Crunchy Data and Center for Internet Security help businesses secure Postgres deployments
Crunchy Data worked with the Defense Information Systems Agency (DISA) to make PostgreSQL the first open source database to provide a published STIG in 2017 and this update reflects their ongoing partnership to provide enhanced security guidance as PostgreSQL continues to advance and evolve.
The PostgreSQL CIS Benchmark series provides security-focused enterprises with a thorough manual on configuring and utilizing open source PostgreSQL. As organizations consider open source PostgreSQL as a substitute for proprietary database systems, they can consult the CIS Benchmark for guidance.
PostgreSQL version 16 was recently released by the PostgreSQL Global Development group and includes notable improvements:
- Performance: Each version of PostgreSQL is packed with performance improvements and this one is no different. There’s new things built into the query planning, CPU accelerations, faster COPY statement, and improvements in ASCII and JSON strings to name a few.
- JSON: JSON support in Postgres gets better every year. Version 16 adds more syntax from the SQL / JSON standard, including JSON_ARRAY(), JSON_ARRAYARG(), and IS JSON.
- Logical replication: Logical replication got a few major improvements. You can now create a logical replica from a standby. This allows new changes to reduce workload on the primary server and expands options for high availability and active-active systems.
- Monitoring i/o: Postgres 16 introduces a new stat view called pg_stat_io to show i/o metrics and i/o access patterns.
The latest CIS Benchmark for Postgres 16 is available for download on the CIS website. Crafting a CIS Benchmark involves extensive collaboration, with substantial peer reviews and discussions taking place before the release of a major version. This process ensures a consensus on the optimal practices for establishing a secure system.
The CIS PostgreSQL 16 Benchmark recommendations were developed by testing PostgreSQL 16 running on RHEL 9, though these recommendations will also apply to other versions of PostgreSQL. Similar to the PostgreSQL STIG, the CIS PostgreSQL Benchmark provides recommendations in the following areas:
Installation and patches
- Directory and file permissions
- Logging monitoring and auditing
- User access and authorization
- Connection and login
- PostgreSQL settings
- Special configuration considerations
“The Crunchy Data team is proud to continue our collaboration with CIS and provide another PostgreSQL Benchmark in the series. This project provides security guidance and certifications to help drive adoption of PostgreSQL, the world’s most advanced open source relational database,” said Crunchy Data President, Paul Laurence.