Charleston, S.C.: Crunchy Data — the leading provider of trusted open source PostgreSQL technology, support, and training — is pleased to announce the publication of a PostgreSQL CIS Benchmark™ in collaboration with the Center for Internet Security®. Crunchy Data collaborated with CIS® by evaluating open source PostgreSQL against CIS’s security requirements and developed the guide defining how open source PostgreSQL can be configured and deployed to meet security requirements for enterprise systems.
The PostgreSQL CIS Benchmark offers security-conscious enterprises a comprehensive guide for open source PostgreSQL configuration and usage. Enterprises can refer to the CIS Benchmark as they consider open source PostgreSQL as an alternative to proprietary, closed source, database software. The PostgreSQL CIS Benchmark can be downloaded from https://www.cisecurity.org/benchmark/postgresql/
PostgreSQL is a powerful, open source, object-relational database system with more than 20 years of active development and a strong global development community. Commercial enterprises and government agencies with a focus on advanced data management benefit from PostgreSQL’s proven architecture and reputation for reliability, data integrity, and cost effectiveness.
Crunchy Certified PostgreSQL, Crunchy Data’s trusted 100% open source PostgreSQL distribution, eases this new CIS Benchmark’s compliance by providing trusted open source PostgreSQL along with the requisite security enhancing audit logging extensions. Crunchy Certified PostgreSQL also includes popular extensions such as PostGIS, a robust geospatial database extender for PostgreSQL.
“Crunchy Data’s collaboration with CIS on the development of the PostgreSQL Benchmark reflects our continued commitment to enabling enterprises to benefit from the power and efficiency of open source PostgreSQL. The CIS PostgreSQL Benchmark, the PostgreSQL DISA STIG and Crunchy Certified PostgreSQL provide a collection of security best practices and certifications that build on a body of evidence that PostgreSQL provides both the security capabilities and the compliance profiles necessary for deployment at the most security conscious enterprises. We are grateful to have collaborated with the CIS professional team to accomplish this publication milestone and will continue to provide enterprises with market leading open source data management technology,” said Paul Laurence, President of Crunchy Data.
To ensure that Crunchy Certified PostgreSQL represents the most trusted open source enterprise PostgreSQL distribution, Crunchy Certified PostgreSQL has received Common Criteria Evaluation Assurance Level (EAL) 2+ certification, an international standard for computer security certification. Crunchy Certified PostgreSQL is the first commercially available open source relational database management system to receive Common Criteria certification.
Crunchy Data has previously collaborated with the Defense Information Systems Agency to author the PostgreSQL Security Technical Implementation Guide (STIG). The PostgreSQL STIG represents the first open source database STIG and provides guidance on how open source PostgreSQL can be deployed and configured to meet security requirements for government systems.
About Crunchy Data
Crunchy Data is the leading provider of trusted open source PostgreSQL and enterprise PostgreSQL technology, support and training. Crunchy Data offers Crunchy Certified PostgreSQL, the most advanced true open source RDBMS on the market. Crunchy Data is a leading provider of cloud native PostgreSQL – providing open source, cloud-agnostic PostgreSQL-as-a-Service solutions. PostgreSQL’s active development community, proven architecture, and reputation for reliability, data integrity, and ease of use makes it a prime candidate for enterprises looking for a robust relational database alternative to expensive proprietary database technologies. Learn more at www.crunchydata.com
CIS is a forward-thinking nonprofit entity that harnesses the power of the global IT community to safeguard private and public organizations against cyber threats. Our CIS Controls and CIS Benchmarks are global standards and recognized best practices for securing IT systems and data against the most pervasive attacks.
These proven guidelines are continuously refined and verified by a volunteer global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing & Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial governments. To learn more, visit CISecurity.org
About Common Criteria Certification
The Common Criteria for Information Technology Security is an international standard (ISO/IEC 15408) for computer security certification. Common Criteria provides assurance that the specification, implementation and evaluation of a computer security product has been conducted in a rigorous, standard and repeatable manner at a level appropriate for its target environment. Learn more at https://www.commoncriteriaportal.org/
About DISA Security Technical Implementation Guidelines
A Security Technical Implementation Guideline (STIG) is used as the configuration standard for the Department of Defense Information Assurance (IA) and IA-enabled devices/systems. Since 1998, DISA has played a critical role enhancing the security posture of the Department of Defense's security systems by providing the STIGs. The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack. Learn more at https://iase.disa.mil/stigs/Pages/index.aspx
Center for Internet Security, CIS, and CIS Benchmark are registered trademarks of the Center for Internet Security.