last sync: 2025-Jul-08 17:23:11 UTC

Log checkpoints should be enabled for PostgreSQL database servers

Azure BuiltIn Policy definition

Source Azure Portal
Display name Log checkpoints should be enabled for PostgreSQL database servers
Id eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d
Version 1.0.0
Details on versioning
Versioning Versions supported for Versioning: 1
1.0.0
Built-in Versioning [Preview]
Category SQL
Microsoft Learn
Description This policy helps audit any PostgreSQL databases in your environment without log_checkpoints setting enabled.
Cloud environments AzureCloud = true
AzureUSGovernment = true
AzureChinaCloud = unknown
Available in AzUSGov The Policy is available in AzureUSGovernment cloud. Version: '1.*.*'
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.DBforPostgreSQL/servers/configurations/value Microsoft.DBforPostgreSQL servers/configurations properties.value True False
Rule resource types IF (1)
Compliance
The following 15 compliance controls are associated with this Policy definition 'Log checkpoints should be enabled for PostgreSQL database servers' (eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 4 Database Services Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server Shared The customer is responsible for implementing this recommendation. Enable 'log_checkpoints' on 'PostgreSQL Servers'. link 5
CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 4 Database Services Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server Shared The customer is responsible for implementing this recommendation. Enable 'log_checkpoints' on 'PostgreSQL Servers'. link 5
CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 4 Database Services Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server Shared The customer is responsible for implementing this recommendation. Enable 'log_checkpoints' on 'PostgreSQL Servers'. link 5
CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 4.3 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server Shared n/a Enable `log_checkpoints` on `PostgreSQL Servers`. Enabling `log_checkpoints` helps the PostgreSQL Database to `Log each checkpoint` in turn generates query and error logs. However, access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance. link 5
CIS_Azure_Foundations_v3.0.0 5.2.2 CIS_Azure_Foundations_v3.0.0_5.2.2 CIS Azure Foundations v3.0.0 5.2.2 5.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Flexible Server Shared n/a Verify that the server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL flexible servers. This control is crucial for ensuring that checkpoint events are logged, which aids in monitoring database performance and troubleshooting issues. 1
DORA_2022_2554 10.2 DORA_2022_2554_10.2 DORA 2022 2554 10.2 10 Establish Multi-Layered Detection Mechanisms for ICT Incidents Shared n/a Implement detection mechanisms that provide multiple layers of control, defining alert thresholds and criteria to trigger information and communication technology (ICT) related incident response processes. This includes automated alert mechanisms to notify resources managing ICT-related incidents. 57
K_ISMS_P_2018 2.10.1 K_ISMS_P_2018_2.10.1 K ISMS P 2018 2.10.1 2.10 Establish Procedures for Managing the Security of System Operations Shared n/a Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions. 455
K_ISMS_P_2018 2.10.2 K_ISMS_P_2018_2.10.2 K ISMS P 2018 2.10.2 2.10 Establish Protective Measures for Administrator Privileges and Security Configurations Shared n/a Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations. 431
K_ISMS_P_2018 2.11.1 K_ISMS_P_2018_2.11.1 K ISMS P 2018 2.11.1 2.11 Establish Procedures for Managing Internal and External Intrusion Attempts Shared n/a Establish procedures for detecting, analyzing, sharing, and effectively responding to internal and external intrusion attempts to prevent personal information leakage. Additionally, implement a framework for collaboration with relevant external agencies and experts. 82
K_ISMS_P_2018 2.11.3 K_ISMS_P_2018_2.11.3 K ISMS P 2018 2.11.3 2.11 Collect, Monitor, and Analyze Data and Network Traffic Shared n/a Collect, monitor, and analyze data and network traffic to respond to internal or external infringement attempts in a timely manner. 45
K_ISMS_P_2018 2.11.5 K_ISMS_P_2018_2.11.5 K ISMS P 2018 2.11.5 2.11 Establish Procedures to Respond and Recover from Incidents Shared n/a Establish procedures to respond and recover from incidents in a timely manner, including legal obligations for disclosing information. Additional procedures must be established and implemented to prevent recurrence. 82
K_ISMS_P_2018 2.9.2a K_ISMS_P_2018_2.9.2a K ISMS P 2018 2.9.2a 2.9.2a Establish Procedures for Information System Failures Shared n/a Establish procedures to detect, record, analyze, report, and respond to information system failures. 63
K_ISMS_P_2018 2.9.4 K_ISMS_P_2018_2.9.4 K ISMS P 2018 2.9.4 2.9 Maintain Logs and Establish Log Management Procedures Shared n/a Maintain log records for servers, applications, security systems, and networks. Define log types, access permissions, retention periods, and storage methods to ensure secure retention and prevent forgery, alteration, theft, and loss. 61
RBI_ITF_NBFC_v2017 3.1.g RBI_ITF_NBFC_v2017_3.1.g RBI IT Framework 3.1.g Information and Cyber Security Trails-3.1 n/a The IS Policy must provide for a IS framework with the following basic tenets: Trails- NBFCs shall ensure that audit trails exist for IT assets satisfying its business requirements including regulatory and legal requirements, facilitating audit, serving as forensic evidence when required and assisting in dispute resolution. If an employee, for instance, attempts to access an unauthorized section, this improper activity should be recorded in the audit trail. link 33
RMiT_v1.0 11.18 RMiT_v1.0_11.18 RMiT 11.18 Security Operations Centre (SOC) Security Operations Centre (SOC) - 11.18 Shared n/a The SOC must be able to perform the following functions: (a) log collection and the implementation of an event correlation engine with parameter-driven use cases such as Security Information and Event Management (SIEM); (b) incident coordination and response; (c) vulnerability management; (d) threat hunting; (e) remediation functions including the ability to perform forensic artifact handling, malware and implant analysis; and (f) provision of situational awareness to detect adversaries and threats including threat intelligence analysis and operations, and monitoring indicators of compromise (IOC). This includes advanced behavioural analysis to detect signature-less and file-less malware and to identify anomalies that may pose security threats including at endpoints and network layers. link 11
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type polSet in AzUSGov
[Preview]: Control the use of PostgreSql in a Virtual Enclave 5eaa16b4-81f2-4354-aef3-2d77288e396e VirtualEnclaves Preview BuiltIn true
[Preview]: Reserve Bank of India - IT Framework for NBFC 7f89f09c-48c1-f28d-1bd5-84f3fb22f86c Regulatory Compliance Preview BuiltIn unknown
CIS Azure Foundations v3.0.0 470a962c-86a0-433b-803a-3c176b5ce79c Regulatory Compliance GA BuiltIn unknown
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d Regulatory Compliance GA BuiltIn true
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c Regulatory Compliance GA BuiltIn true
CIS Microsoft Azure Foundations Benchmark v1.4.0 c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5 Regulatory Compliance GA BuiltIn unknown
CIS Microsoft Azure Foundations Benchmark v2.0.0 06f19060-9e68-4070-92ca-f15cc126059e Regulatory Compliance GA BuiltIn unknown
DORA 2022 2554 f9c0485f-da8e-43b5-961e-58ebd54b907c Regulatory Compliance GA BuiltIn unknown
K ISMS P 2018 e0782c37-30da-4a78-9f92-50bfe7aa2553 Regulatory Compliance GA BuiltIn unknown
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6 Regulatory Compliance GA BuiltIn unknown
History
Date/Time (UTC ymd) (i) Change type Change detail
2019-10-03 22:58:00 add eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d
JSON compare n/a
JSON
api-version=2021-06-01
EPAC