1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 12 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 14 OS v 1.2.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
3.1.5 Ensure the filename pattern for log files is set correctly | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
3.1.5 Ensure the filename pattern for log files is set correctly | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
3.1.5 Ensure the filename pattern for log files is set correctly | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
3.1.5 Ensure the filename pattern for log files is set correctly | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
3.1.7 Ensure 'log_truncate_on_rotation' is enabled | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
3.1.7 Ensure 'log_truncate_on_rotation' is enabled | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
3.1.7 Ensure 'log_truncate_on_rotation' is enabled | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
3.1.7 Ensure 'log_truncate_on_rotation' is enabled | CIS PostgreSQL 13 DB v1.2.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
3.1.7 Ensure 'log_truncate_on_rotation' is enabled | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
4.4 Rebuild the images to include security patches | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
4.5 Ensure The Latest Version of The Password File Is Used | CIS Oracle Database 23ai v1.0.0 L1 RDBMS | OracleDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2012 Database L1 DB v1.6.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2019 v1.5.0 L1 Database Engine | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2008 R2 DB Engine L1 v1.7.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS SQL Server 2012 Database L1 AWS RDS v1.6.0 | MS_SQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
7.1 Ensure 'Symmetric Key encryption algorithm' is set to 'AES_128' or higher in non-system databases | CIS Microsoft SQL Server 2019 v1.5.0 L1 AWS RDS | MS_SQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
9.6 Secure the permission of the IBMLDAPSecurity.ini file | CIS IBM DB2 v10 v1.1.0 Linux OS Level 1 | Unix | |
9.6 Secure the permission of the IBMLDAPSecurity.ini file | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | |
9.6 Secure the permission of the IBMLDAPSecurity.ini file | CIS IBM DB2 v10 v1.1.0 Linux OS Level 2 | Unix | |
9.6 Set 'Turn off Crash Detection' to 'Enabled' | CIS IE 9 v1.0.0 | Windows | CONFIGURATION MANAGEMENT |
APPL-14-002006 The macOS system must disable Unix-to-Unix Copy Protocol service. | DISA Apple macOS 14 (Sonoma) STIG v2r3 | Unix | ACCESS CONTROL |
CD12-00-009100 - Access to external executables must be disabled or restricted. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
CD12-00-010300 - PostgreSQL must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
Ensure 'aaa local authentication max failed attempts' is set to less than or equal to '3' | Tenable Cisco Firepower Best Practices Audit | Cisco | ACCESS CONTROL |
Ensure 'EIGRP authentication' is enabled | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
Ensure 'HTTP session timeout' is less than or equal to '5' minutes | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
Ensure 'Image Authenticity' is correct | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND INFORMATION INTEGRITY |
Ensure 'SNMP traps' is enabled - authentication | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
Ensure 'SNMP traps' is enabled - linkdown | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
Ensure 'SNMP traps' is enabled - linkup | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
Ensure 'TLS 1.0' is set for HTTPS access | Tenable Cisco Firepower Best Practices Audit | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
Ensure email logging is configured for critical to emergency | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
Ensure packet fragments are restricted for untrusted interfaces | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
Ensure that the 'local-infile' database flag for a Cloud Databases Mysql instance is set to '0' | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
Ensure that the 'skip_show_database' database flag for a Cloud Databases Mysql instance is set to '1' | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
Ensure timezone is properly configured | Tenable Cisco Firepower Best Practices Audit | Cisco | CONFIGURATION MANAGEMENT |
EP11-00-003210 - EDB Postgres Advanced Server software modules, to include stored procedures, functions, and triggers must be monitored to discover unauthorized changes. | EDB PostgreSQL Advanced Server v11 DB Audit v2r4 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
EPAS-00-001100 - The EDB Postgres Advanced Server must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
EPAS-00-004600 - The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/used by the EDB Postgres Advanced Server. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
EPAS-00-006100 - Access to database files must be limited to relevant processes and to authorized, administrative users. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
O121-C2-014100 - The DBMS must support organizational requirements to enforce password complexity by the number of uppercase characters used. | DISA STIG Oracle 12c v3r2 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
PGS9-00-009100 - Access to external executables must be disabled or restricted. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
PGS9-00-011800 - PostgreSQL must map the PKI-authenticated identity to an associated user account. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | IDENTIFICATION AND AUTHENTICATION |
PPS9-00-002800 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
PPS9-00-004600 - The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/utilized by the EDB Postgres Advanced Server. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
PPS9-00-006100 - Access to database files must be limited to relevant processes and to authorized, administrative users. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
Review the list of Database Backups | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONTINGENCY PLANNING |
vCenter : monitor-admin-assignment | VMWare vSphere 5.X Hardening Guide | VMware | |