DISA_STIG_PostgreSQL_9-x_on_RHEL_v2r3_OS.audit from DISA PostgreSQL 9.x v2r3 STIG | |
PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log directory | AUDIT AND ACCOUNTABILITY |
PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log files | AUDIT AND ACCOUNTABILITY |
PGS9-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification - log_file_mode | AUDIT AND ACCOUNTABILITY |
PGS9-00-000500 - PostgreSQL must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals. | ACCESS CONTROL |
PGS9-00-000700 - Privileges to change PostgreSQL software modules must be limited - binary objects | CONFIGURATION MANAGEMENT |
PGS9-00-000700 - Privileges to change PostgreSQL software modules must be limited - data | CONFIGURATION MANAGEMENT |
PGS9-00-000700 - Privileges to change PostgreSQL software modules must be limited - shared objects | CONFIGURATION MANAGEMENT |
PGS9-00-000710 - PostgreSQL must limit privileges to change functions and triggers, and links to software external to PostgreSQL - config | CONFIGURATION MANAGEMENT |
PGS9-00-000710 - PostgreSQL must limit privileges to change functions and triggers, and links to software external to PostgreSQL - database | CONFIGURATION MANAGEMENT |
PGS9-00-000800 - If passwords are used for authentication, PostgreSQL must transmit only encrypted representations of passwords. | IDENTIFICATION AND AUTHENTICATION |
PGS9-00-000900 - PostgreSQL must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies - authentication | ACCESS CONTROL |
PGS9-00-000900 - PostgreSQL must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies - role privileges | ACCESS CONTROL |
PGS9-00-000900 - PostgreSQL must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies - table privileges | ACCESS CONTROL |
PGS9-00-001100 - PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in transmission. | ACCESS CONTROL |
PGS9-00-001300 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (functions, trigger procedures, links to software external to PostgreSQL, etc.) must be restricted to authorized users - s used to modify database structure and logic modules must be restricted to authorized users. | CONFIGURATION MANAGEMENT |
PGS9-00-001400 - PostgreSQL must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users). | IDENTIFICATION AND AUTHENTICATION |
PGS9-00-001700 - PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in storage. | ACCESS CONTROL |
PGS9-00-002100 - PostgreSQL must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | AUDIT AND ACCOUNTABILITY |
PGS9-00-002200 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects - df+ | ACCESS CONTROL |
PGS9-00-002200 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects - dn | ACCESS CONTROL |
PGS9-00-002200 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects - ds | ACCESS CONTROL |
PGS9-00-002200 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects - dt | ACCESS CONTROL |
PGS9-00-002200 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects - dv | ACCESS CONTROL |
PGS9-00-002300 - The audit information produced by PostgreSQL must be protected from unauthorized deletion - log directory | AUDIT AND ACCOUNTABILITY |
PGS9-00-002300 - The audit information produced by PostgreSQL must be protected from unauthorized deletion - log files | AUDIT AND ACCOUNTABILITY |
PGS9-00-002300 - The audit information produced by PostgreSQL must be protected from unauthorized deletion - log_file_mode | AUDIT AND ACCOUNTABILITY |
PGS9-00-002500 - PostgreSQL must reveal detailed error messages only to the ISSO, ISSM, SA and DBA. | SYSTEM AND INFORMATION INTEGRITY |
PGS9-00-002600 - PostgreSQL must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - Config | AUDIT AND ACCOUNTABILITY |
PGS9-00-002600 - PostgreSQL must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - Data | AUDIT AND ACCOUNTABILITY |
PGS9-00-002600 - PostgreSQL must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited - Roles | AUDIT AND ACCOUNTABILITY |
PGS9-00-003000 - PostgreSQL must maintain the confidentiality and integrity of information during reception. | SYSTEM AND COMMUNICATIONS PROTECTION |
PGS9-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership - df+ | CONFIGURATION MANAGEMENT |
PGS9-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership - dn | CONFIGURATION MANAGEMENT |
PGS9-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership - ds | CONFIGURATION MANAGEMENT |
PGS9-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership - dt | CONFIGURATION MANAGEMENT |
PGS9-00-003100 - Database objects (including but not limited to tables, indexes, storage, trigger procedures, functions, links to software external to PostgreSQL, etc.) must be owned by database/DBMS principals authorized for ownership - dv | CONFIGURATION MANAGEMENT |
PGS9-00-003300 - Database software, including PostgreSQL configuration files, must be stored in dedicated directories separate from the host OS and other applications. | CONFIGURATION MANAGEMENT |
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - df+ custom tables | SYSTEM AND COMMUNICATIONS PROTECTION |
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - df+ information_schema | SYSTEM AND COMMUNICATIONS PROTECTION |
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - df+ pg_catalog | SYSTEM AND COMMUNICATIONS PROTECTION |
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - dp custom tables | SYSTEM AND COMMUNICATIONS PROTECTION |
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - dp information_schema | SYSTEM AND COMMUNICATIONS PROTECTION |
PGS9-00-004000 - PostgreSQL must isolate security functions from non-security functions - dp pg_catalog | SYSTEM AND COMMUNICATIONS PROTECTION |
PGS9-00-004200 - The audit information produced by PostgreSQL must be protected from unauthorized read access - log directory | AUDIT AND ACCOUNTABILITY |
PGS9-00-004200 - The audit information produced by PostgreSQL must be protected from unauthorized read access - log files | AUDIT AND ACCOUNTABILITY |
PGS9-00-004200 - The audit information produced by PostgreSQL must be protected from unauthorized read access - log_file_mode | AUDIT AND ACCOUNTABILITY |
PGS9-00-004300 - When updates are applied to PostgreSQL software, any software components that have been replaced or made unnecessary must be removed. | SYSTEM AND INFORMATION INTEGRITY |
PGS9-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation - hostssl cert | IDENTIFICATION AND AUTHENTICATION |
PGS9-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation - ssl_crl_file | IDENTIFICATION AND AUTHENTICATION |