STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020: STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:SV-233595r617333_rule
V-233595
SRG-APP-000313-DB-000309
CD12-00-009400
CAT II
10
In addition to the SQL-standard privilege system available through GRANT, tables can have row security policies that restrict, on a per-user basis, which rows can be returned by normal queries or inserted, updated, or deleted by data modification commands. This feature is also known as Row-Level Security (RLS).
RLS policies can be very different depending on their use case. For one example of using RLS for Security Labels, see supplementary content APPENDIX-D.
If security labeling is not required, this is not a finding.
First, as the database administrator (shown here as "postgres"), run the following SQL against each table that requires security labels:
$ sudo su - postgres
$ psql -c "\d+ <schema_name>.<table_name>"
If security labeling requirements have been specified, but the security labeling is not implemented or does not reliably maintain labels on information in process, this is a finding.
V-233595
False
CD12-00-009400
If security labeling is not required, this is not a finding.
First, as the database administrator (shown here as "postgres"), run the following SQL against each table that requires security labels:
$ sudo su - postgres
$ psql -c "\d+ <schema_name>.<table_name>"
If security labeling requirements have been specified, but the security labeling is not implemented or does not reliably maintain labels on information in process, this is a finding.
M
5254