Security evaluation is a process by which independent but accredited organizations provide assurance in the security of IT products and systems to commercial, government, and military institutions. Such evaluations, and the criteria upon which they are based, serve to establish an acceptable level of confidence for IT purchasers and vendors alike. Furthermore, security evaluation criteria and ratings can be used as concise expressions of IT security requirements. There are two important components of IT security evaluations; the criteria against which the evaluations are performed, and the schemes or methodologies which govern how and by whom such evaluations can be officially performed.
Oracle participates in two internationally-recognized security evaluation criteria Common Criteria and US/Canadian FIPS 140-2. Its database server products have consistently achieved high security certification ratings from all the criteria in which it participates. The platforms on which evaluations will take place include evaluated versions of Linux and Oracle Solaris.
Oracle's de facto security evaluation criteria is the International Common Criteria, a.k.a ISO 15408.
For a matrix of Oracle security evaluations currently in progress as well as those completed please go to Oracle Security Evaluations Status.
Please email firstname.lastname@example.org for all inquiries regarding Oracle security evaluations.
For more information: