| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 10 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Ensure Installation of Binary Packages | CIS PostgreSQL 10 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Ensure Installation of Binary Packages | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 2.1 Ensure the file permissions mask is correct | CIS PostgreSQL 12 OS v1.1.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.1 Ensure the file permissions mask is correct | CIS PostgreSQL 10 OS v1.0.0 | Unix | ACCESS CONTROL |
| 2.1 Ensure the file permissions mask is correct | CIS PostgreSQL 11 OS v1.0.0 | Unix | ACCESS CONTROL |
| 2.1 Ensure the file permissions mask is correct | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | ACCESS CONTROL |
| 2.2 Ensure the PostgreSQL pg_wheel group membership is correct - /etc/group | CIS PostgreSQL 10 OS v1.0.0 | Unix | ACCESS CONTROL |
| 2.2 Ensure the PostgreSQL pg_wheel group membership is correct - /etc/passwd | CIS PostgreSQL 11 OS v1.0.0 | Unix | ACCESS CONTROL |
| 2.2 Ensure the PostgreSQL pg_wheel group membership is correct - /etc/passwd | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | ACCESS CONTROL |
| 2.2 Ensure the PostgreSQL pg_wheel group membership is correct - /etc/passwd | CIS PostgreSQL 10 OS v1.0.0 | Unix | ACCESS CONTROL |
| 2.5 Do not use the aufs storage driver | CIS Docker 1.12.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.5 Do not use the aufs storage driver | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.5 Do not use the aufs storage driver | CIS Docker 1.11.0 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 2.7 Do not use the aufs storage driver | CIS Docker 1.6 v1.0.0 L1 Docker | Unix | CONFIGURATION MANAGEMENT |
| 3.1.2 Ensure the log destinations are set correctly | CIS PostgreSQL 13 v1.3.0 L1 Database PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.2 Ensure the log destinations are set correctly | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.3 Ensure the logging collector is enabled | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.3 Ensure the logging collector is enabled | CIS PostgreSQL 14 DB v 1.3.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 4.2 Ensure valid public keys are installed | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.3 Ensure excessive function privileges are revoked | CIS PostgreSQL 10 OS v1.0.0 | Unix | ACCESS CONTROL |
| 4.3 Ensure excessive function privileges are revoked | CIS PostgreSQL 11 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.2 Ensure login via 'host' TCP/IP Socket is configured correctly | CIS PostgreSQL 12 OS v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2 Ensure login via 'host' TCP/IP Socket is configured correctly | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2 Ensure login via 'host' TCP/IP Socket is configured correctly | CIS PostgreSQL 10 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.2 Ensure login via "host" TCP/IP Socket is configured correctly | CIS PostgreSQL 11 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.1 Ensure 'Attack Vectors' Runtime Parameters are Configured | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabled | CIS PostgreSQL 11 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabled | CIS PostgreSQL 10 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabled | CIS PostgreSQL 12 OS v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - fips_enabled | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl version | CIS PostgreSQL 11 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl version | CIS PostgreSQL 12 OS v1.1.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl version | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure WAL archiving is configured and functional - archive_command | CIS PostgreSQL 11 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.3 Ensure WAL archiving is configured and functional - archive_command | CIS PostgreSQL 10 OS v1.0.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.4 Ensure WAL archiving is configured and functional - archive_mode | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2 Ensure the backup and restore tool, 'pgBackRest', is installed and configured - pgBackRest, is installed and configured | CIS PostgreSQL 12 OS v1.1.0 | Unix | CONTINGENCY PLANNING |
| 8.3 Ensure the backup and restore tool, 'pgBackRest', is installed and configured | CIS PostgreSQL 10 OS v1.0.0 | Unix | CONTINGENCY PLANNING |
| 8.3 Ensure the backup and restore tool, 'pgBackRest', is installed and configured | CIS PostgreSQL 11 OS v1.0.0 | Unix | CONTINGENCY PLANNING |
| 9.6 Ensure root PATH Integrity, No Group/World-Writable Directory In root's $PATH | CIS Solaris 10 L1 v5.2 | Unix | ACCESS CONTROL |
| ALMA-09-004310 - AlmaLinux OS 9 must use the TuxCare ESU repository. | DISA Cloud Linux AlmaLinux OS 9 STIG v1r5 | Unix | ACCESS CONTROL, MAINTENANCE, SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'local-infile' database flag for a Cloud Databases Mysql instance is set to '0' | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'max_allowed_packet' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'max_connect_errors' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'max_connections' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| Ensure that the 'max_user_connections' database flag for a Cloud Databases Mysql instance is set | Tenable Best Practices RackSpace v2.0.0 | Rackspace | SYSTEM AND COMMUNICATIONS PROTECTION |
| JBOS-AS-000045 - Silent Authentication must be removed from the Default Application Security Realm. | DISA JBoss Enterprise Application Platform 6.3 STIG v2r6 | Unix | ACCESS CONTROL |
| Review the list of Database Backups | Tenable Best Practices RackSpace v2.0.0 | Rackspace | CONTINGENCY PLANNING |
