STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must require users to re-authenticate when organization-defined circumstances or situations require re-authentication.

DISA Rule

SV-213629r508024_rule

Vulnerability Number

V-213629

Group Title

SRG-APP-000389-DB-000372

Rule Version

PPS9-00-008800

Severity

CAT II

CCI(s)

• CCI-002038 - The organization requires users to reauthenticate upon organization-defined circumstances or situations requiring reauthentication.

Weight

10

Fix Recommendation

Determine the organization-defined circumstances or situations that require re-authentication and ensure that the following SQL is executed in those situations. To require a single user to re-authenticate, use this SQL: "select pg_terminate_backend(pid) from pg_stat_activity where user='<username>';" To require all users to re-authenticate, use this SQL: "select pg_terminate_backend(pid) from pg_stat_activity where user like '%';".

Check Contents

If organization-defined circumstances or situations require re-authentication, and these situations are not configured to terminate existing logins to require re-authentication, this is a finding.

Vulnerability Number

V-213629

Documentable

False

Rule Version

PPS9-00-008800

Severity Override Guidance

If organization-defined circumstances or situations require re-authentication, and these situations are not configured to terminate existing logins to require re-authentication, this is a finding.

Check Content Reference

M

Target Key

3988

Comments