STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide

V-224205

CAT II (Medium)

The EDB Postgres Advanced Server must only accept end entity certificates issued by DoD PKI or DoD-approved PKI Certification Authorities (CAs) for the establishment of all encrypted sessions.

Rule ID

SV-224205r961596_rule

STIG

EDB Postgres Advanced Server v11 on Windows Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-002470

Discussion

Only DoD-approved external PKIs evaluated to ensure security controls and identity vetting procedures are in place that are sufficient for DoD systems to rely on the identity asserted in the certificate. PKIs lacking sufficient security controls and identity vetting procedures risk being compromised and issuing certificates that enable adversaries to impersonate legitimate users. The authoritative list of DoD-approved PKIs is published at https://cyber.mil/pki-pke/interoperability/. This requirement focuses on communications protection for the DBMS session rather than for the network packet.

Check Content

In a Windows CMD prompt, run this command:

CertUtil <postgresql data directory>\server.crt

If the "Issuer" that is printed out is not a DoD entity, this is a finding.

Fix Text

Contact your program security office to request DoD issued certificates:

root.crt (CA Certificate)
server.crt
server.key