Skip to content
Log In

EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000119-DB-000060

    Group
    Show

  • The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized modification.

    If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracit...
    Rule Medium Severity
    Show

  • SRG-APP-000120-DB-000061

    Group
    Show

  • The audit information produced by the EDB Postgres Advanced Server must be protected from unauthorized deletion.

    If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is impossible to achieve. To ensure the veracit...
    Rule Medium Severity
    Show

  • SRG-APP-000121-DB-000202

    Group
    Show

  • SRG-APP-000122-DB-000203

    Group
    Show

  • The EDB Postgres Advanced Server must protect its audit configuration from unauthorized modification.

    Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on au...
    Rule Medium Severity
    Show

  • SRG-APP-000123-DB-000204

    Group
    Show

  • The EDB Postgres Advanced Server must protect its audit features from unauthorized removal.

    Protecting audit data also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on au...
    Rule Medium Severity
    Show

  • SRG-APP-000133-DB-000179

    Group
    Show

  • Software, applications, and configuration files that are part of, or related to, the Postgres Plus Advanced Server installation must be monitored to discover unauthorized changes.

    If the system were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robus...
    Rule Medium Severity
    Show

  • SRG-APP-000133-DB-000179

    Group
    Show

  • SRG-APP-000133-DB-000198

    Group
    Show

  • SRG-APP-000133-DB-000199

    Group
    Show

  • Database software, including EDB Postgres Advanced Server configuration files, must be stored in dedicated directories, separate from the host OS and other applications.

    When dealing with change control issues, it should be noted any changes to the hardware, software, and/or firmware components of the information system and/or application can potentially have signi...
    Rule Medium Severity
    Show

  • SRG-APP-000133-DB-000200

    Group
    Show

  • SRG-APP-000133-DB-000362

    Group
    Show

  • SRG-APP-000141-DB-000090

    Group
    Show

  • Default, demonstration and sample databases, database objects, and applications must be removed.

    Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizatio...
    Rule Medium Severity
    Show

  • SRG-APP-000141-DB-000091

    Group
    Show

  • Unused database components, EDB Postgres Advanced Server software, and database objects must be removed.

    Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may not be necessary to support essential organizatio...
    Rule Medium Severity
    Show

  • SRG-APP-000141-DB-000092

    Group
    Show

  • SRG-APP-000141-DB-000093

    Group
    Show

  • SRG-APP-000142-DB-000094

    Group
    Show

  • The EDB Postgres Advanced Server must be configured to prohibit or restrict the use of organization-defined functions, ports, protocols, and/or services, as defined in the PPSM CAL and vulnerability assessments.

    In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within data types), organizations must disable...
    Rule Medium Severity
    Show

  • SRG-APP-000148-DB-000103

    Group
    Show

  • The EDB Postgres Advanced Server must uniquely identify and authenticate organizational users (or processes acting on behalf of organizational users).

    To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. Organizational user...
    Rule Medium Severity
    Show

  • SRG-APP-000164-DB-000401

    Group
    Show

  • If DBMS authentication, using passwords, is employed, EDB Postgres Advanced Server must enforce the DoD standards for password complexity and lifetime.

    OS/enterprise authentication and identification must be used (SRG-APP-000023-DB-000001). Native DBMS authentication may be used only when circumstances make it unavoidable; and must be documented a...
    Rule High Severity
    Show

  • SRG-APP-000171-DB-000074

    Group
    Show

  • SRG-APP-000172-DB-000075

    Group
    Show

  • If passwords are used for authentication, the EDB Postgres Advanced Server must transmit only encrypted representations of passwords.

    The DoD standard for authentication is DoD-approved PKI certificates. Authentication based on User ID and Password may be used only when it is not possible to employ a PKI certificate, and require...
    Rule High Severity
    Show

  • SRG-APP-000175-DB-000067

    Group
    Show

  • SRG-APP-000176-DB-000068

    Group
    Show

  • The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/utilized by the EDB Postgres Advanced Server.

    The DoD standard for authentication is DoD-approved PKI certificates. PKI certificate-based authentication is performed by requiring the certificate holder to cryptographically prove possession of ...
    Rule High Severity
    Show

  • SRG-APP-000178-DB-000083

    Group
    Show

  • SRG-APP-000178-DB-000083

    Group
    Show

  • When using command-line tools such as psql, users must use a logon method that does not expose the password.

    To prevent the compromise of authentication information, such as passwords and PINs, during the authentication process, the feedback from the information system must not provide any information tha...
    Rule High Severity
    Show

  • SRG-APP-000516-DB-000363

    Group
    Show

  • The EDB Postgres Advanced Server password file must not be used.

    The EDB Postgres password file can contain passwords to be used if the connection allows a password (and no password has been specified otherwise). This file contain lines of the following format...
    Rule Medium Severity
    Show

  • SRG-APP-000179-DB-000114

    Group
    Show

  • The EDB Postgres Advanced Server must use NIST FIPS 140-2 or 140-3 validated cryptographic modules for all cryptographic operations including generation of cryptographic hashes and data protection.

    Use of weak or not validated cryptographic algorithms undermines the purposes of utilizing encryption and digital signatures to protect data. Weak algorithms can be easily broken and not validated ...
    Rule High Severity
    Show

  • SRG-APP-000180-DB-000115

    Group
    Show

  • The DBMS must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

    Non-organizational users include all information system users other than organizational users, which include organizational employees or individuals the organization deems to have equivalent status...
    Rule Medium Severity
    Show

  • SRG-APP-000211-DB-000122

    Group
    Show

  • SRG-APP-000226-DB-000147

    Group
    Show

  • In the event of a system failure, the DBMS must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.

    Failure to a known state can address safety or security in accordance with the mission/business needs of the organization. Failure to a known secure state helps prevent a loss of confidentiality, ...
    Rule Medium Severity
    Show

  • SRG-APP-000231-DB-000154

    Group
    Show

  • The EDB Postgres Advanced Server must protect the confidentiality and integrity of all information at rest.

    This control is intended to address the confidentiality and integrity of information at rest in non-mobile devices and covers user information and system information. Information at rest refers to ...
    Rule High Severity
    Show

  • SRG-APP-000233-DB-000124

    Group
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules