Oracle Software Security Assurance

External Security Evaluations

External Security Evaluations

Security evaluation is a process by which independent but accredited organizations provide assurance in the security of IT products and systems to commercial, government, and military institutions. Such evaluations, and the criteria upon which they are based, serve to establish an acceptable level of confidence for IT purchasers and vendors alike. Furthermore, security evaluation criteria and ratings can be used as concise expressions of IT security requirements. There are two important components of IT security evaluations; the criteria against which the evaluations are performed, and the schemes or methodologies which govern how and by whom such evaluations can be officially performed.

Oracle participates in two internationally recognized security evaluation criteria. Its database server products have consistently achieved high security certification ratings from all the criteria in which it participates. The platforms on which evaluations will take place include evaluated versions of Linux or Oracle Solaris.

Oracle's de facto security evaluation criteria is the International Common Criteria (aka ISO 15408).

For more information, see the Security Evaluations web site on Oracle technology Network. For a matrix of Oracle security evaluations currently in progress as well as those completed please go to Oracle Security Evaluations Status.

Please email seceval_us@oracle.com for all inquiries regarding Oracle security evaluations.

Security Benefits

  • Independent verification—Security evaluations of product security claims from accredited evaluation facilities
  • Standard and independent measures of assurance—Each vendors' security claims are evaluated against standard assurance measures
  • Product enhancements—Security evaluations can lead to improvements in overall design and implementation of security in the certified solutions
  • Identification of architectural vulnerabilities—Security evaluations can lead to the identification of architectural vulnerabilities
Need Help? Find it at My Oracle Support
Get Proactive! Take Advantage of Oracle Support Best Practices
    E-mail this page E-mail this page    Printer View Printer View