STIGQter: STIG Summary: EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-224172r508023_rule
V-224172
SRG-APP-000178-DB-000083
EP11-00-004820
CAT I
10
For psql, which can accept a plain-text password, and any other essential tool with the same limitation:
1) Document the need for it, who uses it, and any relevant mitigations, and obtain AO approval.
2) Train all users of the tool in the importance of not using the plain-text password option and in how to keep the password hidden by using the "-W" option.
For psql, which cannot be configured not to accept a plain-text password, and any other essential tool with the same limitation, verify that the system documentation explains the need for the tool, who uses it, and any relevant mitigations and that AO approval has been obtained. If not, this is a finding.
Request evidence that all users of the tool are trained in the importance of using the "-W" option (and not using the plain-text password option), how to keep the password hidden, and that they adhere to this practice. If not, this is a finding.
V-224172
False
EP11-00-004820
For psql, which cannot be configured not to accept a plain-text password, and any other essential tool with the same limitation, verify that the system documentation explains the need for the tool, who uses it, and any relevant mitigations and that AO approval has been obtained. If not, this is a finding.
Request evidence that all users of the tool are trained in the importance of using the "-W" option (and not using the plain-text password option), how to keep the password hidden, and that they adhere to this practice. If not, this is a finding.
M
4107