The CIS PostgreSQL Benchmark is freely available as a guide to help businesses secure Postgres deployments.
Charleston, SC (November 15, 2023) Crunchy Data, the leading provider of trusted open source Postgres technology and support, in collaboration with the Center for Internet Security®, is proud to announce the publication of the PostgreSQL CIS Benchmark™ for PostgreSQL 16. Crunchy Data worked with the Defense Information Systems Agency (DISA) to make PostgreSQL the first open source database to provide a published STIG in 2017 and this update reflects their ongoing partnership to provide enhanced security guidance as PostgreSQL continues to advance and evolve.
The PostgreSQL CIS Benchmark series provides security-focused enterprises with a thorough manual on configuring and utilizing open source PostgreSQL. As organizations consider open source PostgreSQL as a substitute for proprietary database systems, they can consult the CIS Benchmark for guidance.
PostgreSQL version 16 was recently released by the PostgreSQL Global Development group and includes notable improvements:
Performance: Each version of PostgreSQL is packed with performance improvements and this one is no different. There are new things built into the query planning, CPU accelerations, faster COPY statement, and improvements in ASCII and JSON strings to name a few.
JSON: JSON support in Postgres gets better every year. Version 16 adds more syntax from the SQL / JSON standard, including JSON_ARRAY(), JSON_ARRAYARG(), and IS JSON.
Logical replication: Logical replication got a few major improvements. You can now create a logical replica from a standby. This allows new changes to reduce workload on the primary server and expands options for high availability and active-active systems.
Monitoring i/o: Postgres 16 introduces a new stat view called pg_stat_io to show i/o metrics and i/o access patterns.
The latest CIS Benchmark for Postgres 16 is available for download on the CIS website. Crafting a CIS Benchmark involves extensive collaboration, with substantial peer reviews and discussions taking place before the release of a major version. This process ensures a consensus on the optimal practices for establishing a secure system.
The CIS PostgreSQL 16 Benchmark recommendations were developed by testing PostgreSQL 16 running on RHEL 9, though these recommendations will also apply to other versions of PostgreSQL. Similar to the PostgreSQL STIG, the CIS PostgreSQL Benchmark provides recommendations in the following areas:
- Installation and Patches
- Directory and File Permissions
- Logging, Monitoring, and Auditing
- User Access and Authorization
- Connection and Login
- PostgreSQL Settings
- Special Configuration Considerations
“The Crunchy Data team is proud to continue our collaboration with CIS and provide another PostgreSQL Benchmark in the series. This project provides security guidance and certifications to help drive adoption of PostgreSQL, the world’s most advanced open source relational database.” said Crunchy Data President, Paul Laurence.
Crunchy Data allows companies to build with confidence as the leading provider of trusted open source PostgreSQL and enterprise technology, support and training. Crunchy Data offers Crunchy Certified PostgreSQL, the most advanced and true open source RDBMS on the market. The company also offers Crunchy Bridge, a fully managed cloud Postgres service available on AWS, Azure and Google Cloud. PostgreSQL's active development community, proven architecture, and reputation for reliability, data integrity, and ease of use makes it a prime candidate for enterprises looking for a robust relational database alternative to expensive proprietary database technologies. Learn more at www.crunchydata.com.
November 15, 2023 •More by this author