STIGQter STIGQter: STIG Summary: PostgreSQL 9.x Security Technical Implementation Guide Version: 1 Release: 6 Benchmark Date: 25 Oct 2019: PostgreSQL must use NIST FIPS 140-2 validated cryptographic modules for cryptographic operations.

DISA Rule

SV-87715r1_rule

Vulnerability Number

V-73063

Group Title

SRG-APP-000179-DB-000114

Rule Version

PGS9-00-012300

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Configure OpenSSL to meet FIPS Compliance using the following documentation in section 9.1:

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1758.pdf

For more information on configuring PostgreSQL to use SSL, see supplementary content APPENDIX-G.

Check Contents

As the system administrator, run the following:

$ openssl version

If "fips" is not included in the openssl version, this is a finding.

Vulnerability Number

V-73063

Documentable

False

Rule Version

PGS9-00-012300

Severity Override Guidance

As the system administrator, run the following:

$ openssl version

If "fips" is not included in the openssl version, this is a finding.

Check Content Reference

M

Target Key

3087

Comments