STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must implement cryptographic mechanisms to prevent unauthorized modification of organization-defined information at rest (to include, at a minimum, PII and classified information) on organization-defined information system components.

DISA Rule

SV-224206r508023_rule

Vulnerability Number

V-224206

Group Title

SRG-APP-000428-DB-000386

Rule Version

EP11-00-009200

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Do these steps as the Windows user that is the database administrators (default is enterprisedb), if done as a different user, the Windows database administration user will be unable to view this folder and therefore unable to start the database:

Right-click on <postgresql data directory>, select properties, then select the General tab and the Advanced button. Select option to apply to subfolders and files when prompted.

Check Contents

If the application owner and Authorizing Official have determined that encryption of data at rest is not required, this is not a finding.

Right-click on <postgresql data directory>, select properties, then select the General tab and the Advanced button.

If the "Encrypt contents to secure data" check box is not checked, this is a finding.

Vulnerability Number

V-224206

Documentable

False

Rule Version

EP11-00-009200

Severity Override Guidance

If the application owner and Authorizing Official have determined that encryption of data at rest is not required, this is not a finding.

Right-click on <postgresql data directory>, select properties, then select the General tab and the Advanced button.

If the "Encrypt contents to secure data" check box is not checked, this is a finding.

Check Content Reference

M

Target Key

4107

Comments