Archived U.S. Government Approved Protection Profile - U.S. Government Protection Profile Database Management Systems, Version 1.3

Short Name: pp_dbms_v1.3

Technology Type: DBMS

CC Version: 3.1

Date: 24 December 2010

Preceded By: pp_dbms_br_v1.2

Succeeded By: none

Sunset Date: 01 February 2012 [Sunset Icon]

Conformance Claim: EAL2 Augmented

Protection Profile [PDF]


Assurance Continuity Maintenance Report [PDF]

Please note: This serves as an addendum to the VR for the Original Evaluated PP

 

PP OVERVIEW

The U.S. Government Protection Profile Database Management System for Basic Robustness Environments specifies security requirements for a commercial-off-the-shelf (COTS) database system that includes, but is not limited to, DBMS clients and DBMS servers and will be evaluated as a software only application layered on an underlying system (i.e., operating system, hardware, network services and/or custom software) and is usually embedded as a component of a larger system within an operational environment. This profile establishes the requirements necessary to achieve the security objectives of the Target of Evaluation (TOE) and its environment.
Conformant products provide access control based on user identity (e.g., Discretionary Access Control (DAC)) and generation of audit records for security relevant events. The IT environment must provide the following functionality: identification and authentication, security administration and audit record storage, and audit review. A conformant product, in conjunction with its IT environment that satisfies all the requirements in this protection profile, provides necessary security services, mechanisms, and assurances to process administrative, private, and sensitive/proprietary information. The intended environment for conformant products has a relatively low threat for the sensitivity of the data processed. Authorized users, including authorized administrators, of the TOE generally are trusted not to attempt to circumvent access controls implemented by the TOE to gain access to data for which they are not authorized.
This PP defines:

  • assumptions about the security aspects of the environment in which the TOE will be used;
  • security objectives of the TOE and its environment;
  • functional and assurance requirements to meet those security objectives; and
  • rationale demonstrating how the requirements meet the security objectives, and how the security objectives address the threats.

A TOE conformant to this PP satisfies the specified functional requirements. The assurance requirements were originally based upon Evaluated Assurance Level (EAL) 2 requirements augmented from part 3 of the Common Criteria with Flaw Remediation (ALC_FLR.2).

ASSURANCE MAINTENANCE

July 25, 2007
Assurance maintenance has been performed on this protection profile to update it to the common criteria version 3.1. This update caused a change in version number (from 1.1 to 1.2) that indicates an update has occurred. The updates included revisions based on the assurance requirements of the CC 3.1, removal of FPT_SEP and FPT_RVM since it is now covered by ADV_ARC and replacement of Explicitly stated requirements with Extended requirements (only the nomenclature changed and not the requirements.)

December 24, 2010

Assurance maintenance has been performed on this protection profile to update it remove references to Basic Robustness as well a requirement for an operating system that had to be PP compliant.  All previous Functional and Assurance remain the same.  This update caused a change in version number (from 1.2 to 1.3) that indicates an update has occurred.

PD-0143: Meeting FTA_TAH_EXP.1 in the DBMS PP

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

Please forward any questions or comments to pp-comments@niap-ccevs.org