I can answer that - Oracle and MS SQL do, or at least there were able to convince DISA that they do (STIGs for them are present here: http://iase.disa.mil/stigs/Pages/a-z.aspx). That actually benefits those products greatly - from the point of view of security they, once hardened, meet Federal security requirements and such can be used in multiple products other DBs can't (for that very reason).
??!? The database server has no clue about the difference between an "application that it supports" and a user directly querying. The PSQL shell, or dbadmin, is an 'application that it supports'.
at this point, speaking purely as a interested outsider (I am in no way representing hte PG Development Group), I'd guess PostgreSQL probably doesn't meet 2/3rds of those 'findings'. I truly wonder if any standard RDBMS supports all or even most of them?!?
