STIGQter STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: The EDB Postgres Advanced Server must implement cryptographic mechanisms preventing the unauthorized disclosure of organization-defined information at rest on organization-defined information system components.

DISA Rule

SV-83621r1_rule

Vulnerability Number

V-69017

Group Title

SRG-APP-000429-DB-000387

Rule Version

PPS9-00-009300

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Create an encrypted partition to host the "<postgresql data directory>" directory. This can be done at the OS level with a technology such as db-crypt or other encryption technologies provided by third-party tools.

If only certain columns need encryption, use pgcrypt to encrypt those columns as documented here:

http://www.postgresql.org/docs/current/static/pgcrypto.html

Check Contents

Review the system documentation to determine whether the organization has defined the information at rest that is to be protected from modification, which must include, at a minimum, PII and classified information.

If no information is identified as requiring such protection, this is not a finding.

Review the configuration of the DBMS, operating system/file system, and additional software as relevant.

If any of the information defined as requiring cryptographic protection from modification is not encrypted in a manner that provides the required level of protection, this is a finding.

Vulnerability Number

V-69017

Documentable

False

Rule Version

PPS9-00-009300

Severity Override Guidance

Review the system documentation to determine whether the organization has defined the information at rest that is to be protected from modification, which must include, at a minimum, PII and classified information.

If no information is identified as requiring such protection, this is not a finding.

Review the configuration of the DBMS, operating system/file system, and additional software as relevant.

If any of the information defined as requiring cryptographic protection from modification is not encrypted in a manner that provides the required level of protection, this is a finding.

Check Content Reference

M

Target Key

2933

Comments