Secure Technical Implementation Guidance - STIG - for Postgres
Need Help Securing Your Postgres Deployment?
Configure Postgres securely the Kubernetes native way
Crunchy Postgres for Kubernetes provides the Crunchy Data PostgresSTIGAssessment API, enabling you to assess your PostgreSQL database against the Crunchy Data PostgreSQL Security Technical Implementation Guide (STIG). Once the PostgresSTIGAssessment API is installed, you will be able to easily perform a STIG assessment of a PostgreSQL database, with results available in a JSON-formatted report, as well as within the PostgresSTIGAssessment status. Contact us to learn more.
The Postgres STIG
Crunchy Data has collaborated with DISA since 2017 on the PostgreSQL STIG. Crunchy Data is committed to providing enhanced security guidance for PostgreSQL as it continues to advance and evolve. The security functionality reflected within the Crunchy Data PostgreSQL STIG is provided by 100% open source Postgres, Postgres extensions, and documentation . The Crunchy Data PostgreSQL STIG provides security guidance regarding the use of PostgreSQL used in conjunction with certain open source PostgreSQL extensions – most notably, pgaudit.
Download the Crunchy Data PostgreSQL Security Technical Implementation Guide
STIG as part of the ATO / continuous ATO process
The Postgres STIG covers aspects not covered by code scanning tools, and is a key part of the Authority To Operate (ATO) review. It goes beyond ensuring CVE’s are patched and provides guidance on aspects like user roles and SQL injection. Data security continues to be at the forefront of the U.S. Department of Defense software and systems development. This DISA STIG complements other DoD initiatives like DevSecOps and container hardening and is a critical piece in a continuous authorization to operate. Security conscious customers anywhere can benefit from implementing the STIG controls in their Postgres environment.
What does the Crunchy Data PostgreSQL STIG Cover?
The DISA STIG document outlines many security rules and discussion around how they impact vulnerability within the context of the PostgreSQL database. The document covers 35 different standards. PostgreSQL STIG provides guidance on the configuration of PostgreSQL to address requirements associated with:
Auditing
Logging
Data Encryption at Rest
Data Encryption Over the Wire
Access Controls
Administration
Authentication
Protecting against SQL Injection
Contact us to learn more about Crunchy’s focus on security and how we can help you accelerate your time to ATO approval.
Support from the
PostgreSQL experts
Crunchy Data has a diverse and talented team of engineers, architects, and security experts support your Postgres installation available 24x7x365. Talk to us today about the support subscription that is right for you.