Crunchy Data News

Crunchy Data Collaborates with Center for Internet Security® to Continue Advancing PostgreSQL Security for Enterprise

Jonathan S. Katz
PostgreSQL security CIS Benchmark

Crunchy Data Co-Authored PostgreSQL CIS Benchmark™ for PostgreSQL 10 Provides Security Guidance for Enterprise PostgreSQL Deployments

Charleston, S.C.: Crunchy Data — the leading provider of trusted open source PostgreSQL technology and support — in collaboration with the Center for Internet Security®, is pleased to announce the publication of a PostgreSQL CIS Benchmark™ for PostgreSQL 10. Crunchy Data collaborated with CIS® by evaluating open source PostgreSQL 10 against CIS’s security requirements and developed the guide defining how open source PostgreSQL can be configured and deployed to meet security requirements for enterprise systems.

The PostgreSQL CIS Benchmark offers security-conscious enterprises a comprehensive guide for open source PostgreSQL configuration and usage. Enterprises can refer to the CIS Benchmark as they consider open source PostgreSQL as an alternative to proprietary and other database systems. The PostgreSQL CIS Benchmark can be downloaded from https://www.cisecurity.org/cis-benchmarks/

PostgreSQL is a powerful, open source, object-relational database system with more than 20 years of active development and a strong global development community. Commercial enterprises and government agencies with a focus on advanced data management benefit from PostgreSQL’s proven architecture and reputation for reliability, data integrity, and cost effectiveness.

Crunchy Certified PostgreSQL, Crunchy Data’s trusted 100% open source PostgreSQL distribution, eases this new CIS Benchmark’s compliance by providing the requisite security enhancing audit logging extensions for deploying PostgreSQL, along with secure disaster recovery capabilities. Crunchy Certified PostgreSQL also includes popular extensions such as PostGIS, a robust geospatial database for PostgreSQL.

“Enterprises of all sizes are increasingly focused on the importance of data security due to the variety of new data privacy regulations and the business-critical need to instill consumer confidence in the safety of their personal information. With the growth in adoption of PostgreSQL in mission-critical applications, organizations must have access to the best guidance available for the secure configuration and operation of the PostgreSQL database. Working with CIS to update the PostgreSQL Benchmark for PostgreSQL 10 lets us continue our mission to help provide security best practices and certifications to help drive further adoption of the world’s most advanced open source relational database,” said Paul Laurence, President of Crunchy Data.

To ensure that Crunchy Certified PostgreSQL represents the most trusted open source enterprise PostgreSQL distribution, Crunchy Certified PostgreSQL has received Common Criteria Evaluation Assurance Level (EAL) 2+ certification, an international standard for computer security certification. Crunchy Certified PostgreSQL is the first commercially available open source relational database management system to receive Common Criteria certification.

Crunchy Data has previously collaborated with the Defense Information Systems Agency to author the PostgreSQL Security Technical Implementation Guide (STIG). The PostgreSQL STIG represents the first open source database STIG and provides guidance on how open source PostgreSQL can be deployed and configured to meet security requirements for government systems.

About Crunchy Data

Crunchy Data is the leading provider of trusted open source PostgreSQL technology, support, and training for enterprises. Crunchy Data offers Crunchy Certified PostgreSQL, the most advanced true open source RDBMS on the market. Crunchy Data is a leading provider of cloud native PostgreSQL – providing open source, cloud-agnostic PostgreSQL-as-a-Service solutions. PostgreSQL’s active development community, proven architecture, and reputation for reliability, data integrity, and ease of use makes it a prime candidate for enterprises looking for a robust relational database alternative to expensive proprietary database technologies. Learn more at www.crunchydata.com

About Center for Internet Security

Center for Internet Security (CIS) is a forward-thinking nonprofit entity that harnesses the power of the global IT community to safeguard private and public organizations against cyber threats. Our CIS Controls and CIS Benchmarks are global standards and recognized best practices for securing IT systems and data against the most pervasive attacks.

These proven guidelines are continuously refined and verified by a volunteer global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing & Analysis Center®(MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial governments. To learn more, visit CISecurity.org

About Common Criteria Certification

The Common Criteria for Information Technology Security is an international standard (ISO/IEC 15408) for computer security certification. Common Criteria provides assurance that the specification, implementation and evaluation of a computer security product has been conducted in a rigorous, standard and repeatable manner at a level appropriate for its target environment. Learn more at https://www.commoncriteriaportal.org/

About DISA Security Technical Implementation Guidelines

A Security Technical Implementation Guideline (STIG) is used as the configuration standard for the Department of Defense Information Assurance (IA) and IA-enabled devices/systems. Since 1998, DISA has played a critical role enhancing the security posture of the Department of Defense's security systems by providing the STIGs. The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack. Learn more at https://iase.disa.mil/stigs/Pages/index.aspx

Center for Internet Security, CIS, and CIS Benchmark are registered trademarks of the Center for Internet Security.

0 replies