Oracle Database

 Copies of the Evaluated Configuration Guides may also be obtained by emailing seceval_us@oracle.com.


Oracle Database 11g Release 2 (11.2.0.2) Enterprise Edition Oracle Database 11g Release 2 (11.2.0.2) Standard Edition / Standard Edition 1
Oracle Database 11g Release 1 (11.1.0.7) Standard Edition / Standard Edition 1 Oracle DatabaseVault 11g Release 1 (11.1.0.7)
Oracle Database 11g Release 1 (11.1.0.7) Enterprise Edition Oracle Label Security 11g Release 1 (11.1.0.7 )
Oracle Database 10g Release 2 (10.2.0.3) Enterprise Edition, Standard Edition, Standard Edition1 Oracle Label Security 10g Release 2 (10.2.0.3 )
Oracle Database 10g Enterprise Edition (10.1.0) Oracle Label Security 10g (10.1.0 )
Oracle9i Enterprise Edition (9.2.0) Oracle9i Label Security (9.2.0)
Oracle8i Database Server Enterprise Edition (8.1.7) Oracle8i Label Security (8.1.7)
Oracle8 Database Server (8.0.5) - No longer supported Oracle7 Database Server (7.2.2.4.13) - No longer supported
Oracle Database 11g Release 2 (11.2.0.2) Standard Edition / Standard Edition 1 Oracle Database 11g Release 2 (11.2.0.2) Enterprise Edition

Oracle Database 11g is an object-relational database management system (O-RDBMS), providing advanced security functionality for multi-user distributed database environments. Oracle Database 11g Release 2 (11.2.0.2) is evaluated against the U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments, Version 1.2.

The following overview applies to the Oracle Database 11g Release 2 Standard Edition:

  • Standard Edition and Standard Edition One support up to 4 CPUs (including CPUs in a cluster used with Real Application Clusters).
  • Standard Edition supports up to 1000 users, Standard Edition One supports up to to 400 users.
  • Standard Edition and Standard Edition One support databases up to a size of 500 GB.
  • Standard Edition One does not support Real Application Clusters

Standard Edition is targetted at medium sized organizations and Standard Edition One is targetted at small to medium sized organizations.

Oracle Database 11g is a relational database management system designed for Grid Computing, providing advanced security and functionality for multi-user, distributed database environments. Oracle Database 11g Release 2 (11.2.0.2) is evaluated against the U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments, Version 1.2.

Oracle Database 11g Release 2 (11.2.0.2) Enterprise Edition supports:

  • Real Application Clusters
  • Fine-grained Access Conrol and Partitioned Fine-grained Access Conrol
  • Enterprise Users and the authentication with the support of a external LDAP directory
  • Partitioning
  • Fine-grained Auditing

 

Oracle Database 11g Release 1 (11.1.0.7) Standard Edition / Standard Edition 1 Oracle DatabaseVault 11g Release 1 (11.1.0.7)

Oracle Database 11g is an object-relational database management system (O-RDBMS), providing advanced security functionality for multi-user distributed database environments. Oracle Database 11g Release 1 (11.1.0.7) is evaluated against the U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments, Version 1.2.

The following overview applies to the Oracle Database 11g Release 1 Standard Edition:

  • Standard Edition and Standard Edition One support up to 4 CPUs (including CPUs in a cluster used with Real Application Clusters).
  • Standard Edition supports up to 1000 users, Standard Edition One supports up to to 400 users.
  • Standard Edition and Standard Edition One support databases up to a size of 500 GB.
  • Standard Edition One does not support Real Application Clusters

Standard Edition is targetted at medium sized organizations and Standard Edition One is targetted at small to medium sized organizations.

Oracle Database Vault is a security option for the Oracle Database 11g Enterprise Edition, Release 1 (11.1.0.7). I t is evaluated against the U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments, Version 1.2 .

Oracle Database Vault extends the security functionality of the Oracle Database and provides additional fine grained access control functionality for separation of duties and access protection even from highly privileged users. In addition it extends the auditing functionality with specific auditing and audit evaluation functions related to the additional access control functionality. There are further additions to the management functionality with new roles defined by Database Vault and the management functionality for managing the additional access control and audit functions.

