| V-256601 | | VMware Postgres must be configured to use Transport Layer Security (TLS). | The DOD standard for authentication is DOD-approved public key infrastructure (PKI) certificates. Authentication based on user ID and password may be ... |
| V-256602 | | VMware Postgres must enforce authorized access to all public key infrastructure (PKI) private keys. | The DOD standard for authentication is DOD-approved PKI certificates. PKI certificate-based authentication is performed by requiring the certificate h... |
| V-256603 | | VMware Postgres must use FIPS 140-2 approved Transport Layer Security (TLS) ciphers. | Use of weak or unvalidated cryptographic algorithms undermines the purposes of using encryption and digital signatures to protect data. Weak algorithm... |
| V-256591 | | VMware Postgres must limit the number of connections. | Database management includes the ability to control the number of users and user sessions utilizing a database management system (DBMS). Unlimited con... |
| V-256592 | | VMware Postgres log files must contain required fields. | Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or... |
| V-256593 | | VMware Postgres configuration files must not be accessible by unauthorized users. | VMware Postgres has a few configuration files that directly control the security posture of the database management system (DBMS). Protecting these fi... |
| V-256594 | | VMware Postgres must be configured to overwrite older logs when necessary. | Without proper configuration, log files for VMware Postgres can grow without bound, filling the partition and potentially affecting the availability o... |
| V-256595 | | The VMware Postgres database must protect log files from unauthorized access and modification. | If audit data were to become compromised, competent forensic analysis and discovery of the true source of potentially malicious system activity would ... |
| V-256596 | | All vCenter database (VCDB) tables must be owned by the "vc" user account. | Within the database, object ownership implies full privileges to the owned object, including the privilege to assign access to the owned objects to ot... |
| V-256597 | | VMware Postgres must limit modify privileges to authorized accounts. | If VMware Postgres were to allow any user to make changes to database structure or logic, those changes might be implemented without undergoing the ap... |
| V-256598 | | VMware Postgres must be configured to use the correct port. | To prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types within d... |
| V-256600 | | The vPostgres database must use "md5" for authentication. | The DOD standard for authentication is DOD-approved public key infrastructure (PKI) certificates.
Authentication based on user ID and password may be... |
| V-256604 | | VMware Postgres must write log entries to disk prior to returning operation success or failure. | Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information syste... |
| V-256605 | | VMware Postgres must not allow schema access to unauthorized accounts. | Database management systems typically separate security functionality from nonsecurity functionality via separate databases or schemas. Database objec... |
| V-256606 | | VMware Postgres must provide nonprivileged users with minimal error information. | Any database management system (DBMS) or associated application providing too much information in error messages on the screen or printout risks compr... |
| V-256607 | | VMware Postgres must have log collection enabled. | Without the ability to centrally manage the content captured in the audit records, identification, troubleshooting, and correlation of suspicious beha... |
| V-256608 | | VMware Postgres must be configured to log to "stderr". | Without the ability to centrally manage the content captured in the audit records, identification, troubleshooting, and correlation of suspicious beha... |
| V-256609 | | "Rsyslog" must be configured to monitor VMware Postgres logs. | For performance reasons, "rsyslog" file monitoring is preferred over configuring VMware Postgres to send events to a "syslog" facility. Without ensuri... |
| V-256610 | | VMware Postgres must use Coordinated Universal Time (UTC) for log timestamps. | If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis. Time stamps generated... |
| V-256599 | | VMware Postgres must require authentication on all connections. | To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and... |
