STIGQter STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

PostgreSQL must implement NIST FIPS 140-2 validated cryptographic modules to generate and validate cryptographic hashes.

DISA Rule

SV-214117r508027_rule

Vulnerability Number

V-214117

Group Title

SRG-APP-000514-DB-000381

Rule Version

PGS9-00-008000

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure OpenSSL to be FIPS compliant.

PostgreSQL uses OpenSSL for cryptographic modules. To configure OpenSSL to be FIPS 140-2 compliant, see the official RHEL Documentation: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html

For more information on configuring PostgreSQL to use SSL, see supplementary content APPENDIX-G.

Check Contents

First, as the system administrator, run the following to see if FIPS is enabled:

$ cat /proc/sys/crypto/fips_enabled

If fips_enabled is not 1, this is a finding.

Vulnerability Number

V-214117

Documentable

False

Rule Version

PGS9-00-008000

Severity Override Guidance

First, as the system administrator, run the following to see if FIPS is enabled:

$ cat /proc/sys/crypto/fips_enabled

If fips_enabled is not 1, this is a finding.

Check Content Reference

M

Target Key

3994

Comments