| V-259176 | | The vCenter PostgreSQL service must encrypt passwords for user authentication. | The DOD standard for authentication is DOD-approved PKI certificates.
Authentication based on User ID and Password may be used only when it is not po... |
| V-259177 | | The vCenter PostgreSQL service must enforce authorized access to all PKI private keys stored/utilized by PostgreSQL. | The DOD standard for authentication is DOD-approved PKI certificates. PKI certificate-based authentication is performed by requiring the certificate h... |
| V-259166 | | The vCenter PostgreSQL service must limit the number of concurrent sessions. | Database management includes the ability to control the number of users and user sessions utilizing a database management system (DBMS). Unlimited con... |
| V-259167 | | The vCenter PostgreSQL service must enable "pgaudit" to provide audit record generation capabilities. | Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or... |
| V-259168 | | The vCenter PostgreSQL service configuration files must not be accessible by unauthorized users. | Without the capability to restrict which roles and individuals can select which events are audited, unauthorized personnel may be able to prevent or i... |
| V-259169 | | The vCenter PostgreSQL service must generate audit records. | Under some circumstances, it may be useful to monitor who/what is reading privilege/permission/role information. Therefore, it must be possible to con... |
| V-259170 | | The vCenter PostgreSQL service must initiate session auditing upon startup. | Session auditing is for use when a user's activities are under investigation. To be sure of capturing all activity during those periods when session a... |
| V-259171 | | The vCenter PostgreSQL service must produce logs containing sufficient information to establish what type of events occurred. | Information system auditing capability is critical for accurate forensic analysis. Without establishing what type of event occurred, it would be diffi... |
| V-259172 | | The vCenter PostgreSQL service must be configured to protect log files from unauthorized access. | If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity i... |
| V-259173 | | The vCenter PostgreSQL service must not load unused database components, software, and database objects. | Information systems are capable of providing a wide variety of functions and services. Some of the functions and services, provided by default, may no... |
| V-259174 | | The vCenter PostgreSQL service must be configured to use an authorized port. | In order to prevent unauthorized connection of devices, unauthorized transfer of information, or unauthorized tunneling (i.e., embedding of data types... |
| V-259175 | | The vCenter PostgreSQL service must require authentication on all connections. | To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and... |
| V-259178 | | The vCenter PostgreSQL service must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values. | One class of man-in-the-middle, or session hijacking, attack involves the adversary guessing at valid session identifiers based on patterns in identif... |
| V-259179 | | The vCenter PostgreSQL service must write log entries to disk prior to returning operation success or failure. | Failure to a known secure state helps prevent a loss of confidentiality, integrity, or availability in the event of a failure of the information syste... |
| V-259180 | | The vCenter PostgreSQL service must provide nonprivileged users with minimal error information. | Any DBMS or associated application providing too much information in error messages on the screen or printout risks compromising the data and security... |
| V-259181 | | The vCenter PostgreSQL service must have log collection enabled. | Without the ability to centrally manage the content captured in the audit records, identification, troubleshooting, and correlation of suspicious beha... |
| V-259182 | | The vCenter PostgreSQL service must use Coordinated Universal Time (UTC) for log timestamps. | If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis.
Time stamps generate... |
| V-259183 | | The vCenter PostgreSQL service must log all connection attempts. | For completeness of forensic analysis, it is necessary to track successful and failed attempts to log on to PostgreSQL. Setting "log_connections" to "... |
| V-259184 | | The vCenter PostgreSQL service must log all client disconnections. | Disconnection may be initiated by the user or forced by the system (as in a timeout) or result from a system or network failure. To the greatest exten... |
| V-259185 | | The vCenter PostgreSQL service must off-load audit data to a separate log management facility. | Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
Off-loading is a common process in information s... |
