STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.

DISA Rule

SV-213631r508024_rule

Vulnerability Number

V-213631

Group Title

SRG-APP-000428-DB-000386

Rule Version

PPS9-00-009200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Create an encrypted partition to host the "<postgresql data directory>" directory. This can be done at the OS level with a technology such as db-crypt or other encryption technologies provided by third-party tools.

If only certain columns require encryption, use pgcrypt to encrypt those columns as documented here:

http://www.postgresql.org/docs/current/static/pgcrypto.html

Check Contents

Review the system documentation to determine whether the organization has defined the information at rest that is to be protected from modification, which must include, at a minimum, PII and classified information.

If no information is identified as requiring such protection, this is not a finding.

Review the configuration of the DBMS, operating system/file system, and additional software as relevant.

If any of the information defined as requiring cryptographic protection from modification is not encrypted in a manner that provides the required level of protection, this is a finding.

Vulnerability Number

V-213631

Documentable

False

Rule Version

PPS9-00-009200

Severity Override Guidance

Review the system documentation to determine whether the organization has defined the information at rest that is to be protected from modification, which must include, at a minimum, PII and classified information.

If no information is identified as requiring such protection, this is not a finding.

Review the configuration of the DBMS, operating system/file system, and additional software as relevant.

If any of the information defined as requiring cryptographic protection from modification is not encrypted in a manner that provides the required level of protection, this is a finding.

Check Content Reference

M

Target Key

3988

Comments