STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.

DISA Rule

SV-213667r508024_rule

Vulnerability Number

V-213667

Group Title

SRG-APP-000515-DB-000318

Rule Version

PPS9-00-013000

Severity

CAT II

CCI(s)

• CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

10

Fix Recommendation

Install PEM and configure the centralized audit manager as documented here: http://www.enterprisedb.com/docs/en/5.0/pemgetstarted/PEM_Getting_Started_Guide.1.32.html#

If another tool other than PEM is used, configure it to meet this requirement.

Check Contents

If Postgres Enterprise Manager (PEM) or another log collection tool is not installed and configured to automatically collect audit logs, this is a finding.

Review the system documentation for a description of how audit records are off-loaded and how local audit log space is managed.

Vulnerability Number

V-213667

Documentable

False

Rule Version

PPS9-00-013000

Severity Override Guidance

If Postgres Enterprise Manager (PEM) or another log collection tool is not installed and configured to automatically collect audit logs, this is a finding.

Review the system documentation for a description of how audit records are off-loaded and how local audit log space is managed.

Check Content Reference

M

Target Key

3988

Comments