I don't believe the EAL certification is valid for the community version of PostgreSQL. >From the EAL certification report: "PostgreSQL Certified Version is a relational database management system, which is applicable to enterprise business. It is an enhanced version of the open source PostgreSQL and delivered from NTT Data Corp. PostgreSQL Certified Version runs on Red Hat Enterprise Linux AS v.4 for x86." As far as DoD STIG requirements go, I would recommend reviewing the generic database checklist: http://iase.disa.mil/stigs/content_pages/database_security.html It's not much, but it's a start. Ken On Sun, Jan 2, 2011 at 5:12 PM, Ron Mayer <rm_pg@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > Eric McDonald wrote: >> Greetings All: >> >> Does anyone here have any insight on to what EAL level Postgres is at >> for DOD/Military installations? I see that there's an SE-Linux >> fortified version on the Wiki, but no certifications are listed in the >> contents. >> >> Any direction to certifications, STIG, or otherwise would be greatly >> appreciated-- > > Well, there's an (ancient) 8.1.5 which NTT got certified at EAL1 > back in 07. > > You can go here: http://www.commoncriteriaportal.org/products/ > and expand "Databases" to see it. > > It seems like there are some proprietary forks on the list > as well, at much higher levels (EAL4+); but I guess these > forks have diverged quite a bit. > > I guess I'd be somewhat surprised to see the community > version on the list, since Wikipedia claims that getting > such certifications cost millions even back in the 90's. > http://en.wikipedia.org/wiki/Evaluation_Assurance_Level > > -- > Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-general > -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general