STIGQter: STIG Summary: EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must enforce authorized access to all PKI private keys stored/utilized by the EDB Postgres Advanced Server.

DISA Rule

SV-224170r508023_rule

Vulnerability Number

V-224170

Group Title

SRG-APP-000176-DB-000068

Rule Version

EP11-00-004600

Severity

CAT I

CCI(s)

• CCI-000186 - The information system, for PKI-based authentication, enforces authorized access to the corresponding private key.

Weight

10

Fix Recommendation

Right-click and select "Properties" on <postgresql data directory>\server.key

Give the database administrator (default "enterprisedb") full control of the file.

Check Contents

Verify User ownership, Group ownership, and permissions on the "server.key" file:

Right-click and select "Properties" on <postgresql data directory>\server.key

If any users other than the database administrator user (enterprisedb by default) or other users documented in the program security guide have any permissions on this file, this is a finding.

Vulnerability Number

V-224170

Documentable

False

Rule Version

EP11-00-004600

Severity Override Guidance

Verify User ownership, Group ownership, and permissions on the "server.key" file:

Right-click and select "Properties" on <postgresql data directory>\server.key

If any users other than the database administrator user (enterprisedb by default) or other users documented in the program security guide have any permissions on this file, this is a finding.

Check Content Reference

M

Target Key

4107

Comments