Re: PCI-DSS Requirements
Ron <ronljohnsonjr@gmail.com>
From: Ron <ronljohnsonjr@gmail.com>
To: "pgsql-general@lists.postgresql.org" <pgsql-general@lists.postgresql.org>
Date: 2022-09-22T11:18:06Z
Lists: pgsql-general
We use PgBackRest to create encrypted backups, but the nature of pg_dump means that the only way for them to be encrypted is to add that feature to pg_dump. On 9/22/22 01:16, Inzamam Shafiq wrote: > Hi Ron, > > Thank you for the response. > > Actually we are in a starting phase and I have done instance level > encryption (CYBERTECH TDE Patch) but if someone take dump and restore it > on another server the data get restored successfully. Also the problem is > that the data is in plain text. > > So I want to ask if disk or instance level encryption useful or we should > focus on column level encryption? > > Also if any error occurred during DML and a plain query will be written > into the logs which may not be compliant with PCI. How to overcome that? > > Thanks. > > Regards, > > /Inzamam Shafiq/ > /Sr. DBA/ > ---------------------------------------------------------------------------- > *From:* Ron <ronljohnsonjr@gmail.com> > *Sent:* Tuesday, September 20, 2022 10:44 PM > *To:* pgsql-general@lists.postgresql.org <pgsql-general@lists.postgresql.org> > *Subject:* Re: PCI-DSS Requirements > On 9/20/22 04:27, Inzamam Shafiq wrote: >> >> Hi Team, >> >> >> Anyone on PCI-DSS requirements for PostgreSQL DB, need help for some of >> the points. >> > > Can you be more specific? (Typically. the auditors or the "audit > pre-check" team will ask for a bunch of details on how your instance is > configured.) > > The usual questions I get are: > - What password hash algorithm is used? > - How frequently to passwords expire? > - Is SSL used when communicating with applications? > > -- > Angular momentum makes the world go 'round. -- Angular momentum makes the world go 'round.