STIGhubSTIGhub
STIGsSearchCompareAbout

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • VPAT
  • DISA STIG Library
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to STIGs

VMware vSphere 7.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide

Version

V1R2

Benchmark ID

VMW_vSphere_7-0_vCA_PostgreSQL_STIG

Total Checks

20

Tags

databasevmware
CAT I: 3CAT II: 16CAT III: 1

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSON

Checks (20)

V-256591MEDIUMVMware Postgres must limit the number of connections.V-256592MEDIUMVMware Postgres log files must contain required fields.V-256593MEDIUMVMware Postgres configuration files must not be accessible by unauthorized users.V-256594MEDIUMVMware Postgres must be configured to overwrite older logs when necessary.V-256595MEDIUMThe VMware Postgres database must protect log files from unauthorized access and modification.V-256596MEDIUMAll vCenter database (VCDB) tables must be owned by the "vc" user account.V-256597MEDIUMVMware Postgres must limit modify privileges to authorized accounts.V-256598MEDIUMVMware Postgres must be configured to use the correct port.V-256599LOWVMware Postgres must require authentication on all connections.V-256600MEDIUMThe vPostgres database must use "md5" for authentication.V-256601HIGHVMware Postgres must be configured to use Transport Layer Security (TLS).V-256602HIGHVMware Postgres must enforce authorized access to all public key infrastructure (PKI) private keys.V-256603HIGHVMware Postgres must use FIPS 140-2 approved Transport Layer Security (TLS) ciphers.V-256604MEDIUMVMware Postgres must write log entries to disk prior to returning operation success or failure.V-256605MEDIUMVMware Postgres must not allow schema access to unauthorized accounts.V-256606MEDIUMVMware Postgres must provide nonprivileged users with minimal error information.V-256607MEDIUMVMware Postgres must have log collection enabled.V-256608MEDIUMVMware Postgres must be configured to log to "stderr".V-256609MEDIUM"Rsyslog" must be configured to monitor VMware Postgres logs.V-256610MEDIUMVMware Postgres must use Coordinated Universal Time (UTC) for log timestamps.