Secure Technical Implementation Guide (STIG) For PostgreSQL
Currently I am a software engineer at Crunchy Data where I work on a wide array of problems: PostgreSQL in the cloud, secure configuration and operation of PostgreSQL, metric gathering and visualizations of PostgreSQL and solving customer problems. This is my first time talking at a PostgreSQL conference.
No video of the event yet, sorry!
The United States Defense Information System Agency Standards Branch plays a critical role in enhancing the security posture of the United States Department of Defense’s (DoD) security systems through its Security Technical Implementation Guides (STIGs). The STIGs provide DoD and other United States federal agencies with guidance on how to harden computer systems and protect cyber infrastructure that might otherwise be vulnerable to a malicious computer attack. Each guideline in the STIG provides a check and a fix. The check tells an administrator how to verify if a system is compliant and the fix gives instructions on making the system compliant.
This talk will review the major guidelines of the Database STIG and how PostgreSQL can be configured to comply with the Database STIG requirements. Specifically, this talk will provide guidance on configuration of PostgreSQL to address requirements associated with:
- Encryption at rest
- Encryption over the wire
- Access controls
- SQL injection
- 40 min
- PGConf US 2017 [PgConf.US]
- Regulated Industry Summit