STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated 21 hours ago
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to STIGs

VMware vSphere 8.0 vCenter Appliance PostgreSQL Security Technical Implementation Guide

Version

V2R3

Release Date

Jun 2, 2026

SCAP Benchmark ID

VMW_vSphere_8-0_VCSA_PostgreSQL_STIG

Total Checks

18

Tags

databasevmware
CAT I: 1CAT II: 17CAT III: 0

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DOD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil.

Export CKLExport CSVExport JSONDownload STIG ZIP

Checks (18)

V-259166MEDIUMThe vCenter PostgreSQL service must limit the number of concurrent sessions.V-259167MEDIUMThe vCenter PostgreSQL service must enable "pgaudit" to provide audit record generation capabilities.V-259168MEDIUMThe vCenter PostgreSQL service configuration files must not be accessible by unauthorized users.V-259169MEDIUMThe vCenter PostgreSQL service must generate audit records.V-259170MEDIUMThe vCenter PostgreSQL service must initiate session auditing upon startup.V-259171MEDIUMThe vCenter PostgreSQL service must produce logs containing sufficient information to establish what type of events occurred.V-259172MEDIUMThe vCenter PostgreSQL service must be configured to protect log files from unauthorized access.V-259173MEDIUMThe vCenter PostgreSQL service must not load unused database components, software, and database objects.V-259174MEDIUMThe vCenter PostgreSQL service must be configured to use an authorized port.V-259175MEDIUMThe vCenter PostgreSQL service must require authentication on all connections.V-259176HIGHThe vCenter PostgreSQL service must encrypt passwords for user authentication.V-259179MEDIUMThe vCenter PostgreSQL service must write log entries to disk prior to returning operation success or failure.V-259180MEDIUMThe vCenter PostgreSQL service must provide nonprivileged users with minimal error information.V-259181MEDIUMThe vCenter PostgreSQL service must have log collection enabled.V-259182MEDIUMThe vCenter PostgreSQL service must use Coordinated Universal Time (UTC) for log timestamps.V-259183MEDIUMThe vCenter PostgreSQL service must log all connection attempts.V-259184MEDIUMThe vCenter PostgreSQL service must log all client disconnections.V-259185MEDIUMThe vCenter PostgreSQL service must off-load audit data to a separate log management facility.