| 1.1 Ensure packages are obtained from authorized repositories | CIS PostgreSQL 16 OS v1.0.0 | Unix | CONFIGURATION MANAGEMENT, MAINTENANCE |
| 1.1.1.1 Ensure mounting of cramfs filesystems is disabled - lsmod | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.2 Ensure mounting of freevxfs filesystems is disabled - /etc/modprobe.d/CIS.conf | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.1.7 Ensure mounting of udf filesystems is disabled - /etc/modprobe.d/CIS.conf | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.1.18 Ensure sticky bit is set on all world-writable directories | CIS Amazon Linux v2.1.0 L1 | Unix | ACCESS CONTROL |
| 1.1.19 Disable Automounting | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.2 Ensure Installation of Binary Packages | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | CONFIGURATION MANAGEMENT |
| 1.2.3 Ensure gpgcheck is globally activated | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.3 Ensure Installation of Community Packages | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.5.2 Ensure XD/NX support is enabled | CIS Amazon Linux v2.1.0 L1 | Unix | SYSTEM AND INFORMATION INTEGRITY |
| 1.7.1.4 Ensure permissions on /etc/motd are configured | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.5 Ensure permissions on /etc/issue are configured | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 1.7.1.6 Ensure permissions on /etc/issue.net are configured | CIS Amazon Linux v2.1.0 L1 | Unix | CONFIGURATION MANAGEMENT |
| 3.1.4 Ensure the log file destination directory is set correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.7 Ensure 'log_truncate_on_rotation' is enabled | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.9 Ensure the maximum log file size is set correctly | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.10 Ensure the correct syslog facility is selected | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.10 Ensure the correct syslog facility is selected | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.11 Ensure syslog messages are not suppressed | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.14 Ensure the correct messages are written to the server log | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.14 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.15 Ensure the correct SQL statements generating errors are recorded | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.19 Ensure 'debug_pretty_print' is enabled | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.20 Ensure 'log_error_verbosity' is set correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.21 Ensure 'log_disconnections' is enabled | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.21 Ensure 'log_hostname' is set correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.22 Ensure 'log_error_verbosity' is set correctly | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.1.26 Ensure 'log_timezone' is set correctly | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 3.2 Ensure the PostgreSQL Audit Extension (pgAudit) is enabled - audit.log | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | AUDIT AND ACCOUNTABILITY |
| 4.2 Ensure excessive administrative privileges are revoked | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | ACCESS CONTROL |
| 4.2 Ensure valid public keys are installed | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 4.4 Ensure excessive DML privileges are revoked | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT, SYSTEM AND SERVICES ACQUISITION |
| 4.4 Ensure excessive DML privileges are revoked | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 4.5 Ensure Row Level Security (RLS) is configured correctly | CIS PostgreSQL 9.6 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 5.1 Ensure login via 'local' UNIX Domain Socket is configured correctly | CIS PostgreSQL 16 OS v1.0.0 | Unix | IDENTIFICATION AND AUTHENTICATION |
| 5.3 Ensure Password Complexity is configured | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | IDENTIFICATION AND AUTHENTICATION |
| 6.3 Ensure 'Postmaster' Runtime Parameters are Configured | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.5 Ensure 'Superuser' Runtime Parameters are Configured | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.6 Ensure 'User' Runtime Parameters are Configured | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 6.7 Ensure FIPS 140-2 OpenSSL Cryptography Is Used - openssl version | CIS PostgreSQL 9.5 OS v1.1.0 | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 7.1 Ensure a replication-only user is created and used for streaming replication | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 7.2 Ensure logging of replication commands is configured | CIS PostgreSQL 16 DB v1.0.0 | PostgreSQLDB | ACCESS CONTROL |
| 7.3 Ensure base backups are configured and functional | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | CONTINGENCY PLANNING |
| 7.3 Ensure base backups are configured and functional | CIS PostgreSQL 15 OS v1.1.0 | Unix | CONTINGENCY PLANNING |
| 7.5 Ensure streaming replication parameters are configured correctly | CIS PostgreSQL 15 DB v1.1.0 | PostgreSQLDB | ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION |
| 8.2 Ensure PostgreSQL subdirectory locations are outside the data cluster | CIS PostgreSQL 9.5 DB v1.1.0 | PostgreSQLDB | CONFIGURATION MANAGEMENT |
| 8.2 Ensure the backup and restore tool, 'pgBackRest', is installed and configured | CIS PostgreSQL 16 OS v1.0.0 | Unix | CONTINGENCY PLANNING |
| 8.3 Ensure the backup and restore tool, 'pgBackRest', is installed and configured | CIS PostgreSQL 9.6 OS v1.0.0 | Unix | CONTINGENCY PLANNING |
