| 1.162 RHEL-09-251010 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 1.163 RHEL-09-251015 | CIS Red Hat Enterprise Linux 9 STIG v1.0.0 CAT II | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
| 3.1.4 Ensure the log file destination directory is set correctly | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.6 Ensure the log file permissions are set correctly | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 3.1.9 Ensure the maximum log file size is set correctly | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.9 Ensure the maximum log file size is set correctly | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.10 Ensure the correct syslog facility is selected | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.11 Ensure syslog messages are not suppressed | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.11 Ensure syslog messages are not suppressed | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.14 Ensure the correct messages are written to the server log | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.15 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.16 Ensure 'debug_print_parse' is disabled | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.16 Ensure 'debug_print_parse' is disabled | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 3.1.19 Ensure 'debug_pretty_print' is enabled | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.20 Ensure 'log_connections' is enabled | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.21 Ensure 'log_disconnections' is enabled | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.24 Ensure 'log_line_prefix' is set correctly | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.24 Ensure 'log_line_prefix' is set correctly | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.25 Ensure 'log_statement' is set correctly | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.26 Ensure 'log_timezone' is set correctly | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.26 Ensure 'log_timezone' is set correctly | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - pgaudit installed | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - pgaudit installed | CIS PostgreSQL 10 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - pgaudit installed | CIS PostgreSQL 11 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 4.5 Ensure excessive function privileges are revoked | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.5 Ensure excessive function privileges are revoked | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.7 Ensure Row Level Security (RLS) is configured correctly | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 4.7 Ensure Row Level Security (RLS) is configured correctly | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | ACCESS CONTROL, MEDIA PROTECTION |
| 5.4 Ensure login via "host" TCP/IP Socket is configured correctly | CIS PostgreSQL 13 v1.3.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.5 Ensure per-account connection limits are used | CIS PostgreSQL 17 v1.0.0 L1 PostgreSQL | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.4 Ensure 'SIGHUP' Runtime Parameters are Configured | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.6 Ensure 'User' Runtime Parameters are Configured | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.9 Ensure the TLSv1.0 and TLSv1.1 Protocols are Disabled | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 6.10 Ensure Weak SSL/TLS Ciphers Are Disabled | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure a replication-only user is created and used for streaming replication | CIS PostgreSQL 15 v1.2.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | ACCESS CONTROL |
| 7.1 Ensure a replication-only user is created and used for streaming replication | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | ACCESS CONTROL |
| 7.4 Ensure WAL archiving is configured and functional | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.5 Ensure streaming replication parameters are configured correctly | CIS PostgreSQL 16 v1.1.0 L1 OS Linux PostgreSQLDB | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-002300 - The EDB Postgres Advanced Server must by default shut down upon audit failure, to include the unavailability of space for more audit log records; or must be configurable to shut down upon audit failure. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-003900 - Unused database components which are integrated in the EDB Postgres Advanced Server and cannot be uninstalled must be disabled. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | CONFIGURATION MANAGEMENT |
| PPS9-00-004000 - Access to external executables must be disabled or restricted. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | CONFIGURATION MANAGEMENT |
| PPS9-00-008000 - The EDB Postgres Advanced Server must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75% of maximum audit record storage capacity. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | AUDIT AND ACCOUNTABILITY |
| PPS9-00-008500 - The EDB Postgres Advanced Server must enforce access restrictions associated with changes to the configuration of the EDB Postgres Advanced Server or database(s). | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | CONFIGURATION MANAGEMENT |
| PPS9-00-012700 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to provision digital signatures. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-012900 - The EDB Postgres Advanced Server must implement NIST FIPS 140-2 or 140-3 validated cryptographic modules to protect unclassified information requiring confidentiality and cryptographic protection, in accordance with the requirements of the data owner. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| PPS9-00-013300 - EDB Postgres Advanced Server products must be a version supported by the vendor. | EDB PostgreSQL Advanced Server OS Linux Audit v2r3 | Unix | SYSTEM AND SERVICES ACQUISITION |
| RHEL-09-652040 - RHEL 9 must authenticate the remote logging server for offloading audit logs via rsyslog. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-09-652045 - RHEL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog. | DISA Red Hat Enterprise Linux 9 STIG v2r8 | Unix | AUDIT AND ACCOUNTABILITY |
| RHEL-10-200530 - RHEL 10 must have the "firewalld" package installed. | DISA Red Hat Enterprise Linux 10 STIG v1r1 | Unix | ACCESS CONTROL, CONFIGURATION MANAGEMENT |
