The TOE is a database server application that is for managing records containing text. The TOE is not a relational database system.
\r\n
\r\nThe TOE manages text documents in a variety of formats and encodings including HTML, SGML, XML, RTF, MARC, spreadsheets, word processor documents, plain text, Unicode, and images. It also supports storing images and other non-text formats. For textual data, the TOE provides full text indexing and searching capabilities such as word, field and phrase based querying, fuzzy matching, word stemming, Boolean operators, word distance (proximity) operators, ranking, results sorting, and term highlighting.
\r\n
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. SAIC TeraText DBS 4.3.13 software was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL2. A Validator, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in June 2008.
","environmental_strengths":"The TOE provides the following evaluated security services:
\r\n• Security audit
\r\nThe TOE generates audit records which contain date and time of the event, type of event, subject identity, and the outcome (success or failure) of the event. Note that auditable events are associated with the identity of the user based on user identifier.
\r\nThe auditable events include:
\r\n• Start-up and shutdown of the audit function (more specifically, of the TOE);
\r\n• Successful requests to perform an operation on an object covered by the SFP;
\r\n• Unsuccessful use of the authentication mechanism;
\r\n• Unsuccessful use of the user identification mechanism, including the user identity provided;
\r\nThe TOE writes audit records to text files stored in the IT environment that comprise the audit trail. The operating system in the IT environment is relied on to protect audit trail files and for the time. The TOE does not provide any interfaces to read from the audit trail.
\r\n• User data protection
\r\nThe TOE can restrict access to Z39.50 databases, records, and schema elements to users and groups based on permissions.
• Identification and authentication
\r\nThe TOE ensures users are identified and authenticated prior to allowing them the ability to access the TOE’s security functions. Users are identified with a user name and authenticated with a password. Users attributes include: user name, authentication data (password), and group membership. Note that while the product supports additional authentication mechanisms, only username/password is supported in the evaluated configuration
• Security management
\r\nThe TOE provides administrator console interfaces that can be used by authorized administrators to perform all management functions, including: managing database subjects (including authentication data), database objects, and TOE session establishment IP addresses.
• Protection of the TSF
\r\nThe TOE can ensure that implicit and explicit policies that it enforces are not bypassed by controlling access to its interfaces, including separating client connections between users and the TOE, and between TOE components. The TOE relies on its platform to operate correctly and to prevent unauthorized access to TOE data and stored executables.
• TOE access
\r\nThe TeraText Content Server component of the TOE can restrict user sessions based on the IP address of the originating client connection (where client in this context is defined as TOE components and subcomponents that initiate Z39.50 connections with the TeraText Content Server).
","features":[]}