STIGQter STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

PostgreSQL must include additional, more detailed, organization-defined information in the audit records for audit events identified by type, location, or subject.

DISA Rule

SV-214077r508027_rule

Vulnerability Number

V-214077

Group Title

SRG-APP-000101-DB-000044

Rule Version

PGS9-00-003500

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure PostgreSQL audit settings to include all organization-defined detailed information in the audit records for audit events identified by type, location, or subject.

Using pgaudit PostgreSQL can be configured to audit these requests. See supplementary content APPENDIX-B for documentation on installing pgaudit.

To ensure that logging is enabled, review supplementary content APPENDIX-C for instructions on enabling logging.

Check Contents

Review the system documentation to identify what additional information the organization has determined necessary.

Check PostgreSQL settings and existing audit records to verify that all organization-defined additional, more detailed information is in the audit records for audit events identified by type, location, or subject.

If any additional information is defined and is not contained in the audit records, this is a finding.

Vulnerability Number

V-214077

Documentable

False

Rule Version

PGS9-00-003500

Severity Override Guidance

Review the system documentation to identify what additional information the organization has determined necessary.

Check PostgreSQL settings and existing audit records to verify that all organization-defined additional, more detailed information is in the audit records for audit events identified by type, location, or subject.

If any additional information is defined and is not contained in the audit records, this is a finding.

Check Content Reference

M

Target Key

3994

Comments