Skip to content
Log In

VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000001-DB-000031

    Group
    Show

  • SRG-APP-000089-DB-000064

    Group
    Show

  • The vCenter PostgreSQL service must enable "pgaudit" to provide audit record generation capabilities.

    Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit rec...
    Rule Medium Severity
    Show

  • SRG-APP-000090-DB-000065

    Group
    Show

  • The vCenter PostgreSQL service configuration files must not be accessible by unauthorized users.

    Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent or interfere with the auditing of critical events. ...
    Rule Medium Severity
    Show

  • SRG-APP-000091-DB-000066

    Group
    Show

  • SRG-APP-000092-DB-000208

    Group
    Show

  • The vCenter PostgreSQL service must initiate session auditing upon startup.

    Session auditing is for use when a user's activities are under investigation. To be sure of capturing all activity during those periods when session auditing is in use, it needs to be in operation ...
    Rule Medium Severity
    Show

  • SRG-APP-000095-DB-000039

    Group
    Show

  • SRG-APP-000118-DB-000059

    Group
    Show

  • The vCenter PostgreSQL service must be configured to protect log files from unauthorized access.

    If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. In ...
    Rule Medium Severity
    Show

  • SRG-APP-000141-DB-000091

    Group
    Show

  • The vCenter PostgreSQL service must not load unused database components, software, and database objects.

    Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizatio...
    Rule Medium Severity
    Show

  • SRG-APP-000142-DB-000094

    Group
    Show

  • The vCenter PostgreSQL service must be configured to use an authorized port.

    In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable...
    Rule Medium Severity
    Show

  • SRG-APP-000148-DB-000103

    Group
    Show

  • SRG-APP-000171-DB-000074

    Group
    Show

  • SRG-APP-000176-DB-000068

    Group
    Show

  • The vCenter PostgreSQL service must enforce authorized access to all PKI private keys stored/utilized by PostgreSQL.

    The DOD standard for authentication is DOD-approved PKI certificates. PKI certificate-based authentication is performed by requiring the certificate holder to cryptographically prove possession of ...
    Rule High Severity
    Show

  • SRG-APP-000224-DB-000384

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules