DISA STIG VMware vSphere 7.0 PostgreSQL v1r2

Audit Details

Name: DISA STIG VMware vSphere 7.0 PostgreSQL v1r2

Updated: 6/17/2024

Authority: DISA STIG

Plugin: Unix

Revision: 1.1

Estimated Item Count: 21

File Details

Filename: DISA_STIG_VMware_vSphere_7.0_vCA_PostgreSQL_v1r2.audit

Size: 47.3 kB

MD5: 56aa2eee9a99c2d8826f0a199cce97b9
SHA256: 4ab0f75d8242604946de9c692582036db5d4124639071fb5e0df07cd108b4f9f

Audit Items

DescriptionCategories
DISA_STIG_VMware_vSphere_7.0_vCA_PostgreSQL_v1r2.audit from DISA VMware vSphere 7.0 vCenter Appliance PostgreSQL v1r2 STIG
VCPG-70-000001 - VMware Postgres must limit the number of connections.

ACCESS CONTROL

VCPG-70-000002 - VMware Postgres log files must contain required fields.

AUDIT AND ACCOUNTABILITY

VCPG-70-000003 - VMware Postgres configuration files must not be accessible by unauthorized users.

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

VCPG-70-000004 - VMware Postgres must be configured to overwrite older logs when necessary.

AUDIT AND ACCOUNTABILITY

VCPG-70-000005 - The VMware Postgres database must protect log files from unauthorized access and modification.

AUDIT AND ACCOUNTABILITY

VCPG-70-000006 - All vCenter database (VCDB) tables must be owned by the 'vc' user account.

CONFIGURATION MANAGEMENT

VCPG-70-000007 - VMware Postgres must limit modify privileges to authorized accounts.

CONFIGURATION MANAGEMENT

VCPG-70-000008 - VMware Postgres must be configured to use the correct port.

CONFIGURATION MANAGEMENT

VCPG-70-000009 - VMware Postgres must require authentication on all connections.

IDENTIFICATION AND AUTHENTICATION

VCPG-70-000010 - The vPostgres database must use 'md5' for authentication.

IDENTIFICATION AND AUTHENTICATION

VCPG-70-000011 - VMware Postgres must be configured to use Transport Layer Security (TLS).

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

VCPG-70-000012 - VMware Postgres must enforce authorized access to all public key infrastructure (PKI) private keys.

IDENTIFICATION AND AUTHENTICATION

VCPG-70-000013 - VMware Postgres must use FIPS 140-2 approved Transport Layer Security (TLS) ciphers.

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

VCPG-70-000014 - VMware Postgres must write log entries to disk prior to returning operation success or failure.

SYSTEM AND COMMUNICATIONS PROTECTION

VCPG-70-000015 - VMware Postgres must not allow schema access to unauthorized accounts.

SYSTEM AND COMMUNICATIONS PROTECTION

VCPG-70-000016 - VMware Postgres must provide nonprivileged users with minimal error information.

SYSTEM AND INFORMATION INTEGRITY

VCPG-70-000017 - VMware Postgres must have log collection enabled.

AUDIT AND ACCOUNTABILITY, CONFIGURATION MANAGEMENT

VCPG-70-000018 - VMware Postgres must be configured to log to 'stderr'.

AUDIT AND ACCOUNTABILITY

VCPG-70-000019 - 'Rsyslog' must be configured to monitor VMware Postgres logs.

AUDIT AND ACCOUNTABILITY

VCPG-70-000020 - VMware Postgres must use Coordinated Universal Time (UTC) for log timestamps.

AUDIT AND ACCOUNTABILITY