STIGQter: STIG Summary: EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must generate audit records for DoD-defined auditable events.

DISA Rule

SV-224136r557457_rule

Vulnerability Number

V-224136

Group Title

SRG-APP-000091-DB-000066

Rule Version

EP11-00-001200

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.
• CCI-000131 - The information system generates audit records containing information that establishes when an event occurred.
• CCI-000134 - The information system generates audit records containing information that establishes the outcome of the event.
• CCI-001487 - The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event.
• CCI-001814 - The Information system supports auditing of the enforcement actions.

Weight

10

Fix Recommendation

Execute the following SQL as enterprisedb:

ALTER SYSTEM SET edb_audit_statement = 'all';
SELECT pg_reload_conf();

or

Update the system documentation to note the organizationally approved setting and corresponding justification of the setting for this requirement.

Check Contents

Execute the following SQL as enterprisedb:

SHOW edb_audit_statement;

If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.

Vulnerability Number

V-224136

Documentable

False

Rule Version

EP11-00-001200

Severity Override Guidance

Execute the following SQL as enterprisedb:

SHOW edb_audit_statement;

If the result is not "all" or if the current setting for this requirement has not been noted and approved by the organization in the system documentation, this is a finding.

Check Content Reference

M

Target Key

4107

Comments