NIAP: Archived U.S. Government Approved Protection Profile - U.S. Government Protection Profile Database Management Systems for Bas...

NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems
Questions?  We're here to help
  NIAP  »»  Protection Profiles  »»  Archived PPs  »»  Details  
Archived U.S. Government Approved Protection Profile - U.S. Government Protection Profile Database Management Systems for Basic Robustness Environments, Version 1.2

Short Name: pp_dbms_br_v1.2

Technology Type: DBMS

CC Version: 3.1

Date: 2007.07.25

Preceded By: pp_dbms_br_v1.1

Sunset Date: 2010.12.24 [Sunset Icon]

Conformance Claim: EAL2 Augmented

Protection Profile [PDF]

Validation Report [PDF]

Addendum [PDF]



The U.S. Government Protection Profile Database Management System for Basic Robustness Environments specifies security requirements for a commercial-off-the-shelf (COTS) database system that includes, but is not limited to, DBMS clients and DBMS servers and will be evaluated as a software only application layered on an underlying system (i.e., operating system, hardware, network services and/or custom software) and is usually embedded as a component of a larger system within an operational environment. This profile establishes the requirements necessary to achieve the security objectives of the Target of Evaluation (TOE) and its environment.
Conformant products provide access control based on user identity (e.g., Discretionary Access Control (DAC)) and generation of audit records for security relevant events. The IT environment must provide the following functionality: identification and authentication, security administration and audit record storage, and audit review. A conformant product, in conjunction with its IT environment that satisfies all the requirements in this protection profile, provides necessary security services, mechanisms, and assurances to process administrative, private, and sensitive/proprietary information. The intended environment for conformant products has a relatively low threat for the sensitivity of the data processed. Authorized users, including authorized administrators, of the TOE generally are trusted not to attempt to circumvent access controls implemented by the TOE to gain access to data for which they are not authorized.
This PP defines:

  • assumptions about the security aspects of the environment in which the TOE will be used;
  • security objectives of the TOE and its environment;
  • functional and assurance requirements to meet those security objectives; and
  • rationale demonstrating how the requirements meet the security objectives, and how the security objectives address the threats.

A TOE conformant to this PP satisfies the specified functional requirements, as well as the Basic Robustness assurance requirements that are expressed in Section 5.3 TOE Security Assurance Requirements. The assurance requirements were originally based upon Evaluated Assurance Level (EAL) 2 requirements augmented from part 3 of the Common Criteria with Flaw Remediation (ALC_FLR.2).


The evaluation of the U. S. Government Protection Profile Database Management Systems for Basic Robustness Environments, Version 1.0 provides specifications for environments in which TOEs with various levels of robustness are appropriate to meet Basic Robustness level of independently assured security requirements. The assurance requirements were chosen to be consistent with this goal.


July 25, 2007
Assurance maintenance has been performed on this protection profile to update it to the common criteria version 3.1. This update caused a change in version number (from 1.1 to 1.2) that indicates an update has occurred. The updates included revisions based on the assurance requirements of the CC 3.1, removal of FPT_SEP and FPT_RVM since it is now covered by ADV_ARC and replacement of Explicitly stated requirements with Extended requirements (only the nomenclature changed and not the requirements.)

 PD-0143: Meeting FTA_TAH_EXP.1 in the DBMS PP

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions

Please forward any Protection Profile specific comments to the applicable Technical Rapid Response Team (TRRT).

Please forward any general questions to our Q&A tool.

Site Map              Contact Us              Home