Crunchy Data PostgreSQL Security Technical Implementation Guide Now Available

Crunchy Data

3 min read

This new guide is the result of ongoing collaboration with DISA and provides security guidance for PostgreSQL 9.6 through 12

Charleston, S.C. (January 6, 2021) - Crunchy Data — the leading provider of trusted open source PostgreSQL — is pleased to announce the release of the Crunchy Data PostgreSQL Security Technical Implementation Guide (STIG) by the United States Defense Information Systems Agency (DISA). In 2017, Crunchy Data collaborated with DISA to publish the initial version of the PostgreSQL STIG, representing the first published STIG for an open source database.

The Crunchy Data PostgreSQL STIG provides guidance for the secure deployment and configuration of Crunchy Certified PostgreSQL in adherence to the United States Department of Defense security requirements guidelines. Enterprises can refer to this comprehensive guide for PostgreSQL security best practices as they consider open source PostgreSQL as an alternative to proprietary database software.

“We are proud to work in partnership with DISA to provide this updated security guidance for PostgreSQL and believe that it is yet another validation of the comprehensive security functionality of PostgreSQL,” said Crunchy Data President Paul Laurence. “Crunchy Data is committed to continue bringing the extraordinary cost effectiveness of open source PostgreSQL technology to the U.S. Defense community and to all database users who need to manage their information reliably, securely and efficiently.”

This new PostgreSQL STIG includes updated guidance for PostgreSQL 9.6 through 12, including how to use SCRAM authentication, a new logging location for PostgreSQL 10+, and usage of built-in defined roles added in newer Postgres releases. The Crunchy Data PostgreSQL STIG also provides expanded information regarding the use of any Federal Information Processing Standard (FIPS) compliant operating systems.

Crunchy Certified PostgreSQL, Crunchy Data’s trusted 100% open source PostgreSQL distribution, enables Crunchy Data PostgreSQL STIG compliance by providing trusted PostgreSQL along with the requisite security enhancing audit logging extensions and Crunchy Data's enterprise support. To ensure that Crunchy Certified PostgreSQL represents the most trusted enterprise PostgreSQL distribution, Crunchy Certified PostgreSQL has received Common Criteria Evaluation Assurance Level (EAL) 2+ certification, an international standard for computer security certification, Crunchy Certified PostgreSQL is the first commercially available open source relational database management system to receive Common Criteria certification.


STIGs are the configuration standards for DoD Information Assurance (IA) and IA-enabled devices/systems. Since 1998, DISA has played a critical role enhancing the security posture of DoD's security systems by providing the STIGs. The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack.

About Crunchy Data

Crunchy Data is the leading provider of trusted open source and enterprise PostgreSQL technology, support and training. Crunchy Data offers Crunchy Certified PostgreSQL, the most advanced open source RDBMS on the market, Crunchy PostgreSQL for Kubernetes, the leading solution for deploying Kubernetes native Postgres, and the recently launched Crunchy Bridge, a fully managed cloud Postgres service that gives enterprises the ultimate choice in Postgres management and provides the ability to modernize infrastructure as needed. Learn more at

Avatar for Crunchy Data

Written by

Crunchy Data

January 7, 2021 More by this author