UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide


Overview

Date Finding Count (20)
2023-06-15 CAT I (High): 3 CAT II (Med): 16 CAT III (Low): 1
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC III - Administrative Public)

Finding ID Severity Title
V-256602 High VMware Postgres must enforce authorized access to all public key infrastructure (PKI) private keys.
V-256603 High VMware Postgres must use FIPS 140-2 approved Transport Layer Security (TLS) ciphers.
V-256601 High VMware Postgres must be configured to use Transport Layer Security (TLS).
V-256594 Medium VMware Postgres must be configured to overwrite older logs when necessary.
V-256597 Medium VMware Postgres must limit modify privileges to authorized accounts.
V-256592 Medium VMware Postgres log files must contain required fields.
V-256595 Medium The VMware Postgres database must protect log files from unauthorized access and modification.
V-256598 Medium VMware Postgres must be configured to use the correct port.
V-256610 Medium VMware Postgres must use Coordinated Universal Time (UTC) for log timestamps.
V-256596 Medium All vCenter database (VCDB) tables must be owned by the "vc" user account.
V-256604 Medium VMware Postgres must write log entries to disk prior to returning operation success or failure.
V-256605 Medium VMware Postgres must not allow schema access to unauthorized accounts.
V-256606 Medium VMware Postgres must provide nonprivileged users with minimal error information.
V-256607 Medium VMware Postgres must have log collection enabled.
V-256600 Medium The vPostgres database must use "md5" for authentication.
V-256591 Medium VMware Postgres must limit the number of connections.
V-256593 Medium VMware Postgres configuration files must not be accessible by unauthorized users.
V-256608 Medium VMware Postgres must be configured to log to "stderr".
V-256609 Medium "Rsyslog" must be configured to monitor VMware Postgres logs.
V-256599 Low VMware Postgres must require authentication on all connections.