Checklist Summary:

The EnterpriseDB Postgres Advanced Server (EPAS) Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DOD) information systems. This document is meant to be used in conjunction with the Red Hat Enterprise Linux (OS) STIG, Network STIG, and other STIGs as applicable to the database host environment. It is based on the Database Security Requirements Guide (SRG) Version 3, Release 3, which in turn derives its cybersecurity controls from National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Revision 4. Postgres (also known as PostgreSQL) is an open-source, community-developed database management system. EDB is a value-added distributor of Postgres; its extensions and modifications to the base product address performance, security, and enterprise operations. This STIG is specific to EDB Postgres Advanced Server. Some of the guidance may be applicable to other Postgres implementations, but because EDB’s product includes many modifications to the generic version, this cannot be guaranteed. This STIG requires that the product be deployed on a FIPS-compliant cryptography enabled operating system found in the Cryptographic Module Validation Program (https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules), or by other means ensure that FIPS 140-2-certified OpenSSL libraries are used by the DBMS.

Checklist Role:

• Application Server
• Database Management System

Known Issues:

Not Provided

Target Audience:

Not Provided

Target Operational Environment:

• Specialized Security-Limited Functionality (SSLF)

Testing Information:

Not Provided

Regulatory Compliance:

This document is provided under the authority of DODI 8500.01.

Comments/Warnings/Miscellaneous:

Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Disclaimer:

Not Provided

Product Support:

Not Provided

Point of Contact:

Comments or proposed revisions to this document should be sent via email to the following address: disa.stig_spt@mail.mil. DISA Field Security Operations (FSO) will coordinate all change requests with the relevant DoD organizations before inclusion in this document.

Sponsor:

Not Provided

Licensing:

Not Provided

Change History:

update to FINAL - 8/15/2016
Updated STIG to V1, R2 - 10-28-2016
updated to FINAL - 12/07/2016
Updated to version 1, release 3 - 04/28/2017
Updated to FINAL - 05/30/2017
null
Updated URL to reflect change to the DISA website - http --> https
updated to v1,r4 - 02/16/2018
Updated to FINAL - 3/18/2018
Updated to version 1, release 5 - 10/25/18
Updated to FINAL - 11/26/18
Updated URLs - 6/5/19
updated URLs - 11/1/19
Updated URLs per DISA - 4/24/2020
Removed reference link per DISA update - 6/15/2020
Updated URL per DISA - 10/28/20
updated SHA - 10/29/2020
Updated resource per DISA - 8/1/22
updated URL - 1/23/24
sunset and updated URLs per DISA - 1/29/24
Updated Title, Version, Resources, SHA, General and Status - 08/09/2024

Dependency/Requirements:

URL	Description

References:

Reference URL	Description

NIST checklist record last modified on 08/09/2024