| 3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - pgaudit installed | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 4.5 Use pg_permission extension to audit object permissions | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 4.5 Use pg_permission extension to audit object permissions | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.7 Make use of predefined roles | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.7 Make use of predefined roles | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.8 Make use of default roles | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 4.8 Make use of default roles | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 4.9 Make use of predefined roles | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.9 Make use of predefined roles | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.1 Do Not Specify Passwords in the Command Line | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Ensure 'Superuser' Runtime Parameters are Configured | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL |
| 6.9 Ensure the pgcrypto extension is installed and configured correctly | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.11 Ensure the pgcrypto extension is installed and configured correctly | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.1 Ensure PostgreSQL configuration files are outside the data cluster | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 8.1 Ensure PostgreSQL configuration files are outside the data cluster | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| CD12-00-007400 - PostgreSQL must be configured to provide audit record generation for DoD-defined auditable events within all DBMS/database components. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| CD12-00-008100 - PostgreSQL must use NSA-approved cryptography to protect classified information in accordance with the data owner's requirements. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_IBM_DB2_10_v1.1.0_Level_1_OS_Windows.audit from CIS DB2 10.x Windows OS | CIS IBM DB2 v10 v1.1.0 Windows OS Level 1 | Windows | |
| DO0120-ORACLE11 - The Oracle software installation account should not be granted excessive host system privileges - 'Oracle service account group membership is correct' | DISA STIG Oracle 11 Installation v9r1 Windows | Windows | ACCESS CONTROL |
| EP11-00-002600 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized read access. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| EP11-00-002800 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| EP11-00-003000 - The EDB Postgres Advanced Server must protect its audit configuration from unauthorized modification. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | AUDIT AND ACCOUNTABILITY |
| EP11-00-003200 - Software, applications, and configuration files that are part of, or related to, the Postgres Plus Advanced Server installation must be monitored to discover unauthorized changes. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-003800 - Unused database components, EDB Postgres Advanced Server software, and database objects must be removed. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-003900 - Unused database components which are integrated in the EDB Postgres Advanced Server and cannot be uninstalled must be disabled. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-004000 - Access to external executables must be disabled or restricted. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-004200 - The EDB Postgres Advanced Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EP11-00-004400 - If passwords are used for authentication, the EDB Postgres Advanced Server must transmit only encrypted representations of passwords. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION |
| EP11-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for all cryptographic operations including generation of cryptographic hashes and data protection. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-006100 - Access to database files must be limited to relevant processes and to authorized, administrative users. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-008500 - The EDB Postgres Advanced Server must enforce access restrictions associated with changes to the configuration of the EDB Postgres Advanced Server or database(s). | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-008700 - The EDB Postgres Advanced Server must disable network functions, ports, protocols, and services deemed by the organization to be nonsecure, in accord with the Ports, Protocols, and Services Management (PPSM) guidance. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | CONFIGURATION MANAGEMENT |
| EP11-00-009100 - The EDB Postgres Advanced Server must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EP11-00-009600 - The EDB Postgres Advanced Server must maintain the confidentiality and integrity of information during reception. | EDB PostgreSQL Advanced Server v11 Windows OS Audit v2r4 | Windows | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-007900 - The EDB Postgres Advanced Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-004300 - When updates are applied to PostgreSQL software, any software components that have been replaced or made unnecessary must be removed. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| PGS9-00-005200 - PostgreSQL must generate audit records when security objects are deleted. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005800 - PostgreSQL must generate audit records for all privileged activities or other system-level access. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-006100 - PostgreSQL must generate audit records when privileges/permissions are deleted. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-006400 - PostgreSQL must generate audit records when privileges/permissions are modified. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-007200 - PostgreSQL must maintain the confidentiality and integrity of information during preparation for transmission. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-007400 - PostgreSQL must provide audit record generation capability for DoD-defined auditable events within all DBMS/database components. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-008700 - PostgreSQL must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-009600 - PostgreSQL must enforce access restrictions associated with changes to the configuration of PostgreSQL or database(s). | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | CONFIGURATION MANAGEMENT |
| PGS9-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity - capacity | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-004500 - The EDB Postgres Advanced Server, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-007900 - The EDB Postgres Advanced Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| TNS_IBM_HTTP_Server_Linux_Best_Practice_Middleware.audit | TNS IBM HTTP Server Best Practice Middleware | Unix | |
| WBSP-AS-000920 - The WebSphere Application Server files must be owned by the non-root WebSphere user ID. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | CONFIGURATION MANAGEMENT |
| WBSP-AS-000920 - The WebSphere Application Server files must be owned by the non-root WebSphere user ID. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | CONFIGURATION MANAGEMENT |
