The Defense Information Systems Agency has published security guidance for using the Crunchy Data PostgreSQL versions 13 to 16 within the Department of Defense to ensure information systems and software are protected from cyberattacks.
The latest security technical implementation guide, or STIG, provides PostgreSQL configuration guidance to address security requirements for auditing, logging, data encryption at rest, data encryption over the wire, access controls, administration, authentication and SQL injection protection, Crunchy Data said Tuesday.
PostgreSQL is an open source object-relational database system that allows programmers to communicate with the database servers using objects in their code and define complex custom data types, according to Amazon Web Services.
While the document is created for PostgreSQL deployments within the DOD, the STIG also applies to other organizations outside the federal government.
DISA has been releasing STIGs since 1998 to provide configuration standards that contribute to enhancing the security posture of the DOD’s information assurance systems.