Skip to content
Log In

VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000001-DB-000031

    Group
    Show

  • The vCenter PostgreSQL service must limit the number of concurrent sessions.

    Database management includes the ability to control the number of users and user sessions utilizing a database management system (DBMS). Unlimited concurrent connections to the DBMS could allow a s...
    Rule Medium Severity
    Show

  • SRG-APP-000089-DB-000064

    Group
    Show

  • The vCenter PostgreSQL service must enable "pgaudit" to provide audit record generation capabilities.

    Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit rec...
    Rule Medium Severity
    Show

  • SRG-APP-000090-DB-000065

    Group
    Show

  • The vCenter PostgreSQL service configuration files must not be accessible by unauthorized users.

    Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent or interfere with the auditing of critical events. ...
    Rule Medium Severity
    Show

  • SRG-APP-000091-DB-000066

    Group
    Show

  • SRG-APP-000092-DB-000208

    Group
    Show

  • The vCenter PostgreSQL service must initiate session auditing upon startup.

    Session auditing is for use when a user's activities are under investigation. To be sure of capturing all activity during those periods when session auditing is in use, it needs to be in operation ...
    Rule Medium Severity
    Show

  • SRG-APP-000095-DB-000039

    Group
    Show

  • SRG-APP-000118-DB-000059

    Group
    Show

  • The vCenter PostgreSQL service must be configured to protect log files from unauthorized access.

    If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. In ...
    Rule Medium Severity
    Show

  • SRG-APP-000141-DB-000091

    Group
    Show

  • The vCenter PostgreSQL service must not load unused database components, software, and database objects.

    Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizatio...
    Rule Medium Severity
    Show

  • SRG-APP-000142-DB-000094

    Group
    Show

  • SRG-APP-000148-DB-000103

    Group
    Show

  • SRG-APP-000171-DB-000074

    Group
    Show

  • The vCenter PostgreSQL service must encrypt passwords for user authentication.

    The DOD standard for authentication is DOD-approved PKI certificates. Authentication based on User ID and Password may be used only when it is not possible to employ a PKI certificate and requires...
    Rule High Severity
    Show

  • SRG-APP-000226-DB-000147

    Group
    Show

  • The vCenter PostgreSQL service must write log entries to disk prior to returning operation success or failure.

    Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information system or a component of the system. Preserving syst...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules