Crunchy Data has unveiled an open source project with the goal to help agencies automate compliance with the Defense Department‘s security standards dubbed Security Technical Implementation Guide.
The company said Tuesday it developed the PostgreSQL STIG Automation project to support the National Geospatial-Intelligence Agency‘s efforts to accelerate the authority-to-operate certification process for cloud platforms.
The Defense Information Systems Agency released a STIG for Crunchy Data’s PostgreSQL open source database in March to provide guidance on how to deploy the database in government networks in compliance with DoD security requirements.
“Crunchy Data’s mission is to enable enterprises to adopt open source PostgreSQL as a means to reduce [information technology] infrastructure costs and avoid unwanted vendor lock-in,” said Paul Laurence, chief operating officer of Crunchy Data.
The open source project worked to complete compliance testing, review and approval within 72 hours, Crunchy Data noted.
Upon NGA’s request, Crunchy Data partnered with Mitre to design and develop an automated security compliance profile to test the new PostgreSQL STIG.
Both companies fielded tools and processes and carried out automated deployment and validation tests in an effort to meet NGA’s security compliance automation needs.