Security Evaluations

Security evaluation is a process by which independent but accredited organizations provide assurance in the security of IT products and systems to commercial, government, and military institutions. Such evaluations, and the criteria upon which they are based, serve to establish an acceptable level of confidence for IT purchasers and vendors alike. Furthermore, security evaluation criteria and ratings can be used as concise expressions of IT security requirements. There are two important components of IT security evaluations; the criteria against which the evaluations are performed, and the schemes or methodologies which govern how and by whom such evaluations can be officially performed.

Oracle participates in two internationally-recognized security evaluation criteria Common Criteria and US/Canadian FIPS 140-2. Its database server products have consistently achieved high security certification ratings from all the criteria in which it participates.  The platforms on which evaluations will take place include evaluated versions of Linux and Oracle Solaris.

Oracle's de facto security evaluation criteria is the International Common Criteria, a.k.a ISO 15408.

For a matrix of Oracle security evaluations currently in progress as well as those completed please go to Oracle Security Evaluations Status.

Oracle Security Evaluations Blog focuses on mostly government certifications, validations and accreditation programs.

Please email seceval_us@oracle.com for all inquiries regarding Oracle security evaluations.

Main Benefits

  • Independent verification. Security evaluations of product security claims from accredited facilities.
  • Standard and independent measures of assurance. Each vendors security claims are evaluated against standard assurance measures.
  • Product enhancements. Security evaluations can lead to improvements in overall design and implementation of security in the certified solutions.
  • Identification of architectural vulnerabilities. Security evaluations can lead to the identification of architectural vulnerabilities.
  • Market leader. Security evaluations can provide competitive advantage.

For more information:
  • Obsoleted Criteria

o        Oracle and the Russian Federation Criteria

o        Oracle and the European ITSEC

o        Oracle and the US TCSEC