| 1.1.4 (L1) Ensure administrative accounts use licenses with a reduced application footprint | CIS Microsoft 365 Foundations v5.0.0 L1 E3 | microsoft_azure | ACCESS CONTROL |
| 3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - show pgaudit.log | CIS PostgreSQL 12 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 4.1 Ensure yearly rekeying is enabled for a Snowflake account | CIS Snowflake Foundations v1.0.0 L2 | Snowflake | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 4.12 Ensure the Latest Operating System Updates Are Installed On Your Virtual Machines in All Projects | CIS Google Cloud Platform v3.0.0 L2 | GCP | SYSTEM AND SERVICES ACQUISITION |
| 6.2.5 Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning' | CIS Google Cloud Platform v3.0.0 L1 | GCP | AUDIT AND ACCOUNTABILITY |
| 6.9 Ensure the pgcrypto extension is installed and configured correctly | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| CD12-00-000300 - Security-relevant software updates to PostgreSQL must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs). | DISA STIG Crunchy Data PostgreSQL DB v3r1 | PostgreSQLDB | SYSTEM AND INFORMATION INTEGRITY |
| CD12-00-000400 - The audit information produced by PostgreSQL must be protected from unauthorized modification. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| CD12-00-001100 - PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in transmission. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | ACCESS CONTROL |
| CD12-00-001300 - The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (functions, trigger procedures, links to software external to PostgreSQL, etc.) must be restricted to authorized users. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | CONFIGURATION MANAGEMENT |
| CD12-00-002200 - PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | ACCESS CONTROL |
| CD12-00-002500 - PostgreSQL must reveal detailed error messages only to the ISSO, ISSM, SA, and DBA. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| CD12-00-007000 - PostgreSQL, when utilizing PKI-based authentication, must validate certificates by performing RFC 5280-compliant certification path validation. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| CD12-00-008000 - PostgreSQL must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD12-00-008200 - PostgreSQL must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the data owner's requirements. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD12-00-008500 - PostgreSQL must separate user functionality (including user interface services) from database management functionality. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CD12-00-009400 - PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in process. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | ACCESS CONTROL |
| CD12-00-009900 - The system must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| CD12-00-011200 - PostgreSQL must protect its audit features from unauthorized removal. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | AUDIT AND ACCOUNTABILITY |
| CD12-00-012000 - Access to database files must be limited to relevant processes and to authorized, administrative users. | DISA STIG Crunchy Data PostgreSQL OS v3r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| CIS_PostgreSQL_9.5_v1.1.0_L1_OS_Linux.audit from CIS PostgreSQL 9.5 Benchmark v1.1.0 | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | |
| CIS_PostgreSQL_16_v1.0.0_L1_OS_Linux.audit from CIS PostgreSQL 16 Benchmark v1.0.0 | CIS PostgreSQL 16 OS v1.0.0 | Unix | |
| EPAS-00-002300 - The EDB Postgres Advanced Server must, by default, shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-002400 - The EDB Postgres Advanced Server must be configurable to overwrite audit log records, oldest first (First-In-First-Out [FIFO]), in the event of unavailability of space for more audit log records. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-002600 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized read access. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-002700 - The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized modification. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-002900 - The EDB Postgres Advanced Server must protect its audit features from unauthorized access. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-003000 - The EDB Postgres Advanced Server must protect its audit configuration from unauthorized modification. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-003100 - The EDB Postgres Advanced Server must protect its audit features from unauthorized removal. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | AUDIT AND ACCOUNTABILITY |
| EPAS-00-003200 - Software, applications, and configuration files that are part of, or related to, the EDB Postgres Advanced Server installation must be monitored to discover unauthorized changes. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | CONFIGURATION MANAGEMENT |
| EPAS-00-003400 - Database software, including EDB Postgres Advanced Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | CONFIGURATION MANAGEMENT |
| EPAS-00-004000 - Access to external executables must be disabled or restricted. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | CONFIGURATION MANAGEMENT |
| EPAS-00-004200 - The EDB Postgres Advanced Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users). | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| EPAS-00-004900 - The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for cryptographic operations. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| EPAS-00-005000 - The EDB Postgres Advanced Server must uniquely identify and authenticate nonorganizational users (or processes acting on behalf of nonorganizational users). | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | IDENTIFICATION AND AUTHENTICATION |
| EPAS-00-005100 - The EDB Postgres Advanced Server must separate user functionality (including user interface services) from database management functionality. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-007300 - The EDB Postgres Advanced Server must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | ACCESS CONTROL |
| EPAS-00-007400 - The EDB Postgres Advanced Server must prevent nonprivileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | ACCESS CONTROL |
| EPAS-00-012700 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-012800 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to generate and validate cryptographic hashes. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| EPAS-00-012900 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the requirements of the data owner. | EnterpriseDB PostgreSQL Advanced Server OS Linux v2r1 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-003500 - PostgreSQL must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-004200 - The audit information produced by PostgreSQL must be protected from unauthorized read access - log directory | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-004200 - The audit information produced by PostgreSQL must be protected from unauthorized read access - log files | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-004200 - The audit information produced by PostgreSQL must be protected from unauthorized read access - log_file_mode | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | AUDIT AND ACCOUNTABILITY |
| PGS9-00-007200 - PostgreSQL must maintain the confidentiality and integrity of information during preparation for transmission. | DISA STIG PostgreSQL 9.x on RHEL OS v2r5 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PGS9-00-007700 - PostgreSQL must generate time stamps, for audit records and application data, with a minimum granularity of one second. | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| PGS9-00-012700 - PostgreSQL must generate audit records for all direct access to the database(s). | DISA STIG PostgreSQL 9.x on RHEL DB v2r5 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
