Crunchy Data Automates Security Compliance with DISA PostgreSQL Security Technical Implementation Guide

Crunchy Data

4 min read

Automated Compliance Supports NGA GEOINT Services ATO in a Day Initiative

Charleston, SC: Leading open source PostgreSQL technology, support, and training provider Crunchy Data is pleased to announce the release of an open source project that provides tools to automate compliance with the guidelines of the PostgreSQL Security Technical Implementation Guide (STIG) by the U.S. Department of Defense (DoD).

Developed to support the National Geospatial-Intelligence Agency (NGA)’s GEOINT Services mission to reduce the time it takes to secure authority to operate certification for cloud services, the technology leverages open source software to provide automated compliance testing. In this case, the compliance testing and subsequent review and approval was accomplished within 72 hours, a major reduction in effort. The PostgreSQL STIG Automation project uses the InSpec Project, which provides an open source compliance, security and policy testing framework, to dynamically extract system configuration information. This information is checked against strict security DoD guidelines crafted by industry-leading PostgreSQL security experts. The PostgreSQL STIG Automation project also electronically supplements the Body of Evidence required to verify NIST 800-53 and the government’s compliance requirements.

“As the government moves to rapid deployment models associated with the cloud and adopts DevOps methodologies, it is critical that software providers such as Crunchy Data develop tools to enable the government to accelerate the adoption of software that aids in security compliance. Crunchy Data is proud to support NGA’s leadership in this area,” said Dmitry Didovicher, Director of GIS Programs at Crunchy Data.

NGA asked Crunchy Data and MITRE to team up on the design and development of an automated security compliance profile to validate the newly published PostgreSQL STIG. Crunchy Data and MITRE deployed the tools, processes, and automated deployment and validation tests to communicate the test results to meet NGA’s needs in a short period. MITRE is working on similar automated security solutions for NGA and other sponsors in its role as a not-for-profit corporation working in the public interest.

PostgreSQL is a powerful, open source, object-relational database system with more than 20 years of active development and a strong global development community. Commercial enterprises and government agencies with a focus on advanced data management can benefit from PostgreSQL’s proven architecture and reputation for reliability, data integrity, and cost effectiveness.

Crunchy Certified PostgreSQL, Crunchy Data’s trusted 100% open source PostgreSQL distribution, eases STIG compliance by providing trusted open source PostgreSQL along with the requisite security enhancing Audit Logging Extensions. Crunchy Certified PostgreSQL also includes popular extensions such as PostGIS, a geospatial extension for PostgreSQL. When combined with Crunchy Data’s “PostgreSQL-as-a-Service” technologies, Crunchy Data enables enterprises to deploy trusted open source PostgreSQL on-demand.

“Crunchy Data’s mission is to enable enterprises to adopt open source PostgreSQL as a means to reduce IT infrastructure costs and avoid unwanted vendor lock-in. The development of the PostgreSQL STIG Automation project is the latest demonstration of Crunchy’s commitment to bring the extraordinary cost effectiveness of trusted open source PostgreSQL technology to the U.S. Defense community and to all database users who need to manage their information reliably, securely and efficiently,” said Crunchy Data COO Paul Laurence.

About the PostgreSQL STIGs

Security Technical Implementation Guides (STIG) are the configuration standards for DoD Information Assurance (IA) and IA-enabled devices/systems. Since 1998, DISA has played a critical role enhancing the security posture of DoD's security systems by providing the STIGs. The STIGs contain technical guidance to "lock down" information systems/software that might otherwise be vulnerable to a malicious computer attack.

About Crunchy Data

Crunchy Data is a leading provider of trusted open source PostgreSQL and enterprise PostgreSQL technology, support and training. Crunchy Data offers Crunchy Certified PostgreSQL, the most advanced pure open source RDBMS on the market. Crunchy Data is a leading provider of Cloud Native PostgreSQL – providing open source, cloud agnostic PostgreSQL-as-a-Service solutions. PostgreSQL’s active development community, proven architecture and reputation for reliability, data integrity, and ease of use make it a prime candidate for enterprises looking for a robust relational database alternative to expensive proprietary database technologies. Learn more about Crunchy Data.

About MITRE Corporation

The MITRE Corporation is a not-for-profit organization that operates research and development centers sponsored by the federal government. Learn more about MITRE.

About InSpec

InSpec is an open-source testing framework for infrastructure with a human-readable language for specifying compliance, security and other policy requirements. It easily integrates automated tests that check for adherence to policy into any stage of your deployment pipeline. Learn more about InSpec.

Avatar for Crunchy Data

Written by

Crunchy Data

August 22, 2017 More by this author