UCF STIG Viewer Logo

The EDB Postgres Advanced Server must generate audit records when security objects are deleted.


Overview

Finding ID Version Rule ID IA Controls Severity
V-69051 PPS9-00-011400 SV-83655r2_rule Medium
Description
The removal of security objects from the database/DBMS would seriously degrade a system's information assurance posture. If such an event occurs, it must be logged.
STIG Date
EDB Postgres Advanced Server Security Technical Implementation Guide 2017-11-17

Details

Check Text ( C-69525r2_chk )
Execute the following SQL as enterprisedb:

SHOW edb_audit_statement;

If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.
Fix Text (F-75237r2_fix)
Execute the following SQL as enterprisedb:

ALTER SYSTEM SET edb_audit_statement = 'all';
SELECT pg_reload_conf();

or

Update the system documentation to note the organizationally approved setting and corresponding justification of the setting for this requirement.