This white paper presents a framework and a series of recommendations to secure and protect a PostgreSQL database. We discuss a layered security model that addresses physical security, network security, host access control, database access management, and data security. While all of these aspects are equally important, the paper focuses on PostgreSQL specific aspects of securing the database and the data. For our discussion of the specific security aspects relating to the database and the data managed in the database, we use an AAA (Authentication, Authorization, and Auditing) approach common to computer and network security.