Oracle Database 11g Release 1 (11.1.0.7) Enterprise Edition Oracle Label Security 11g Release 1 (11.1.0.7 )

Oracle Database 11g is a relational database management system designed for Grid Computing, providing advanced security and functionality for multi-user, distributed database environments. Oracle Database 11g Release 1 (11.1.0.7) is evaluated against the U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments, Version 1.2.

Oracle Database 11g Release 1 (11.1.0.7) Enterprise Edition supports:

  • Real Application Clusters
  • Fine-grained Access Conrol and Partitioned Fine-grained Access Conrol
  • Enterprise Users and the authentication with the support of a external LDAP directory
  • Partitioning
  • Fine-grained Auditing

Oracle11g Label Security (OLS) is a security option for the Oracle Database 11g Enterprise Edition, Release 1 (11.1.0.7). It is evaluated against the U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments, Version 1.2 . OLS mediates users access to data via their assigned authorities and labels, allowing data separation by sensitivity within single databases.

OLS augments traditional government-centred Multilevel Security and B1 products. It extends classifications and compartments with groups and, exploiting facilities within Oracle11g's Virtual Private Database feature, provides for multiple policies on the same database.

Interfaces are provided for creating and managing policies, enforcement options, data labels and user label authorisations, and for protecting individual tables or schemas. OLS also supports releasabilities (or nationality caveats).

Oracle Database 10g Release 2 (10.2.0.3) Enterprise Edition, Standard Edition, Standard Edition1 Oracle Label Security 10g Release 2 (10.2.0.3 )

Oracle Database 10g is the first relational database management system designed for Grid Computing, providing advanced security and functionality for multi-user, distributed database environments. Oracle10g, Release 2 (10.2.0.3) is evaluated against the U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments, Version 1.1.

Oracle Database 10g Release 2 (10.2.0) has been evaluated in three editions: Enterprise Edition, Standard Edition, and Standard Edition One. The following differences between the editions with respect to security functionality that has been evaluated should be noted:

  • Enterprise Edition and Standard Edition support Real Application Clusters
  • Only Enterprise Edition supports
    • Fine-grained Access Conrol and Partitioned Fine-grained Access Conrol
    • Enterprise Users and the authentication with the support of a external LDAP directory
    • Partitioning
    • Fine-grained Auditing

Oracle10g Label Security (OLS) is a security option for the Oracle Database 10g Enterprise Edition, Release 10.2.0.3. It is evaluated against the U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments, Version 1.1 . OLS mediates users access to data via their assigned authorities and labels, allowing data separation by sensitivity within single databases.

OLS augments traditional government-centred Multilevel Security and B1 products. It extends classifications and compartments with groups and, exploiting facilities within Oracle10g's Virtual Private Database feature, provides for multiple policies on the same database.

Interfaces are provided for creating and managing policies, enforcement options, data labels and user label authorisations, and for protecting individual tables or schemas. OLS also supports releasabilities (or nationality caveats).

Oracle Database 10g Enterprise Edition (10.1.0)

Oracle Label Security 10g (10.1.0 )

Oracle Database 10g Enterprise Edition is the first relational database management system designed for Grid Computing, providing advanced security and functionality for multi-user, distributed database environments. Oracle10g, Release 10.1.0 is evaluated against the Database Management System protection profile. In addition to the security functions listed for Oracle9i, Release 2, Oracle10g supports Enterprise User Security including Enterprise Privilege Administration and Password Authenticated Enterprise Users. It has extensible fine-grained auditing and enhanced administrator auditing. Oracle 10g supports secure connections from Oracle 10g databases to older database versions.

Oracle10g Label Security (OLS) is a security option for the Oracle Database 10g Enterprise Edition, Release 10.1.0. It mediates users access to data via their assigned authorities and labels, allowing data separation by sensitivity within single databases.

OLS augments traditional government-centred Multilevel Security and B1 products. It extends classifications and compartments with groups and, exploiting facilities within Oracle10g's Virtual Private Database feature, provides for multiple policies on the same database.

