STIGQter STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

Security-relevant software updates to PostgreSQL must be installed within the time period directed by an authoritative source (e.g., IAVM, CTOs, DTMs, and STIGs).

DISA Rule

SV-214050r508027_rule

Vulnerability Number

V-214050

Group Title

SRG-APP-000456-DB-000390

Rule Version

PGS9-00-000300

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Institute and adhere to policies and procedures to ensure that patches are consistently applied to PostgreSQL within the time allowed.

Check Contents

If new packages are available for PostgreSQL, they can be reviewed in the package manager appropriate for the server operating system:

To list the version of installed PostgreSQL using psql:

$ sudo su - postgres
$ psql -–version

To list the current version of software for RPM:

$ rpm -qa | grep postgres

To list the current version of software for APT:

$ apt-cache policy postgres

All versions of PostgreSQL will be listed on:

http://www.postgresql.org/support/versioning/

All security-relevant software updates for PostgreSQL will be listed on:

http://www.postgresql.org/support/security/

If PostgreSQL is not at the latest version, this is a finding.

If PostgreSQL is not at the latest version and the evaluated version has CVEs (IAVAs), then this is a CAT I finding.

Vulnerability Number

V-214050

Documentable

False

Rule Version

PGS9-00-000300

Severity Override Guidance

If new packages are available for PostgreSQL, they can be reviewed in the package manager appropriate for the server operating system:

To list the version of installed PostgreSQL using psql:

$ sudo su - postgres
$ psql -–version

To list the current version of software for RPM:

$ rpm -qa | grep postgres

To list the current version of software for APT:

$ apt-cache policy postgres

All versions of PostgreSQL will be listed on:

http://www.postgresql.org/support/versioning/

All security-relevant software updates for PostgreSQL will be listed on:

http://www.postgresql.org/support/security/

If PostgreSQL is not at the latest version, this is a finding.

If PostgreSQL is not at the latest version and the evaluated version has CVEs (IAVAs), then this is a CAT I finding.

Check Content Reference

M

Target Key

3994

Comments