Mark Pennington
unread,Feb 2, 2012, 3:30:43 PM2/2/12Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Military Open Source Software
I searched the forums here, and I may have missed it. Apologies if
this has been covered, but here goes. Many DoD systems are working to
reduce the use of SSNs as primary keys and record identifiers (better
late than never, I guess). For those systems where they cannot get
rid of the SSN completely because they have to map an SSN to a user id
or EDIPI or whatever, they should be encrypting that at-rest data. If
I am not mistaken, all PII should be encrypted when at rest and most
likely when transmitted too.
Therefore, it seems this could be a good use of commonly used open
source databases such as MySQL or Postgres. The last I checked, which
has been a couple of years, a MySQL DB could not satisfy some of the
DB STIGs due to some lacking security function. Does anyone have
success STIGging an open source DB? If so, it could be a secure and
affordable option for migrating away from SSN and/or securing that
data until the SSN is dropped completely.
The following conversation would be a pleasant one, if possible, "Mr
Govt' Project Officer, I know you need to migrate from SSN to EDI PI/
CAC for your app. If you did this with your current Oracle or MS SQL
Server, it would mean xxx days and cost. If we go with MySQL or
Postgres, it would be xxx less time and money, and it would be as or
more secure."
Your thoughts?
Mark