UCF STIG Viewer Logo

The EDB Postgres Advanced Server must generate audit records when security objects are deleted.


Finding ID Version Rule ID IA Controls Severity
V-213651 PPS9-00-011400 SV-213651r508024_rule Medium
The removal of security objects from the database/DBMS would seriously degrade a system's information assurance posture. If such an event occurs, it must be logged.
EDB Postgres Advanced Server Security Technical Implementation Guide 2022-06-13


Check Text ( C-14873r290265_chk )
Execute the following SQL as enterprisedb:

SHOW edb_audit_statement;

If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.
Fix Text (F-14871r290266_fix)
Execute the following SQL as enterprisedb:

ALTER SYSTEM SET edb_audit_statement = 'all';
SELECT pg_reload_conf();


Update the system documentation to note the organizationally approved setting and corresponding justification of the setting for this requirement.