| If PostgreSQL is deployed in an unclassified environment, this is not applicable (NA). |
If PostgreSQL is not using NSA-approved cryptography to protect classified information in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards, this is a finding.
To check if PostgreSQL is configured to use SSL, as the database administrator (shown here as "postgres"), run the following SQL:
$ sudo su - postgres
$ psql -c "SHOW ssl"
If SSL is off, this is a finding.
Consult network administration staff to determine whether the server is protected by NSA-approved encrypting devices. If not, this a finding.