Archived U.S. Government Approved Protection Profile - U.S. Government Protection Profile Database Management Systems for Basic Robustness Environments, Version 1.1
Short Name: pp_dbms_br_v1.1
Technology Type: DBMS
CC Version: 2.x
Date: 07 June 2006
Preceded By: pp_dbms_br_v1.0
Succeeded By: pp_dbms_br_v1.2
Sunset Date: 21 March 2008
Conformance Claim: Basic Robustness
Please note: This serves as an addendum to the VR for the Original Evaluated PP
The U.S. Government Protection Profile Database Management System for Basic Robustness Environments specifies security requirements for a commercial-off-the-shelf (COTS) database system that includes, but is not limited to, DBMS clients and DBMS servers and will be evaluated as a software only application layered on an underlying system (i.e., operating system, hardware, network services and/or custom software) and is usually embedded as a component of a larger system within an operational environment. This profile establishes the requirements necessary to achieve the security objectives of the Target of Evaluation (TOE) and its environment.
Conformant products provide access control based on user identity (e.g., Discretionary Access Control (DAC)) and generation of audit records for security relevant events. The IT environment must provide the following functionality: identification and authentication, security administration and audit record storage, and audit review. A conformant product, in conjunction with its IT environment that satisfies all the requirements in this protection profile, provides necessary security services, mechanisms, and assurances to process administrative, private, and sensitive/proprietary information. The intended environment for conformant products has a relatively low threat for the sensitivity of the data processed. Authorized users, including authorized administrators, of the TOE generally are trusted not to attempt to circumvent access controls implemented by the TOE to gain access to data for which they are not authorized.
This PP defines:
- assumptions about the security aspects of the environment in which the TOE will be used;
- security objectives of the TOE and its environment;
- functional and assurance requirements to meet those security objectives; and
- rationale demonstrating how the requirements meet the security objectives, and how the security objectives address the threats.
A TOE conformant to this PP satisfies the specified functional requirements, as well as the Basic Robustness assurance requirements that are expressed in Section 5.3 TOE Security Assurance Requirements. The assurance requirements were originally based upon Evaluated Assurance Level (EAL) 2 requirements augmented from part 3 of the Common Criteria with Flaw Remediation (ALC_FLR.2), and Misuse-Examination Guidance (AVA_MSU.1).
SECURITY EVALUATION SUMMARY
The evaluation of the original PP was performed under the Common Criteria Evaluation and Validation Scheme (CCEVS). The purpose of the evaluation was to demonstrate that the U.S. Government Protection Profile Database Management Systems for Basic Robustness Environments meets the APE security assurance requirements according to the Common Criteria for Information Technology Security Evaluation, Version 2.1 and Part 2 of the Common Methodology for Information Technology Security Evaluation, Version 1.0. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by COACT, Inc. CAFE Lab. The evaluation was completed on September 30, 2004. The results of the U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments evaluation can be found in U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments Validation Report prepared by the CCEVS Validation Team.
The evaluation was completed in September 2004. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP) CCEVS-VR-04-0080.
The evaluation of the U. S. Government Protection Profile Database Management Systems for Basic Robustness Environments, Version 1.0 provides specÂification for environments in which TOEs with various levels of robustness are appropriate to meet Basic Robustness level of independently assured security requirements. The assurance requirements were chosen to be consistent with this goal.
See the Assurance Maintenance Report.
Assigned to the following Validated Product
Please forward any questions or comments to firstname.lastname@example.org