NIAP Oversees Evaluations of Commercial IT Products for Use in National Security Systems

Short Name: pp_dbms_br_v1.0

Technology Type: DBMS

CC Version: 2.3

Date: 2006.06.07

Succeeded By: pp_dbms_br_v1.1

Sunset Date: 2008.03.21

Conformance Claim: Basic Robustness

Protection Profile 

Validation Report 

CC Certificate 

PP OVERVIEW

The U.S. Government Protection Profile Database Management System for Basic Robustness Environments specifies security requirements for a commercial-off-the-shelf (COTS) database system that includes, but is not limited to, DBMS clients and DBMS servers and will be evaluated as a software only application layered on an underlying system (i.e., operating system, hardware, network services and/or custom software) and is usually embedded as a component of a larger system within an operational environment. This profile establishes the requirements necessary to achieve the security objectives of the Target of Evaluation (TOE) and its environment.
Conformant products provide access control based on user identity (e.g., Discretionary Access Control (DAC)) and generation of audit records for security relevant events. The IT environment must provide the following functionality: identification and authentication, security administration and audit record storage, and audit review. A conformant product, in conjunction with its IT environment that satisfies all the requirements in this protection profile, provides necessary security services, mechanisms, and assurances to process administrative, private, and sensitive/proprietary information. The intended environment for conformant products has a relatively low threat for the sensitivity of the data processed. Authorized users, including authorized administrators, of the TOE generally are trusted not to attempt to circumvent access controls implemented by the TOE to gain access to data for which they are not authorized.
This PP defines:

• assumptions about the security aspects of the environment in which the TOE will be used;
• security objectives of the TOE and its environment;
• functional and assurance requirements to meet those security objectives; and
• rationale demonstrating how the requirements meet the security objectives, and how the security objectives address the threats.

A TOE conformant to this PP satisfies the specified functional requirements, as well as the Basic Robustness assurance requirements that are expressed in Section 5.3 TOE Security Assurance Requirements. The assurance requirements were originally based upon Evaluated Assurance Level (EAL) 2 requirements augmented from part 3 of the Common Criteria with Flaw Remediation (ALC_FLR.2).

SECURITY EVALUATION SUMMARY

The evaluation of the original PP was performed under the Common Criteria Evaluation and Validation Scheme (CCEVS). The purpose of the evaluation was to demonstrate that the U.S. Government Protection Profile Database Management Systems for Basic Robustness Environments meets the APE security assurance requirements according to the Common Criteria for Information Technology Security Evaluation, Version 2.1 and Part 2 of the Common Methodology for Information Technology Security Evaluation, Version 1.0. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by COACT, Inc. CAFE Lab. The evaluation was completed on September 30, 2004. The results of the U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments evaluation can be found in U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments Validation Report prepared by the CCEVS Validation Team.

The evaluation was completed in September 2004. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP) CCEVS-VR-04-0080.

ENVIRONMENTAL STRENGTHS

The evaluation of the U. S. Government Protection Profile Database Management Systems for Basic Robustness Environments, Version 1.0 provides specifications for environments in which TOEs with various levels of robustness are appropriate to meet Basic Robustness level of independently assured security requirements. The assurance requirements were chosen to be consistent with this goal.

This U.S. Government Approved Protection Profile is not assigned to any Validated Products

This U.S. Government Approved Protection Profile does not have any related Technical Decisions