NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Oracle Access Manager Suite 11g Release 2

Certificate Date:  2017.08.31

Validation Report Number:  CCEVS-VR-VID10812-2017

Product Type:    Enterprise Security Management

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Enterprise Security Management-Access Control Version 2.1
  Protection Profile for Enterprise Security Management - Policy Management Version 2.1

CC Testing Lab:  Booz Allen Hamilton Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The TOE is the Oracle Access Manager Suite Version 11g Release 2 which contains the following components:

·         Oracle Access Manager (OAM) 11g Release 2

·         Oracle Entitlements Server (OES) 11g Release 2

OAM Suite is an Enterprise Security Management product that provides web-based access control to web applications that reside in its Operational Environment. It enforces administrator-configurable rules that control access to web pages, files, scripts, and forms, ensuring that resources are protected from unauthorized access. The TOE includes a policy management function that is used to configure the access control policies that are applied to these web applications. This allows for organizations to deploy centralized web applications within an enterprise environment while ensuring that the organization’s users are given appropriate and consistent access to these applications based on user attributes that are organizationally defined.


The logical boundary of the TOE includes only the relevant security functionality that is defined by the claimed Protection Profiles. The logical boundary of the TOE includes its enterprise security management, auditing, communication, cryptography, user data protection, I&A, management, self-protection, resource utilization, TOE access, and trusted path/channel functionality.

Evaluated Configuration

The TOE is the Oracle Access Manager Suite Version 11g Release 2 software consisting of Oracle Access Manager 11g Release 2 and Oracle Entitlements Server 11g Release 2. The evaluated configuration of the TOE is comprised of the following specifications as described in the table below:




Operating System

·         Oracle Enterprise Linux 6

Processor Type

·         Intel Core i7, x64


·         8 GB

Application Server

·         Oracle WebLogic Server 10g


·         Oracle JDK 1.6.0_121


·         Oracle or higher

Identity Store

·         Oracle Internet Directory 11g

·         Oracle Unified Directory 11g

Web Browser (for administrative UI access)

·         Internet Explorer 11 or higher

·         Firefox 31 or higher


The following lists components and applications in the environment that the TOE relies upon in order to function properly:

  • Application Server - Provides the back-end functionality to support the hosting and execution of the applications used by administrators to manage the TSF.
  • Identity Store - An LDAP repository that defines identity and attribute data for organizational users as well as administrators of the TOE.
  • Keystore - A Java-based repository that is used to store certificate data for use with public-key cryptography.
  • Operating System - The underlying platform on which each component of the TOE is installed. Includes the local filesystem component for storage of audit data for TOE activity.
  • RDBMS - A relational database that stores access control policy data that is defined by the TOE and audit data for TOE activity.
  • User Application(s) - Web applications that are deployed internally to an organization and used to perform various internal functions. Example include applications related to finances, personnel management, and help desk.

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. OAM Suite was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the Oracle Access Manager Suite Version 11g Release 2 Common Criteria Evaluation Security Target v1.0. The evaluation underwent CCEVS Validator review. The evaluation was completed in July 2017. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (CCEVS-VR-VID10812-2017, dated 24 July 2017) prepared by CCEVS.

Environmental Strengths

Enterprise Security Management


The TOE provides enterprise security management through its ability to define and enforce access control policies which are transmitted from a centralized server to distributed components responsible for their enforcement. The TSF provides the ability to define these policies through its management interfaces. Policies can be defined to control access to web resources (files and URLs) as well as content (scripts and forms) within a particular web resource.


When a policy is created or modified, the TSF applies this policy to the RDBMS and notifies the appropriate Webgate or Security Module that the policy has been updated. Security Modules will have updated policy information pushed to them by the server while Webgates will poll the OAM Server for relevant policy data when a user attempts to access a protected resource. All remote communications of this type are secured using TLS.


