STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

Audit records must be generated when unsuccessful attempts to modify categorized information (e.g., classification levels/security levels) occur.

DISA Rule

SV-213648r508024_rule

Vulnerability Number

V-213648

Group Title

SRG-APP-000498-DB-000347

Rule Version

PPS9-00-011150

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Execute the following SQL as enterprisedb:

ALTER SYSTEM SET edb_audit_statement = 'all';
SELECT pg_reload_conf();

or

Update the system documentation to note the organizationally approved setting and corresponding justification of the setting for this requirement.

Check Contents

Review the system documentation to determine whether it is required to track categorized information, such as classification or sensitivity level. If it is not, this is not applicable (NA).

Execute the following SQL as enterprisedb:

SHOW edb_audit_statement;

If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.

Vulnerability Number

V-213648

Documentable

False

Rule Version

PPS9-00-011150

Severity Override Guidance

Review the system documentation to determine whether it is required to track categorized information, such as classification or sensitivity level. If it is not, this is not applicable (NA).

Execute the following SQL as enterprisedb:

SHOW edb_audit_statement;

If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.

Check Content Reference

M

Target Key

3988

Comments