STIGQter: STIG Summary: VMW vRealize Operations Manager 6.x PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

vROps PostgreSQL DB contents must be protected from unauthorized and unintended information transfer by enforcement of a data-transfer policy.

DISA Rule

SV-98925r1_rule

Vulnerability Number

V-88275

Group Title

SRG-APP-000243-DB-000128

Rule Version

VROM-PG-000270

Severity

CAT II

CCI(s)

• CCI-001090 - The information system prevents unauthorized and unintended information transfer via shared system resources.

Weight

10

Fix Recommendation

Modify any code used for moving data from production to development/test systems to comply with the organization-defined site data-transfer policy, and to ensure copies of production data are not left in unsecured locations.

Check Contents

Obtain the site data-transfer policy from the ISSO.

Review the policies and procedures used to ensure that all vROps data is being protected from unauthorized and unintended information transformation in accordance with site policy.

If the site data-transfer policy is not followed, this is a finding.

Vulnerability Number

V-88275

Documentable

False

Rule Version

VROM-PG-000270

Severity Override Guidance

Obtain the site data-transfer policy from the ISSO.

Review the policies and procedures used to ensure that all vROps data is being protected from unauthorized and unintended information transformation in accordance with site policy.

If the site data-transfer policy is not followed, this is a finding.

Check Content Reference

M

Target Key

3445

Comments