STIGQter: STIG Summary: VMW vRealize Automation 7.x PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

Data from the vRA PostgreSQL database must be protected from unauthorized transfer.

DISA Rule

SV-100031r1_rule

Vulnerability Number

V-89381

Group Title

SRG-APP-000243-DB-000128

Rule Version

VRAU-PG-000220

Severity

CAT II

CCI(s)

• CCI-001090 - The information system prevents unauthorized and unintended information transfer via shared system resources.

Weight

10

Fix Recommendation

Modify any code used for moving data from production to development/test systems to comply with the organization-defined data transfer policy, and to ensure copies of production data are not left in unsecured locations.

Check Contents

Obtain the site data-transfer policy from the ISSO.

Review the policies and procedures used to ensure that all vRA data are being protected from unauthorized and unintended information transformation in accordance with site policy.

If the site data-transfer policy is not followed, this is a finding.

Vulnerability Number

V-89381

Documentable

False

Rule Version

VRAU-PG-000220

Severity Override Guidance

Obtain the site data-transfer policy from the ISSO.

Review the policies and procedures used to ensure that all vRA data are being protected from unauthorized and unintended information transformation in accordance with site policy.

If the site data-transfer policy is not followed, this is a finding.

Check Content Reference

M

Target Key

3443

Comments