STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-214129r508027_rule
V-214129
SRG-APP-000313-DB-000309
PGS9-00-009400
CAT II
10
In addition to the SQL-standard privilege system available through GRANT, tables can have row security policies that restrict, on a per-user basis, which rows can be returned by normal queries or inserted, updated, or deleted by data modification commands. This feature is also known as Row-Level Security (RLS).
RLS policies can be very different depending on their use case. For one example of using RLS for Security Labels, see supplementary content APPENDIX-D.
If security labeling is not required, this is not a finding.
First, as the database administrator (shown here as "postgres"), run the following SQL against each table that requires security labels:
$ sudo su - postgres
$ psql -c "\d+ <schema_name>.<table_name>"
If security labeling requirements have been specified, but the security labeling is not implemented or does not reliably maintain labels on information in process, this is a finding.
V-214129
False
PGS9-00-009400
If security labeling is not required, this is not a finding.
First, as the database administrator (shown here as "postgres"), run the following SQL against each table that requires security labels:
$ sudo su - postgres
$ psql -c "\d+ <schema_name>.<table_name>"
If security labeling requirements have been specified, but the security labeling is not implemented or does not reliably maintain labels on information in process, this is a finding.
M
3994