Oracle Technology Network

PRODUCTS

Database
Middleware
Developer Tools
Enterprise Management
Applications Technology
Products A-Z

TECHNOLOGIES

BI & Data Warehousing
Embedded
Java
Linux
.NET
PHP
Security
Technologies A-Z

ARCHITECTURE

Enterprise Architecture
Enterprise 2.0
Grid
Service-Oriented Architecture
Virtualization

COMMUNITY

Join OTN
Oracle ACEs
Oracle Mix
Oracle Wiki
Blogs
Podcasts
Events
Newsletters
Oracle Magazine
Oracle Books
Certification
User Groups
Partner White Papers

Printer View

E-mail this page

Bookmark

Oracle and the Common Criteria

Oracle is an active advocate of the Common Criteria. The first vendor to develop and evaluate database protection profiles, Oracle was the first database vendor to be awarded a Common Criteria certificate for its Oracle7, Release 7.2 database server product.

Evaluation Status
Within the Common Criteria there are two evaluation states:

In Evaluation - a matrix of Oracle security evaluations currently in progress.

Evaluated - information on completed Oracle security evaluations, including products specific Security Targets and Evaluation Configuration Guides.

Overview of the Common Criteria
The International Common Criteria for Information Technology Security Evaluation is a joint effort between North America and the European Union to develop a single set of internationally recognized security criteria. Recently finalized as an ISO standard (number 15408), the Common Criteria supersedes the existing US TCSEC and the European ITSEC. It has been since embraced by most countries around the world as the de facto security evaluation criteria. All documents on the Common Criteria can be downloaded from the CC's official web site.

The Common Criteria awards successfully evaluated products evaluation assurance level (EAL) ratings from EAL0 (lowest) to EAL7 (highest).

To date all of Oracle's evaluations have been performed under Common Criteria version 2. The latest Common Criteria version is 3.1 and was released in September 2006.

Database Management System Protection Profiles
Oracle is the only database vendor who has produced and evaluated database management system protection profiles for CC evaluations. Three profiles have been produced and evaluated for Oracle's database server evaluations. The Database Management System Protection Profile is the most recent Oracle produced Protection Profile and has been evaluated to EAL3.

In June 2006 the U. S. Government Protection Profile Database Management Systems For Basic Robustness Environments version 1.1 was Common Criteria certified.

Protection Profiles Produced and Evaluated for Oracle's Database Server Evaluations

E-mail this page

Printer View

	About Oracle \| \| Careers \| Contact Us \| Site Maps \| Legal Notices \| Terms of Use \| Privacy