UCF STIG Viewer Logo

VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide


Date Finding Count (20)
2023-06-15 CAT I (High): 3 CAT II (Med): 16 CAT III (Low): 1
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles

Findings (MAC III - Administrative Sensitive)

Finding ID Severity Title
V-256602 High VMware Postgres must enforce authorized access to all public key infrastructure (PKI) private keys.
V-256603 High VMware Postgres must use FIPS 140-2 approved Transport Layer Security (TLS) ciphers.
V-256601 High VMware Postgres must be configured to use Transport Layer Security (TLS).
V-256594 Medium VMware Postgres must be configured to overwrite older logs when necessary.
V-256597 Medium VMware Postgres must limit modify privileges to authorized accounts.
V-256592 Medium VMware Postgres log files must contain required fields.
V-256595 Medium The VMware Postgres database must protect log files from unauthorized access and modification.
V-256598 Medium VMware Postgres must be configured to use the correct port.
V-256610 Medium VMware Postgres must use Coordinated Universal Time (UTC) for log timestamps.
V-256596 Medium All vCenter database (VCDB) tables must be owned by the "vc" user account.
V-256604 Medium VMware Postgres must write log entries to disk prior to returning operation success or failure.
V-256605 Medium VMware Postgres must not allow schema access to unauthorized accounts.
V-256606 Medium VMware Postgres must provide nonprivileged users with minimal error information.
V-256607 Medium VMware Postgres must have log collection enabled.
V-256600 Medium The vPostgres database must use "md5" for authentication.
V-256591 Medium VMware Postgres must limit the number of connections.
V-256593 Medium VMware Postgres configuration files must not be accessible by unauthorized users.
V-256608 Medium VMware Postgres must be configured to log to "stderr".
V-256609 Medium "Rsyslog" must be configured to monitor VMware Postgres logs.
V-256599 Low VMware Postgres must require authentication on all connections.