Security Evaluations

PRODUCTS

Database
Middleware
Developer Tools
Enterprise Management
Applications Technology
Products A-Z

TECHNOLOGIES

BI & Data Warehousing
Embedded
Java
Linux
.NET
PHP
Security
Windows Server System
Technologies A-Z

ARCHITECTURE

Enterprise 2.0
Extreme Transaction Processing
Grid
Service-Oriented Architecture
Virtualization

COMMUNITY

Join OTN
Oracle ACEs
Oracle Wiki
Blogs
Podcasts
Events
Newsletters
Oracle Magazine
Oracle Books
Certification
User Groups
Partner White Papers

Printer View

E-mail this page

Bookmark

Security Evaluations

Security evaluation is a process by which independent but accredited organizations provide assurance in the security of IT products and systems to commercial, government, and military institutions. Such evaluations, and the criteria upon which they are based, serve to establish an acceptable level of confidence for IT purchasers and vendors alike. Furthermore, security evaluation criteria and ratings can be used as concise expressions of IT security requirements. There are two important components of IT security evaluations; the criteria against which the evaluations are performed, and the schemes or methodologies which govern how and by whom such evaluations can be officially performed.

Oracle participates in a plethora of internationally-recognized security evaluation criteria. Its database server products have consistently achieved high security certification ratings from all the criteria in which it participates.

Oracle's de facto security evaluation criteria is the International Common Criteria, a.k.a ISO 15408.

For a matrix of Oracle security evaluations currently in progress as well as those completed please go to Oracle Security Evaluations Status.

Please email seceval_us@oracle.com for all inquiries regarding Oracle security evaluations.

Technical Information

Current Criteria Oracle Participates In

o Oracle and the Common Criteria

This link provides details of Oracle's participation in the Common Criteria. The Common Criteria is a joint effort between nations to develop a single framework of mutually recognized evaluation criteria.

o Oracle and the US/Canadian FIPS 140-2

The Federal Information Processing Standard (FIPS) PUB 140-2 Security Requirements for Cryptographic Modules was established to validate encryption products purchased by the U.S. and Canadian governments. This link provides an overview of Oracle's participation in the US/Canadian FIPS 140-2 Validation Standard.

Obsoleted Criteria

o        Oracle and the Russian Federation Criteria

An overview of Oracle's participation in the Russian Federation Security Evaluation Criteria.

o        Oracle and the European ITSEC

An overview of Oracle's participation in the European ITSEC. Superseded by the Common Criteria.

o        Oracle and the US TCSEC

An overview of Oracle's participation in the US TCSEC (also called Orange Book). Superseded by the Common Criteria.

Additional Information

o      Security Evaluations:Statement of Direction.

An overview of Oracle’s past, current and future security evaluation efforts.

o      Computer Security Criteria: Security Evaluations and Assessment

A technical white paper on security evaluations, their evolution and Oracle's on-going participation in their criteria. This paper also includes a description of the Oracle Security Assessment initiatives.

o      Oracle Software Security Assurance site

More information about Oracle's security practices.

E-mail this page

Printer View

	About Oracle \| \| Careers \| Contact Us \| Site Maps \| Legal Notices \| Terms of Use \| Privacy