Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/mitre/postgresql-9.x-stig-baseline

InSpec testing for baseline compliance with the PostgreSQL_9-x STIG
https://github.com/mitre/postgresql-9.x-stig-baseline

inspec mitre-corporation mitre-saf security-automation

Last synced: 1 day ago
JSON representation

InSpec testing for baseline compliance with the PostgreSQL_9-x STIG

Awesome Lists containing this project

README 

          
## PostgreSQL STIG Automated Compliance Validation Profile



InSpec profile to validate the secure configuration of a PostgreSQL 9.X against DISA's PostgreSQL 9.X Secure Technical Implementation Guide (STIG) Version 2 Release 1



## PostgreSQL STIG Overview



The PostgreSQL STIG (https://public.cyber.mil/stigs/) by the United States Defense Information Systems Agency (DISA) offers a comprehensive compliance guide for the configuration and operation of various technologies.

DISA has created and maintains a set of security guidelines for applications, computer systems or networks connected to the DoD. These guidelines are the primary security standards used by many DoD agencies. In addition to defining security guidelines, the STIG also stipulates how security training should proceed and when security checks should occur. Organizations must stay compliant with these guidelines or they risk having their access to the DoD terminated.



[STIG](https://en.wikipedia.org/wiki/Security_Technical_Implementation_Guide)s are the configuration standards for United States Department of Defense (DoD) Information Assurance (IA) and IA-enabled devices/systems published by the United States Defense Information Systems Agency (DISA). Since 1998, DISA has played a critical role enhancing the security posture of DoD's security systems by providing the STIGs. The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack.



The requirements associated with the PostgreSQL STIG are derived from the [National Institute of Standards and Technology](https://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology) (NIST) [Special Publication (SP) 800-53, Revision 4](https://en.wikipedia.org/wiki/NIST_Special_Publication_800-53) and related documents.



While the PostgreSQL STIG automation profile check was developed to provide technical guidance to validate information with security systems such as applications, the guidance applies to all organizations that need to meet internal security as well as compliance standards.



## Getting Started



### Requirements



#### PostgreSQL  

- PostgreSQL

- Access to the database

- Account providing appropriate permissions to perform audit scan



#### Required software on PostgreSQL machine

- git

- [InSpec](https://www.chef.io/products/chef-inspec/)



### Setup Environment on PostgreSQL machine 

#### Install InSpec

Goto https://www.inspec.io/downloads/ and consult the documentation for your Operating System to download and install InSpec.



#### Ensure InSpec version is at least 4.23.10 

```sh

inspec --version

```



### How to execute this instance  

(See: https://www.inspec.io/docs/reference/cli/)



#### Execute a single Control in the Profile 

**Note**: Replace the profile's directory name - e.g. - `` with `.` if currently in the profile's root directory.

```sh

inspec exec /controls/V-72841.rb --show-progress

```

or use the --controls flag to execute checking with a subset of controls

```sh

inspec exec  --controls=V-72841.rb V-72845.rb --show-progress

```



#### Execute a Single Control and save results as JSON 

```sh

inspec exec  --controls=V-72841.rb --show-progress --reporter json:results.json

```



#### Execute All Controls in the Profile 

```sh

inspec exec  --show-progress

```



#### Execute all the Controls in the Profile and save results as JSON 

```sh

inspec exec  --show-progress  --reporter json:results.json

```