Crunchy Data PostgreSQL Security Technical Implementation Guide

SRG-APP-000499-DB-000331

SRG-APP-000091-DB-000066

SRG-APP-000357-DB-000316

SRG-APP-000090-DB-000065

SRG-APP-000503-DB-000350

PostgreSQL must generate audit records when successful logons or connections occur.

SRG-APP-000099-DB-000043

PostgreSQL must produce audit records containing sufficient information to establish the outcome (success or failure) of the events.

SRG-APP-000456-DB-000390

Security-relevant software updates to PostgreSQL must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

SRG-APP-000119-DB-000060

The audit information produced by PostgreSQL must be protected from unauthorized modification.

SRG-APP-000023-DB-000001

SRG-APP-000501-DB-000336

PostgreSQL must generate audit records when security objects are deleted.

SRG-APP-000091-DB-000325

PostgreSQL must initiate session auditing upon startup.

PostgreSQL must integrate with an organization-level authentication/access mechanism providing account management and automation for all users, groups, roles, and any other principals.

SRG-APP-000266-DB-000162

PostgreSQL must provide non-privileged users with error messages that provide information necessary for corrective actions without revealing information that could be exploited by adversaries.

SRG-APP-000133-DB-000179

Privileges to change PostgreSQL software modules must be limited.

SRG-APP-000133-DB-000179

PostgreSQL must limit privileges to change functions and triggers, and links to software external to PostgreSQL.

SRG-APP-000172-DB-000075

If passwords are used for authentication, PostgreSQL must transmit only encrypted representations of passwords.

SRG-APP-000033-DB-000084

SRG-APP-000428-DB-000386

PostgreSQL must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.

SRG-APP-000314-DB-000310

PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in transmission.

SRG-APP-000001-DB-000031

PostgreSQL must limit the number of concurrent sessions to an organization-defined number per user for all accounts and/or account types.

SRG-APP-000133-DB-000362

The role(s)/group(s) used to modify database structure (including but not necessarily limited to tables, indexes, storage, etc.) and logic modules (functions, trigger procedures, links to software external to PostgreSQL, etc.) must be restricted to authorized users.

SRG-APP-000180-DB-000115

PostgreSQL must uniquely identify and authenticate non-organizational users (or processes acting on behalf of non-organizational users).

SRG-APP-000311-DB-000308

PostgreSQL must associate organization-defined types of security labels having organization-defined security label values with information in storage.

SRG-APP-000251-DB-000160

PostgreSQL must check the validity of all data inputs except those specifically identified by the organization.

SRG-APP-000251-DB-000391

PostgreSQL and associated applications must reserve the use of dynamic code execution for situations that require it.

SRG-APP-000251-DB-000392

PostgreSQL and associated applications, when making use of dynamic code execution, must scan input data for invalid values that may indicate a code injection attack.

PostgreSQL must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

SRG-APP-000328-DB-000301

PostgreSQL must enforce discretionary access control policies, as defined by the data owner, over defined subjects and objects.

SRG-APP-000120-DB-000061

The audit information produced by PostgreSQL must be protected from unauthorized deletion.