Database STIG and OSS Opportunity

200 views
Skip to first unread message

Mark Pennington

unread,
Feb 2, 2012, 3:30:43 PM2/2/12
to Military Open Source Software
I searched the forums here, and I may have missed it. Apologies if
this has been covered, but here goes. Many DoD systems are working to
reduce the use of SSNs as primary keys and record identifiers (better
late than never, I guess). For those systems where they cannot get
rid of the SSN completely because they have to map an SSN to a user id
or EDIPI or whatever, they should be encrypting that at-rest data. If
I am not mistaken, all PII should be encrypted when at rest and most
likely when transmitted too.

Therefore, it seems this could be a good use of commonly used open
source databases such as MySQL or Postgres. The last I checked, which
has been a couple of years, a MySQL DB could not satisfy some of the
DB STIGs due to some lacking security function. Does anyone have
success STIGging an open source DB? If so, it could be a secure and
affordable option for migrating away from SSN and/or securing that
data until the SSN is dropped completely.

The following conversation would be a pleasant one, if possible, "Mr
Govt' Project Officer, I know you need to migrate from SSN to EDI PI/
CAC for your app. If you did this with your current Oracle or MS SQL
Server, it would mean xxx days and cost. If we go with MySQL or
Postgres, it would be xxx less time and money, and it would be as or
more secure."

Your thoughts?
Mark

Robot

unread,
Feb 2, 2012, 5:32:18 PM2/2/12
to Military Open Source Software
C2RPC was able to use opensource whole drive encryption to meet the
data at rest requirement, since MySQL is layered over the filesystem.

Michael Wood

unread,
Feb 2, 2012, 5:35:07 PM2/2/12
to mil...@googlegroups.com

Forge.mil started a STIG process last year.

--
You received this message because you are subscribed to the "Military Open Source Software"  Google Group.
To post to this group, send email to mil...@googlegroups.com
To unsubscribe from this group, send email to mil-oss+u...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/mil-oss?hl=en

www.mil-oss.org
Reply all
Reply to author
Forward
0 new messages