Re: PCI-DSS Requirements

Ron <ronljohnsonjr@gmail.com>

From: Ron <ronljohnsonjr@gmail.com>
To: "pgsql-general@lists.postgresql.org" <pgsql-general@lists.postgresql.org>
Date: 2022-09-22T11:18:06Z
Lists: pgsql-general
We use PgBackRest to create encrypted backups, but the nature of pg_dump 
means that the only way for them to be encrypted is to add that feature to 
pg_dump.

On 9/22/22 01:16, Inzamam Shafiq wrote:
> Hi Ron,
>
> Thank you for the response.
>
> Actually we are in a starting phase and I have done instance level 
> encryption (CYBERTECH TDE Patch) but if someone take dump and restore it 
> on another server the data get restored successfully. Also the problem is 
> that the data is in plain text.
>
> So I want to ask if disk or instance level encryption useful or we should 
> focus on column level encryption?
>
> Also if any error occurred during DML and a plain query will be written 
> into the logs which may not be compliant with PCI. How to overcome that?
>
> Thanks.
>
> Regards,
>
> /Inzamam Shafiq/
> /Sr. DBA/
> ----------------------------------------------------------------------------
> *From:* Ron <ronljohnsonjr@gmail.com>
> *Sent:* Tuesday, September 20, 2022 10:44 PM
> *To:* pgsql-general@lists.postgresql.org <pgsql-general@lists.postgresql.org>
> *Subject:* Re: PCI-DSS Requirements
> On 9/20/22 04:27, Inzamam Shafiq wrote:
>>
>> Hi Team,
>>
>>
>> Anyone on PCI-DSS requirements for PostgreSQL DB, need help for some of 
>> the points.
>>
>
> Can you be more specific?  (Typically. the auditors or the "audit 
> pre-check" team will ask for a bunch of details on how your instance is 
> configured.)
>
> The usual questions I get are:
> - What password hash algorithm is used?
> - How frequently to passwords expire?
> - Is SSL used when communicating with applications?
>
> -- 
> Angular momentum makes the world go 'round.

-- 
Angular momentum makes the world go 'round.