STIGQter STIGQter: STIG Summary: Crunchy Data PostgreSQL Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 20 Nov 2020:

PostgreSQL must implement NIST FIPS 140-2 validated cryptographic modules to generate and validate cryptographic hashes.

DISA Rule

SV-233583r617333_rule

Vulnerability Number

V-233583

Group Title

SRG-APP-000514-DB-000382

Rule Version

CD12-00-008000

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure OpenSSL to be FIPS compliant.

PostgreSQL uses OpenSSL for cryptographic modules. To configure OpenSSL to be FIPS 140-2 compliant, see the official RHEL Documentation: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html.

For more information on configuring PostgreSQL to use SSL, see supplementary content APPENDIX-G.

Check Contents

First, as the system administrator, run the following to see if FIPS is enabled:

$ cat /proc/sys/crypto/fips_enabled

If fips_enabled is not "1", this is a finding.

Vulnerability Number

V-233583

Documentable

False

Rule Version

CD12-00-008000

Severity Override Guidance

First, as the system administrator, run the following to see if FIPS is enabled:

$ cat /proc/sys/crypto/fips_enabled

If fips_enabled is not "1", this is a finding.

Check Content Reference

M

Target Key

5254

Comments