| If the application owner and Authorizing Official have determined that encryption of data at rest is NOT required, this is not a finding. |
One possible way to encrypt data within PostgreSQL is to use the pgcrypto extension.
To check if pgcrypto is installed on PostgreSQL, as a database administrator (shown here as "postgres"), run the following command:
$ sudo su - postgres
$ psql -c "SELECT * FROM pg_available_extensions where name='pgcrypto'"
If data in the database requires encryption and pgcrypto is not available, this is a finding.
If disk or filesystem requires encryption, ask the system owner, database administrator (DBA), and system administrator (SA) to demonstrate the use of disk-level encryption. If this is required and is not found, this is a finding.
If controls do not exist or are not enabled, this is a finding.