004600 - PostgreSQL must generate audit records when unsuccessful logons or connection attempts occur - log_connections | AUDIT AND ACCOUNTABILITY |
| PGS9-00-004600 - PostgreSQL must generate audit records when unsuccessful logons or connection attempts occur - log_line_prefix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-004700 - PostgreSQL must generate audit records showing starting and ending time for user access to the database(s) - log_connections | AUDIT AND ACCOUNTABILITY |
| PGS9-00-004700 - PostgreSQL must generate audit records showing starting and ending time for user access to the database(s) - log_disconnection | AUDIT AND ACCOUNTABILITY |
| PGS9-00-004700 - PostgreSQL must generate audit records showing starting and ending time for user access to the database(s) - log_line_prefix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-004800 - PostgreSQL must generate audit records when unsuccessful attempts to modify security objects occur. | AUDIT AND ACCOUNTABILITY |
| PGS9-00-004900 - PostgreSQL must generate audit records when privileges/permissions are added. | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005000 - PostgreSQL must generate audit records when unsuccessful attempts to delete categorized information (e.g., classification levels/security levels) occur. | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005100 - PostgreSQL must generate audit records when successful logons or connections occur - log_connections | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005100 - PostgreSQL must generate audit records when successful logons or connections occur - log_line_prefix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005200 - PostgreSQL must generate audit records when security objects are deleted. | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005300 - PostgreSQL must generate audit records when unsuccessful attempts to retrieve privileges/permissions occur. | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005400 - PostgreSQL must generate audit records when unsuccessful attempts to delete privileges/permissions occur. | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005500 - PostgreSQL must be able to generate audit records when privileges/permissions are retrieved - pgaudit.log | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005500 - PostgreSQL must be able to generate audit records when privileges/permissions are retrieved - pgaudit.log_catalog | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005500 - PostgreSQL must be able to generate audit records when privileges/permissions are retrieved - shared_preload_libraries | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005600 - PostgreSQL must generate audit records when unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur. | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005700 - PostgreSQL must generate audit records when unsuccessful accesses to objects occur. | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005800 - PostgreSQL must generate audit records for all privileged activities or other system-level access - pgaudit.log | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005800 - PostgreSQL must generate audit records for all privileged activities or other system-level access - shared_preload_libraries | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005900 - PostgreSQL must generate audit records when unsuccessful attempts to access categorized information (e.g., classification levels/security levels) occur. | AUDIT AND ACCOUNTABILITY |