Interfaces are provided for creating and managing policies, enforcement options, data labels and user label authorisations, and for protecting individual tables or schemas. OLS also supports releasabilities (or nationality caveats).

Oracle9i Enterprise Edition (9.2.0)

Oracle9i Label Security (9.2.0)

Oracle9i is an Object/Relational Database Management System, providing advanced security and functionality for multi-user, distributed database environments. Oracle9i, Release 9.2.0.1.0 has been evaluated against the Database Management System protection profile. In addition to the security functions listed for Oracle8i, Release 8.1.7., Oracle9i supports secure application roles (roles that can only be enabled by authorised PL/SQL packages) and adds new privileges. Oracle9i also extends the auditing facilities offered by supporting fine-grained auditing and by increasing the auditing performed on the SYS.user and users connected as SYSDBA and SYSOPER. The product was initially certified on Sun Solaris 8, Microsoft Windows NT 4.0 and then additionally on SuSE Linux.

Oracle9i Label Security (OLS) is a security option for the Oracle9i Release 2 Object/Relational Database Management System (Enterprise Edition). It mediates users access to data via their assigned authorities and labels, allowing data separation by sensitivity within single databases. OLS augments traditional government-centred Multilevel Security and B1 products. It extends classifications and compartments with groups and, exploiting facilities within Oracle9i's VPD, provides for multiple policies on the same database. Interfaces are provided for creating and managing policies, enforcement options, data labels and user label authorisations, and for protecting individual tables or schemas. OLS also supports releasabilities (or nationality caveats). The product was initially certified on Sun Solaris 8, Microsoft Windows NT 4.0 and then additionally on SuSE Linux.


Oracle9i Enterprise Edition on SuSE Linux (9.2.0)


Oracle9i Label Security on SuSE Linux (9.2.0)

Oracle8i Database Server Enterprise Edition (8.1.7)

Oracle8i Label Security (8.1.7)

Oracle8i is an Object/Relational Database Management System, providing advanced security and functionality for multi-user, distributed database environments. Oracle8i, Release 8.1.7.0.0, has been evaluated against the Database Management System protection profile. In addition to the security functions listed for Oracle8, Release 8.0.5.0.0, Oracle8i also supports security policies for fine grained access control, application specific security context, invoker's and definer's rights to permit separation of programmed logic from privileges and data and integration with LDAP-based directory services.

Oracle8i Label Security (OLS) is a security option for the evaluated Oracle8i Object/Relational Database Management System (Enterprise Edition). It mediates users access to data via their assigned authorities and labels, allowing data separation by sensitivity within a single database.

OLS adds to traditional government-centred Multi Level Security and B1 products. It extends classifications and compartments with groups and, exploiting the facilities provided by Oracle8i's VPD, provides for multiple policies on the same database.

Interfaces are provided for creating and managing policies, enforcement options, data labels and user label authorizations, and for protecting individual tables or schemas.

Oracle8 Database Server (8.0.5) - No longer supported

Oracle7 Database Server (7.2.2.4.13) - No longer supported

Oracle8 is an Object/Relational Database Management System, providing advanced security and functionality for multi-user, distributed database environments. Oracle8, Release 8.0.5.0.0, when used in conjunction with an operating system incorporating the Controlled Access Protection (or the equivalent ITSEC F-C2 functionality) provides database security for systems that require C2 functionality. Oracle8, Release 8.0.5.0.0, was evaluated against the Database Management System protection profile. In addition to the security functions listed for Oracle7, Release 7.3.4.0.0, Oracle8 also supports mutual authentication of databases, single sign-on, password management, data dictionary protection, global roles and X.509 certificate based authentication.

Oracle7 is a Relational Database Management System, providing advanced security and functionality for multi-user, distributed database environments. Oracle7, Release 7.2.2.4.13, when used in conjunction with an operating system of ITSEC F-C2 or greater, provides database security for systems that require F-C2 functionality. Oracle7, Release 7.2.2.4.13, was evaluated against the Commercial Database protection profile. The main security functions are identical to those given in the Oracle7, Release 7.2.2.4.13, ITSEC E3 evaluation entry.