DOD releases PostgreSQL security technical implementation guide

Crunchy Data, a provider of open source PostgreSQL, has announced the publication of a PostgreSQL Security Technical Implementation Guide (STIG) by the U.S. Department of Defense (DoD), making PostgreSQL the first open source database with a STIG. Crunchy Data collaborated with the Defense Information Systems Agency (DISA) to evaluate PostgreSQL against the DoD’s security requirements and developed the guide to define how PostgreSQL can be deployed and configured to meet security requirements for government systems.

PostgreSQL is a powerful, object-relational database system with more than 20 years of active development and a strong global development community. Commercial enterprises and Government agencies with a focus on advanced data management can benefit from PostgreSQL’s architecture, data integrity, and cost effectiveness.

Crunchy Certified PostgreSQL, their PostgreSQL distribution, eases STIG compliance by providing PostgreSQL along with the requisite security enhancing Audit Logging Extensions. It also also includes extensions such as PostGIS, a geospatial extension for PostgreSQL.

“We are very proud of our working relationship with DISA and the resultant STIG being announced today. This STIG, combined with our Common Criteria certification, will help us support the U.S. government’s efforts to adopt open source software to reduce costs and unwanted vendor lock-in. Crunchy is committed to bringing the extraordinary cost effectiveness of open source PostgreSQL technology to the U.S. Defense community and to all database users who need to manage their information reliably, securely and efficiently.” said Crunchy CEO Bob Laurence.
 
Beyond the U.S. Government, the DISA PostgreSQL STIG offers security-conscious enterprises a comprehensive guide for open source PostgreSQL configuration and use. Enterprises can refer to the STIG as they consider PostgreSQL as an alternative to proprietary, closed source, database software.