compliance controls are associated with this Policy definition 'Connection throttling should be enabled for PostgreSQL database servers' (5345bb39-67dc-4960-a1bf-427e16b9a0bd)
| Control Domain |
Control |
Name |
MetadataId |
Category |
Title |
Owner |
Requirements |
Description |
Info |
Policy# |
| CIS_Azure_1.1.0 |
4.17 |
CIS_Azure_1.1.0_4.17 |
CIS Microsoft Azure Foundations Benchmark recommendation 4.17 |
4 Database Services |
Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server |
Shared |
The customer is responsible for implementing this recommendation. |
Enable 'connection_throttling' on 'PostgreSQL Servers'. |
link |
5 |
| CIS_Azure_1.3.0 |
4.3.6 |
CIS_Azure_1.3.0_4.3.6 |
CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 |
4 Database Services |
Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server |
Shared |
The customer is responsible for implementing this recommendation. |
Enable 'connection_throttling' on 'PostgreSQL Servers'. |
link |
5 |
| CIS_Azure_1.4.0 |
4.3.5 |
CIS_Azure_1.4.0_4.3.5 |
CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 |
4 Database Services |
Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server |
Shared |
The customer is responsible for implementing this recommendation. |
Enable 'connection_throttling' on 'PostgreSQL Servers'. |
link |
5 |
| CIS_Azure_2.0.0 |
4.3.5 |
CIS_Azure_2.0.0_4.3.5 |
CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 |
4.3 |
Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server |
Shared |
n/a |
Enable `connection_throttling` on `PostgreSQL Servers`.
Enabling `connection_throttling` helps the PostgreSQL Database to `Set the verbosity of logged messages`. This in turn generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance. |
link |
1 |
| CIS_Azure_Foundations_v3.0.0 |
5.2.3 |
CIS_Azure_Foundations_v3.0.0_5.2.3 |
CIS Azure Foundations v3.0.0 5.2.3 |
5.2 |
Ensure Server Parameter 'connection_throttle.enable' is set to 'ON' for PostgreSQL Flexible Server |
Shared |
n/a |
Verify that the server parameter 'connection_throttle.enable' is set to 'ON' for PostgreSQL flexible servers. This control is essential for managing and limiting the number of concurrent connections to the database, helping to prevent overload and ensuring optimal performance. |
|
1 |
| K_ISMS_P_2018 |
2.10.1 |
K_ISMS_P_2018_2.10.1 |
K ISMS P 2018 2.10.1 |
2.10 |
Establish Procedures for Managing the Security of System Operations |
Shared |
n/a |
Establish and implement operating procedures for managing the security of system operations such as designating system administrators, updating policies, changing rulesets, monitoring events, managing policy implementations or exceptions. |
|
408 |
| K_ISMS_P_2018 |
2.10.2 |
K_ISMS_P_2018_2.10.2 |
K ISMS P 2018 2.10.2 |
2.10 |
Establish Protective Measures for Administrator Privileges and Security Configurations |
Shared |
n/a |
Establish and implement protective measures with regard to administrator privileges and security configurations to ensure that important information and personal information are not exposed as a result of unauthorized access by service type or misconfigurations. |
|
385 |
| K_ISMS_P_2018 |
2.11.1 |
K_ISMS_P_2018_2.11.1 |
K ISMS P 2018 2.11.1 |
2.11 |
Establish Procedures for Managing Internal and External Intrusion Attempts |
Shared |
n/a |
Establish procedures for detecting, analyzing, sharing, and effectively responding to internal and external intrusion attempts to prevent personal information leakage. Additionally, implement a framework for collaboration with relevant external agencies and experts. |
|
57 |
| K_ISMS_P_2018 |
2.11.5 |
K_ISMS_P_2018_2.11.5 |
K ISMS P 2018 2.11.5 |
2.11 |
Establish Procedures to Respond and Recover from Incidents |
Shared |
n/a |
Establish procedures to respond and recover from incidents in a timely manner, including legal obligations for disclosing information. Additional procedures must be established and implemented to prevent recurrence. |
|
57 |
| K_ISMS_P_2018 |
2.9.2a |
K_ISMS_P_2018_2.9.2a |
K ISMS P 2018 2.9.2a |
2.9.2a |
Establish Procedures for Information System Failures |
Shared |
n/a |
Establish procedures to detect, record, analyze, report, and respond to information system failures. |
|
39 |
| New_Zealand_ISM |
18.4.7.C.02 |
New_Zealand_ISM_18.4.7.C.02 |
New_Zealand_ISM_18.4.7.C.02 |
18. Network security |
18.4.7.C.02 Intrusion Detection and Prevention strategy (IDS/IPS) |
|
n/a |
Agencies SHOULD develop, implement and maintain an intrusion detection strategy that includes: appropriate intrusion detection mechanisms, including network-based IDS/IPSs and host-based IDS/IPSs as necessary; the audit analysis of event logs, including IDS/IPS logs; a periodic audit of intrusion detection procedures; information security awareness and training programs; and a documented IRP. |
|
2 |
| NZ_ISM_v3.5 |
NS-7 |
NZ_ISM_v3.5_NS-7 |
NZISM Security Benchmark NS-7 |
Network security |
18.4.7 Intrusion Detection and Prevention strategy (IDS/IPS) |
Customer |
n/a |
An IDS/IPS when configured correctly, kept up to date and supported by appropriate processes, can be an effective way of identifying, responding to and containing known attack types, specific attack profiles or anomalous or suspicious network activities. |
link |
1 |
| RMiT_v1.0 |
10.49 |
RMiT_v1.0_10.49 |
RMiT 10.49 |
Cloud Services |
Cloud Services - 10.49 |
Shared |
n/a |
A financial institution must fully understand the inherent risk of adopting cloud services. In this regard, a financial institution is required to conduct a comprehensive risk assessment prior to cloud adoption which considers the inherent architecture of cloud services that leverages on the sharing of resources and services across multiple tenants over the Internet. The assessment must specifically address risks associated with the following:
(a) sophistication of the deployment model;
(b) migration of existing systems to cloud infrastructure;
(c) location of cloud infrastructure;
(d) multi-tenancy or data co-mingling;
(e) vendor lock-in and application portability or interoperability;
(f) ability to customise security configurations of the cloud infrastructure to ensure a high level of data and technology system protection;
(g) exposure to cyber-attacks via cloud service providers;
(h) termination of a cloud service provider including the ability to secure the financial institution's data following the termination;
(i) demarcation of responsibilities, limitations and liability of the service provider; and
(j) ability to meet regulatory requirements and international standards on cloud computing on a continuing basis. |
link |
5 |