STIGs Search Compare About

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

Browse STIGs
Search
Compare Versions

Resources

About
VPAT
DISA STIG Library

Powered by Pylon

© 2026 Beacon Cloud Solutions, Inc. All rights reserved.

← Back to STIGs

VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide

Version

V1R1

Benchmark ID

VMW_vSphere_8-0_VCSA_PostgreSQL_STIG

Total Checks

20

Tags

databasevmware

CAT I: 2CAT II: 18CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKL Export CSV Export JSON

Checks (20)

V-259166MEDIUMThe vCenter PostgreSQL service must limit the number of concurrent sessions.V-259167MEDIUMThe vCenter PostgreSQL service must enable "pgaudit" to provide audit record generation capabilities.V-259168MEDIUMThe vCenter PostgreSQL service configuration files must not be accessible by unauthorized users.V-259169MEDIUMThe vCenter PostgreSQL service must generate audit records.V-259170MEDIUMThe vCenter PostgreSQL service must initiate session auditing upon startup.V-259171MEDIUMThe vCenter PostgreSQL service must produce logs containing sufficient information to establish what type of events occurred.V-259172MEDIUMThe vCenter PostgreSQL service must be configured to protect log files from unauthorized access.V-259173MEDIUMThe vCenter PostgreSQL service must not load unused database components, software, and database objects.V-259174MEDIUMThe vCenter PostgreSQL service must be configured to use an authorized port.V-259175MEDIUMThe vCenter PostgreSQL service must require authentication on all connections.V-259176HIGHThe vCenter PostgreSQL service must encrypt passwords for user authentication.V-259177HIGHThe vCenter PostgreSQL service must enforce authorized access to all PKI private keys stored/utilized by PostgreSQL.V-259178MEDIUMThe vCenter PostgreSQL service must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.V-259179MEDIUMThe vCenter PostgreSQL service must write log entries to disk prior to returning operation success or failure.V-259180MEDIUMThe vCenter PostgreSQL service must provide nonprivileged users with minimal error information.V-259181MEDIUMThe vCenter PostgreSQL service must have log collection enabled.V-259182MEDIUMThe vCenter PostgreSQL service must use Coordinated Universal Time (UTC) for log timestamps.V-259183MEDIUMThe vCenter PostgreSQL service must log all connection attempts.V-259184MEDIUMThe vCenter PostgreSQL service must log all client disconnections.V-259185MEDIUMThe vCenter PostgreSQL service must off-load audit data to a separate log management facility.