STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The DBMS must generate audit records when categories of information (e.g., classification levels/security levels) are accessed.

DISA Rule

SV-213639r508024_rule

Vulnerability Number

V-213639

Group Title

SRG-APP-000494-DB-000344

Rule Version

PPS9-00-010200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Execute the following SQL as enterprisedb:

ALTER SYSTEM SET edb_audit_statement = 'all';
SELECT pg_reload_conf();

or

Update the system documentation to note the organizationally approved setting and corresponding justification of the setting for this requirement.

Check Contents

Review the system documentation to determine whether it is required to track categorized information, such as classification or sensitivity level. If it is not, this is not applicable (NA).

Execute the following SQL as enterprisedb:

SHOW edb_audit_statement;

If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.

Vulnerability Number

V-213639

Documentable

False

Rule Version

PPS9-00-010200

Severity Override Guidance

Review the system documentation to determine whether it is required to track categorized information, such as classification or sensitivity level. If it is not, this is not applicable (NA).

Execute the following SQL as enterprisedb:

SHOW edb_audit_statement;

If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.

Check Content Reference

M

Target Key

3988

Comments