Security Audit


The TOE generates records of auditable events which are logged to the environmental RDBMS and also stored on the local filesystem of the component that generated the event. The TSF does not store audit data within the TOE. Any audit data that is transmitted remotely from the TOE to the Operational Environment is secured using TLS.




The TOE provides feedback to administrators when changes to policy rules are applied. Each individual Policy Decision Point (PDP), whether it is a Webgate or Security Module, is identified by a unique name. Policies are uniquely identified by name as well. Policy changes implemented by an Administrator are recorded in the RDBMS and are retrieved from the server and applied by the PDPs for which they are intended. In addition to providing a notification when the policy data is retrieved, an administrator is capable of querying a PDP to determine the specific policy that it has implemented.


Cryptographic Support


The TOE provides cryptographic capabilities in support of TLS and HTTPS secure communications. Cryptographic capabilities are provided by the FIPS 140-2 validated RSA BSAFE Crypto-C Micro Edition version 4.1.2 software cryptographic module, CMVP certificate #2300. This means that the individual cryptographic algorithms used by the TOE are also FIPS-validated and that the cryptographic module takes appropriate action to zeroize cryptographic keys when no longer needed.


User Data Protection


The TOE performs web-based access control against web servers and web applications that run on them. Access control policies can enforce whether or not a user is able to access a URL or file as well as what they can do on a given web page by controlling the executable scripts and forms that they can interact with. The environmental identity store is used to identify end users. Since the TOE connects to the same identity store in order to define policies, the subjects defined by the access control policies use the same identifying data as they present when attempting to access resources in the Operational Environment.

When a subject attempts to access a protected resource, the TSF examines the HTTP request and determines if any access control policy rules apply to them. Based on the result of the rule evaluation, the TSF will either allow the request, deny the request, or require authentication before allowing the request. The TOE defines a rule processing hierarchy for URL and file access that allows either a best match or a strictly enforced rule ordering, depending on administrative preference.


When a subject attempts to perform a function on a protected resource, the TSF examines the Java, J2EE, or Weblogic request and similarly applies a set of rules to determine whether or not the request is authorized. For this type of request, a strict rule processing order is applied.


Identification and Authentication


User identity data is defined in the environmental Identity Store. The TOE is able to assign administrative privileges to these users.


Security Management


Administrative privileges on the TOE are based on applications and domains. An administrator can be assigned specific domains and applications and have the authority to manage the access control policies for those applications and domains. The TSF also provides system administrator roles with global authority over all applications and all domains. OAM and OES each define their own administrative roles but since they rely on the same environmental identity store, administrative authorities can be synchronized across both interfaces.


Protection of the TSF


Both Webgates and Security Modules have the ability to continue enforcing policy to some extent if connectivity is lost between them and the server. Webgates do not store policy data locally but do cache policy decisions so that the last decision will continue to enforce that decision in the absence of new information. If connectivity with the server cannot be established for a request that there is no cached decision for, the Webgate will deny the request. Security Modules store copies of policy data locally so a persistent connection with the server is not required for them to continue enforcing access control.


Resource Utilization


If the connection between a PDP and the server is lost, that PDP will be able to continue enforcing the last policy received or act on cached enforcement decisions, depending on the PDP type. The PDPs will periodically poll the server for new policy information, so in the event of communications being restored, the latest policy data will be retrieved without administrator intervention.


TOE Access


The TOE is able to return an access control decision that requires a subject to provide authentication credentials prior to them being able to access a given web page or file. Policy rules can be written to deny the subject access to these objects based on day and/or time. If access is attempted outside the allowed days and/or times in these cases, the attempt is rejected even if proper credentials are provided by the subject.


Trusted Path/Channels


The TOE relies on the FIPS-validated cryptographic module that is provided with the product in order to establish secure communications channels. All administrative communications with the management interfaces are secured using HTTPS. All interactions between the management servers and the PDPs, as well as between the TOE and the identity store and database, are secured using TLS.

Vendor Information

Oracle Corporation
Joshua Brickman
Site Map              Contact Us              Home