STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.

DISA Rule

SV-213603r508024_rule

Vulnerability Number

V-213603

Group Title

SRG-APP-000179-DB-000114

Rule Version

PPS9-00-004900

Severity

CAT I

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

There is no known fix for a FIPS-compliant OpenSSL library on Microsoft Windows at this time.

Configure RHEL OpenSSL as defined in section 9.1 of the RHEL OpenSSL FIPS Compliance documentation here:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1758.pdf

Check Contents

If a FIPS-certified OpenSSL library is not installed and configured, this is a finding.

Run this command to ensure that you are running RHEL: "cat /etc/redhat-release"

Run this command to see the OpenSSL version: "openssl version"

If "/etc/redhat-release" does not show a supported version of Red Hat Enterprise Linux or if the openssl version does not include "-fips" in the version, this is a finding.

Vulnerability Number

V-213603

Documentable

False

Rule Version

PPS9-00-004900

Severity Override Guidance

If a FIPS-certified OpenSSL library is not installed and configured, this is a finding.

Run this command to ensure that you are running RHEL: "cat /etc/redhat-release"

Run this command to see the OpenSSL version: "openssl version"

If "/etc/redhat-release" does not show a supported version of Red Hat Enterprise Linux or if the openssl version does not include "-fips" in the version, this is a finding.

Check Content Reference

M

Target Key

3988

Comments