{"product_id":10146,"v_id":10146,"product_name":"IBM DB2 Enterprise Server Edition for Linux, Unix, and Windows","certification_status":"Not Certified","certification_date":"2007-01-26T00:01:00Z","tech_type":"DBMS","vendor_id":{"name":"IBM Corporation","website":"https://www.ibm.com"},"vendor_poc":"Shadia Allam","vendor_phone":"905.413.3389","vendor_email":"allam@ca.ibm.com","assigned_lab":{"cctl_name":"Leidos Common Criteria Testing Laboratory"},"product_description":"<p><strong>TOE Identification</strong> &ndash; IBM DB2 Enterprise Server Edition Version 9.1.1 for Linux, Unix, and Windows</p>\r\n<p>Henceforth, the above components are referred to as the TOE<em>.</em></p>\r\n<p>The TOE is a Relational Database Management System (RDBMS) developed by IBM Canada, Ltd., 3600 Steeles Avenue East, Markham, Ontario L3R 9Z7, Canada and sold by IBM Corporation, Route 100, Somers, NY, USA 10589.</p>\r\n<p>In the evaluation configuration, the TOE can be installed upon </p>\r\n<ul>\r\n    <li>AIX 5.3 </li>\r\n    <li>SuSE Linux Enterprise Server V9 </li>\r\n    <li>RedHat Linux (RHEL 4) </li>\r\n    <li>Windows Server 2003 with SP 1 </li>\r\n    <li>Solaris 9 </li>\r\n</ul>\r\n<p>DB2 relies upon the IT Environment to authenticate users before access to DB2 is allowed and to provide a reliable time source.</p>\r\n<p>DB2 is a relational database management system (RDBMS) provided by IBM. As a RDBMS, DB2 supports the Standard Query Language (SQL) interface from a client that is connected to the database server. From the client, commands can be entered interactively or through an executing program to the database server to create databases, database tables, and to store and retrieve information from tables.</p>\r\n<p>DB2 enforces the following security functions: Access Control, Identification and Authentication, Audit, Security Management, and TOE Protection. DB2 supports User Data protection by controlling access to the database and objects within the database (e.g. views) based upon user and object security attributes. Additionally, DB2 supports User Data protection by restricting the flow of information based upon security labels assigned to users and objects. DB2 requires all users to be identified and authenticated before allowing them access to DB2 resources. The IT Environment performs the actual authentication and association of users with groups and passes the result to DB2. DB2 audits security relevant events such as access to database resources, changing of security attributes, and modification of security attributes. Management of the DB2 TOE, including the ability to select and review audit records, is restricted to authorized administrators based on authorities. Management of DB2 objects is restricted to those users that are assigned the appropriate privileges to do so. DB2 is designed so that each of its interfaces performs the necessary access checks before allowing access to DB2 resources.</p>\r\n<p>Note that the TOE can optionally be configured with or without the Database Partitioning Feature (DPF) DB2 license option.</p>","evaluation_configuration":null,"security_evaluation_summary":"<p>The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated thatIBM DB2 meets the security requirements contained in the &ldquo;IBM DB2 Enterprise Server Edition Version 9.1.1 for Linux, Unix, and Windows Security Target&rdquo;. The criteria against which IBM DB2 was judged are described in the Common Criteria for Information Technology Security Evaluation Version 2.3 and the International Interpretations effective as of January, 2006. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation Version 2.3 and Part 2: Evaluation Methodology, Supplement: ALC_FLR - Flaw Remediation, Version 1.1, February 2002, CEM-2001/0015R. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the IBM DB2 TOE is EAL 4 augmented with ALC_FLR.1. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. A validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in December 2006. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report<em> for </em>IBM DB2prepared by CCEVS.</p>","environmental_strengths":"<p>IBM DB2 is a commercial network product that provides identification and authentication, user data protection, audit, security management, and TOE protection. IBM DB2 provides a level of protection that is appropriate for IT environments that require that access is controlled to the database and its contents where the IBM TOE is appropriately protected from physical attacks.</p>\r\n<!-- InstanceEndEditable -->","features":[]}