SV-213631r508024_rule
V-213631
SRG-APP-000428-DB-000386
PPS9-00-009200
CAT II
10
Create an encrypted partition to host the "<postgresql data directory>" directory. This can be done at the OS level with a technology such as db-crypt or other encryption technologies provided by third-party tools.
If only certain columns require encryption, use pgcrypt to encrypt those columns as documented here:
http://www.postgresql.org/docs/current/static/pgcrypto.html
Review the system documentation to determine whether the organization has defined the information at rest that is to be protected from modification, which must include, at a minimum, PII and classified information.
If no information is identified as requiring such protection, this is not a finding.
Review the configuration of the DBMS, operating system/file system, and additional software as relevant.
If any of the information defined as requiring cryptographic protection from modification is not encrypted in a manner that provides the required level of protection, this is a finding.
V-213631
False
PPS9-00-009200
Review the system documentation to determine whether the organization has defined the information at rest that is to be protected from modification, which must include, at a minimum, PII and classified information.
If no information is identified as requiring such protection, this is not a finding.
Review the configuration of the DBMS, operating system/file system, and additional software as relevant.
If any of the information defined as requiring cryptographic protection from modification is not encrypted in a manner that provides the required level of protection, this is a finding.
M
3988