| 2.1 Ensure the file permissions mask is correct | CIS PostgreSQL 14 OS v 1.2.0 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 2.4 Ensure Passwords are Not Stored in the service file | CIS PostgreSQL 14 OS v 1.2.0 | Unix | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - pgaudit installed | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 4.5 Use pg_permission extension to audit object permissions | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 4.5 Use pg_permission extension to audit object permissions | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.7 Make use of predefined roles | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.7 Make use of predefined roles | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.8 Make use of default roles | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 4.8 Make use of default roles | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 4.9 Make use of predefined roles | CIS PostgreSQL 14 DB v 1.2.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.9 Make use of predefined roles | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 5.1 Do Not Specify Passwords in the Command Line | CIS PostgreSQL 13 DB v1.2.0 | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Do Not Specify Passwords in the Command Line | CIS PostgreSQL 14 OS v 1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1 Do Not Specify Passwords in the Command Line | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.1.7 Ensure No World Writable Folders Exist in the Library Folder | CIS Apple macOS 13.0 Ventura v3.1.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.1.7 Ensure No World Writable Folders Exist in the Library Folder | CIS Apple macOS 14.0 Sonoma v2.1.0 L2 | Unix | ACCESS CONTROL, MEDIA PROTECTION |
| 5.3.1 Remove operating system related ESPs - sybsyesp.so | CIS Sybase 15.0 L2 OS Unix v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 5.4 Ensure login via 'host' TCP/IP Socket is configured correctly | CIS PostgreSQL 14 OS v 1.2.0 | Unix | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.5 Ensure 'Superuser' Runtime Parameters are Configured | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 6.5 Ensure 'Superuser' Runtime Parameters are Configured | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.5 Ensure 'Superuser' Runtime Parameters are Configured | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.5 Ensure 'Superuser' Runtime Parameters are Configured | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL |
| 6.9 Ensure the pgcrypto extension is installed and configured correctly | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.9 Ensure the pgcrypto extension is installed and configured correctly | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.9 Ensure the pgcrypto extension is installed and configured correctly | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.11 Ensure the pgcrypto extension is installed and configured correctly | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.12 Update the Java Runtime Environment (JRE) regularly if Java is in use | CIS Sybase 15.0 L2 OS Unix v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 8.1 Ensure PostgreSQL configuration files are outside the data cluster | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 8.1 Ensure PostgreSQL configuration files are outside the data cluster | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 8.2 Ensure the backup and restore tool, 'pgBackRest', is installed and configured | CIS PostgreSQL 14 OS v 1.2.0 | Unix | CONTINGENCY PLANNING |
| 8.8 Secure the permissions of the SSLconfig.ini file | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Windows | Windows | |
| 8.8 Secure the permissions of the SSLconfig.ini file | CIS IBM DB2 9 Benchmark v3.0.1 Level 1 OS Linux | Unix | |
| CD12-00-003200 - The PostgreSQL software installation account must be restricted to authorized users. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| CD12-00-007400 - PostgreSQL must be configured to provide audit record generation for DoD-defined auditable events within all DBMS/database components. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| CD12-00-008100 - PostgreSQL must use NSA-approved cryptography to protect classified information in accordance with the data owner's requirements. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD12-00-011400 - PostgreSQL must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values. | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-007900 - The EDB Postgres Advanced Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | EnterpriseDB PostgreSQL Advanced Server DB v2r1 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| O19C-00-019800 - Oracle Database must, for password-based authentication, verify that when users create or update passwords, the passwords are not found on the list of commonly used, expected, or compromised passwords in IA-5 (1) (a). | DISA Oracle Database 19c STIG v1r1 Database | OracleDB | IDENTIFICATION AND AUTHENTICATION |
| PGS9-00-000200 - PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005200 - PostgreSQL must generate audit records when security objects are deleted. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-005800 - PostgreSQL must generate audit records for all privileged activities or other system-level access. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-006100 - PostgreSQL must generate audit records when privileges/permissions are deleted. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-006400 - PostgreSQL must generate audit records when privileges/permissions are modified. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-007400 - PostgreSQL must provide audit record generation capability for DoD-defined auditable events within all DBMS/database components. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-008700 - PostgreSQL must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-009600 - PostgreSQL must enforce access restrictions associated with changes to the configuration of PostgreSQL or database(s). | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | CONFIGURATION MANAGEMENT |
| PGS9-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity - capacity | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-004500 - The EDB Postgres Advanced Server, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | IDENTIFICATION AND AUTHENTICATION |
| PPS9-00-007900 - The EDB Postgres Advanced Server must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements. | EDB PostgreSQL Advanced Server DB Audit v2r3 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| TNS_IBM_HTTP_Server_Linux_Best_Practice_Middleware.audit | TNS IBM HTTP Server Best Practice Middleware | Unix | |
