Oracle, The World's Largest Enterprise Software Company
  |  WorldwideChange Country, Oracle Worldwide Web SitesSitefinder
Secure Search
PRODUCTS AND SERVICES INDUSTRIES SUPPORT PARTNERS COMMUNITIES ABOUT

External Security Validations

In 1994, Oracle was the first vendor to complete ITSEC and TCSEC security evaluations. Now, with over twenty independent security evaluations for its products, Oracle is the undisputed leader in independent security evaluations. Oracle is committed to continuing to evaluate Oracle Database, Oracle Internet Directory, and Oracle Application Server, and to expanding our certification effort to other Oracle products. Oracle has embraced the Common Criteria and FIPS 140-2 for cryptographic modules as the primary evaluation criteria for its products. The platforms on which evaluations will take place include evaluated versions of Linux or Sun Solaris.

INDEPENDENT SECURITY EVALUATIONS
  • International Common Criteria—The International Common Criteria for Information Technology Security Evaluation is a joint effort between nations to develop a single framework of mutually recognized evaluation criteria. The Common Criteria provides a collection of Evaluation Assurance Levels (EAL) ranging from EAL1 (lowest) through EAL7 (highest) to be awarded to products and systems upon successful completion of evaluation. The Common Criteria is an International Standards Organization (ISO) standard (number 15408).
  • United States FIPS 140-2—The Federal Information Processing Standard (FIPS) PUB 140-2: Security Requirements for Cryptographic Modules was established to validate encryption products purchased by the U.S. and Canadian governments. Products are validated against FIPS 140-2 at security levels, ranging from level 1 (lowest) through level 4 (highest). FIPS 140-2 only applies to the cryptographic modules of products.
  • European ITSEC—Recently superseded by the Common Criteria, the European Information Technology Security Evaluation Criteria (ITSEC) resulted from the harmonization of security evaluation criteria of four European nations. ITSEC defined seven assurance levels from E0 (lowest) through E6 (highest), representing degrees of confidence in the correctness of the product or system. ITSEC also contained several classes of pre-defined functionality, which map to the U.S. TCSEC Classes. The assurance levels were used in conjunction with the functionality classes to give a product or system a specific security evaluation rating.
  • United States TCSEC—The U.S. Trusted Computer System Evaluation Criteria (TCSEC), also called the Orange Book, was first used in the evaluation of operating systems in the U.S. The Trusted Database Interpretation (TDI), also called the Lavender Book, was developed to provide an interpretation of these evaluation criteria for database management systems and other layered products. Superseded by Common Criteria, TCSEC standard and related criteria such as the TDI have become obsolete. Products evaluated against the TCSEC/TDI were given a Class ranging from D (lowest), C1, C2, B1, B2, B3, to A1 (highest).
  • Russian Federation Criteria—Oracle is the first and only database vendor to successfully complete certification of its database server products against the Russian Federation certification criteria, which consists of a collection of five guiding documents containing certification rules, levels and standards published and overseen by the government institution, Russian Gostekhkomissia (State Technical Commission). Products are certified at security levels ranging from IV (lowest) to I (highest).
E-mail this page Printer View
Oracle Is The Information Company About Oracle | Oracle RSS Feeds | Subscribe | Careers | Contact Us | Site Maps | Legal Notices | Terms of Use | Privacy