STIGQter: STIG Summary: EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must utilize centralized management of the content captured in audit records generated by all components of the EDB Postgres Advanced Server.

DISA Rule

SV-224195r508023_rule

Vulnerability Number

V-224195

Group Title

SRG-APP-000356-DB-000314

Rule Version

EP11-00-007700

Severity

CAT II

CCI(s)

• CCI-001844 - The information system provides centralized management and configuration of the content to be captured in audit records generated by organization-defined information system components.

Weight

10

Fix Recommendation

Install a centralized log collecting tool and configure it as instructed in its documentation.

If using PEM, find the instructions at
https://www.enterprisedb.com/docs/en/7.0/pemgetstarted/toc.html

Check Contents

If a centralized log collecting tool such as Postgres Enterprise Manager (PEM) is not installed and configured to automatically collect audit logs, this is a finding.

Review the system documentation for a description of how audit records are off-loaded and how local audit log space is managed.

Vulnerability Number

V-224195

Documentable

False

Rule Version

EP11-00-007700

Severity Override Guidance

If a centralized log collecting tool such as Postgres Enterprise Manager (PEM) is not installed and configured to automatically collect audit logs, this is a finding.

Review the system documentation for a description of how audit records are off-loaded and how local audit log space is managed.

Check Content Reference

M

Target Key

4107

Comments