compliance controls are associated with this Policy definition 'Connection throttling should be enabled for PostgreSQL database servers' (5345bb39-67dc-4960-a1bf-427e16b9a0bd)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| CIS_Azure_1.1.0 |
4.17 |
CIS_Azure_1.1.0_4.17 |
CIS Microsoft Azure Foundations Benchmark recommendation 4.17 |
4 Database Services |
Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server |
Shared |
The customer is responsible for implementing this recommendation. |
Enable 'connection_throttling' on 'PostgreSQL Servers'. |
link |
5 |
| CIS_Azure_1.3.0 |
4.3.6 |
CIS_Azure_1.3.0_4.3.6 |
CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 |
4 Database Services |
Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server |
Shared |
The customer is responsible for implementing this recommendation. |
Enable 'connection_throttling' on 'PostgreSQL Servers'. |
link |
5 |
| CIS_Azure_1.4.0 |
4.3.5 |
CIS_Azure_1.4.0_4.3.5 |
CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 |
4 Database Services |
Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server |
Shared |
The customer is responsible for implementing this recommendation. |
Enable 'connection_throttling' on 'PostgreSQL Servers'. |
link |
5 |
| CIS_Azure_2.0.0 |
4.3.5 |
CIS_Azure_2.0.0_4.3.5 |
CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 |
4.3 |
Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server |
Shared |
n/a |
Enable `connection_throttling` on `PostgreSQL Servers`.
Enabling `connection_throttling` helps the PostgreSQL Database to `Set the verbosity of logged messages`. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance. |
link |
5 |
| New_Zealand_ISM |
18.4.7.C.02 |
New_Zealand_ISM_18.4.7.C.02 |
New_Zealand_ISM_18.4.7.C.02 |
18. Network security |
18.4.7.C.02 Intrusion Detection and Prevention strategy (IDS/IPS) |
|
n/a |
Agencies SHOULD develop, implement and maintain an intrusion detection strategy that includes: appropriate intrusion detection mechanisms, including network-based IDS/IPSs and host-based IDS/IPSs as necessary; the audit analysis of event logs, including IDS/IPS logs; a periodic audit of intrusion detection procedures; information security awareness and training programs; and a documented IRP. |
|
2 |
| NZ_ISM_v3.5 |
NS-7 |
NZ_ISM_v3.5_NS-7 |
NZISM Security Benchmark NS-7 |
Network security |
18.4.7 Intrusion Detection and Prevention strategy (IDS/IPS) |
Customer |
n/a |
An IDS/IPS when configured correctly, kept up to date and supported by appropriate processes, can be an effective way of identifying, responding to and containing known attack types, specific attack profiles or anomalous or suspicious network activities. |
link |
1 |
| RMiT_v1.0 |
10.49 |
RMiT_v1.0_10.49 |
RMiT 10.49 |
Cloud Services |
Cloud Services - 10.49 |
Shared |
n/a |
A financial institution must fully understand the inherent risk of adopting cloud services. In this regard, a financial institution is required to conduct a comprehensive risk assessment prior to cloud adoption which considers the inherent architecture of cloud services that leverages on the sharing of resources and services across multiple tenants over the Internet. The assessment must specifically address risks associated with the following:
(a) sophistication of the deployment model;
(b) migration of existing systems to cloud infrastructure;
(c) location of cloud infrastructure;
(d) multi-tenancy or data co-mingling;
(e) vendor lock-in and application portability or interoperability;
(f) ability to customise security configurations of the cloud infrastructure to ensure a high level of data and technology system protection;
(g) exposure to cyber-attacks via cloud service providers;
(h) termination of a cloud service provider including the ability to secure the financial institution's data following the termination;
(i) demarcation of responsibilities, limitations and liability of the service provider; and
(j) ability to meet regulatory requirements and international standards on cloud computing on a continuing basis. |
link |
5 |