UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide


Overview

Date Finding Count (20)
2023-10-29 CAT I (High): 2 CAT II (Med): 18 CAT III (Low): 0
STIG Description
This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Available Profiles



Findings (MAC I - Mission Critical Sensitive)

Finding ID Severity Title
V-259177 High The vCenter PostgreSQL service must enforce authorized access to all PKI private keys stored/utilized by PostgreSQL.
V-259176 High The vCenter PostgreSQL service must encrypt passwords for user authentication.
V-259168 Medium The vCenter PostgreSQL service configuration files must not be accessible by unauthorized users.
V-259169 Medium The vCenter PostgreSQL service must generate audit records.
V-259185 Medium The vCenter PostgreSQL service must off-load audit data to a separate log management facility.
V-259179 Medium The vCenter PostgreSQL service must write log entries to disk prior to returning operation success or failure.
V-259167 Medium The vCenter PostgreSQL service must enable "pgaudit" to provide audit record generation capabilities.
V-259182 Medium The vCenter PostgreSQL service must use Coordinated Universal Time (UTC) for log timestamps.
V-259183 Medium The vCenter PostgreSQL service must log all connection attempts.
V-259180 Medium The vCenter PostgreSQL service must provide nonprivileged users with minimal error information.
V-259181 Medium The vCenter PostgreSQL service must have log collection enabled.
V-259166 Medium The vCenter PostgreSQL service must limit the number of concurrent sessions.
V-259184 Medium The vCenter PostgreSQL service must log all client disconnections.
V-259178 Medium The vCenter PostgreSQL service must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.
V-259173 Medium The vCenter PostgreSQL service must not load unused database components, software, and database objects.
V-259172 Medium The vCenter PostgreSQL service must be configured to protect log files from unauthorized access.
V-259171 Medium The vCenter PostgreSQL service must produce logs containing sufficient information to establish what type of events occurred.
V-259170 Medium The vCenter PostgreSQL service must initiate session auditing upon startup.
V-259175 Medium The vCenter PostgreSQL service must require authentication on all connections.
V-259174 Medium The vCenter PostgreSQL service must be configured to use an authorized port.