BSI-CC-PP-0088-V for

Similar documents
BSI-CC-PP for

BSI-CC-PP for. Java Card Protection Profile - Open Configuration, Version December developed by. Oracle Corporation

BSI-CC-PP for. FIDO Universal Second Factor (U2F) Authenticator, Version 1.0. developed by. Federal Office for Information Security

BSI-CC-PP for

BSI-CC-PP for. Portable Storage Media Protection Profile (PSMPP), Version 1.0. from. Federal Office for Information Security

BSI-PP for. Protection Profile Secure Signature-Creation Device Type 3, Version developed by

BSI-PP for. Protection Profile Waste Bin Identification Systems (WBIS-PP) Version developed by. Deutscher Städte- und Gemeindenbund

BSI-CC-PP for. Machine-Readable Electronic Documents based on BSI TR for Official Use (MR.ED-PP), Version 1.01.

BSI-CC-PP for

BSI-CC-PP for. Common Criteria Protection Profile Electronic Identity Card (ID_Card PP), Version from

BSI-CC-PP for. Common Criteria Protection Profile Digital Tachograph - Smart Card (Tachograph Card), Version from

BSI-CC-PP for. Biometric Verification Mechanisms Protection Profile Version 1.3. from. Bundesamt für Sicherheit in der Informationstechnik

BSI-CC-PP for. Remote-Controlled Browsers Systems (ReCoBS) Version 1.0. from. Bundesamt für Sicherheit in der Informationstechnik

BSI-DSZ-CC-S for. Giesecke & Devrient Secure Data Management GmbH, Austraße 101b, Neustadt bei Coburg. Giesecke & Devrient GmbH

BSI-CC-PP-0053-V for. Security Module Card Type B (PP-SMC-B), Version 1.2. developed on behalf of the. Federal Ministry of Health, Germany

Assurance Continuity Maintenance Report

BSI-DSZ-CC for. Microsoft SQL Server 2016 Database Engine Enterprise Edition x64 (English) from. Microsoft Corporation

Bundesamt für Sicherheit in der Informationstechnik BSI-PP for. Smartcard IC Platform Protection Profile Version 1.0.

BSI-DSZ-CC for. Tivoli Security Policy Manager, Version 7.1. from. IBM Corporation

BSI-DSZ-CC for. IBM DB2 Version 11 for z/os Version 1 Release 13. from. IBM Corporation

BSI-DSZ-CC for. IBM Tivoli Directory Server, Version 6.3. from. IBM Corporation

Korean National Protection Profile for Electronic Document Encryption V1.0 Certification Report

Korean National Protection Profile for Single Sign On V1.0 Certification Report

BSI-DSZ-CC For. Oracle Database 11g Release 2 Standard Edition and Standard Edition 1. from. Oracle Corporation

BSI-DSZ-CC for. SLS 32TLC100(M) CIPURSE Security Controller v from. Infineon Technologies AG

BSI-DSZ-CC for. JBoss Enterprise Application Platform Version 4.3 CP03. from. Red Hat

BSI-CC-PP Common Criteria Protection Profile electronic Health Card Terminal (ehct) Version from the

Certification Report - Secure Messages Protection Profile

BSI-DSZ-CC for. Digital Tachograph DTCO 1381, Release 3.0. from. Continental Automotive GmbH

BSI-DSZ-CC-0957-V for. TCOS Smart Meter Security Module Version 1.0 Release 2/P60C144PVE. from. T-Systems International GmbH

BSI-DSZ-CC for. SUSE Linux Enterprise Server Version 12. from SUSE LLC

BSI-DSZ-CC for. gateprotect Firewall Packet-Filtering-Core Version from. gateprotect AG Germany

BSI-DSZ-CC for

BSI-DSZ-CC for

Certification Report - Protection Profile Encrypted Storage Device

BSI-DSZ-CC for STARCOS 3.5 ID GCC C2R. from. Giesecke & Devrient GmbH

Juniper Networks J2300, J2350, J4300, M7i and M10i Services Routers running JUNOS 8.5R3

BSI-DSZ-CC for

Mobile Felica on CX Virgo platform Version 5.0

Juniper Networks EX3200 and EX4200 Switches running JUNOS 9.3R2

ASSURANCE MAINTENANCE REPORT MR3 (supplementing Certification Report No. CRP248) Version 9.3R1. Issue 1.0 April 2011

BSI-DSZ-CC for. NXP Secure Smart Card Controller N7021 VA including IC Dedicated Software. from. NXP Semiconductors Germany GmbH

BSI-DSZ-CC for. SLB96xx. from. Infineon Technologies AG

BSI-DSZ-CC for. TCOS Smart Meter Security Module Version 1.0 Release 1/P60C144PVA. from. T-Systems International GmbH

BSI-DSZ-CC for. F5 Networks BIG-IP Application Delivery Controller (ADC-AP) version HF10 (build ) from. F5 Networks, Inc.

BSI-DSZ-CC for. TCOS Identity Card Version 1.0 Release 2/SLE78. from. T-Systems International GmbH

BSI-DSZ-CC for STARCOS 3.5 ID ECC C1R. from. Giesecke & Devrient GmbH

BSI-DSZ-CC for STARCOS 3.5 ID SAC+EAC+AA C1. from. Giesecke & Devrient GmbH

BSI-CC-PP for. PC Client Specific Trusted Platform Module Family 1.2; Level 2 Version 1.1. from. Trusted Computing Group

BSI-DSZ-CC for. TCOS Passport Version 2.1 Release 1/P60D144. from. T-Systems International GmbH

Evaluation Report as part of the Evaluation Technical Report, Part B ETR-Part Deterministic Random Number Generator

BSI-DSZ-CC for. IBM WebSphere Message Broker Version from. IBM United Kingdom Limited

BSI-DSZ-CC for. GeNUGate Firewall 6.3. from. GeNUA mbh

Juniper Networks EX3200 and EX4200 Switches running JUNOS 9.3R2

Certification Report

BSI-DSZ-CC for. TCOS Passport Version 2.1 Release 1/ P60D144/FSV02. from. T-Systems International GmbH

BSI-DSZ-CC for STARCOS 3.5 ID GCC C2. from. Giesecke & Devrient GmbH

BSI-DSZ-CC for

BSI-DSZ-CC for. NXP Secure Smart Card Controller P6021y VB including IC Dedicated Software. from. NXP Semiconductors Germany GmbH

BSI-DSZ-CC for. Health Insurance Card G from. Gemalto GmbH

BSI-DSZ-CC for

Certification Report

Certification Report

BSI-DSZ-CC for. MICARDO V4.0 R1.0 ehc v1.2. from. Morpho Cards GmbH

BSI-DSZ-CC-0963-V for. Infineon smartcard IC (Security Controller) M7791 B12 and G11 with specific IC-dedicated firmware.

COMMON CRITERIA CERTIFICATION REPORT

BSI-DSZ-CC for. SafeGuard Enterprise Device Encryption Version from. Utimaco Safeware AG

BSI-DSZ-CC for

Certification Report

BSI-DSZ-CC-0973-V for. NXP Secure Smart Card Controller P6022y VB including IC Dedicated Software. from. NXP Semiconductors Germany GmbH

COMMON CRITERIA CERTIFICATION REPORT

Certification Report

BSI-DSZ-CC for

Module 6: Network and Information Security and Privacy. Session 3: Information Security Methodology. Presenter: Freddy Tan

BSI-DSZ-CC for. IBM z/os Version 2 Release 1. from. IBM Corporation

IT Security Evaluation and Certification Scheme Document

Certification Report

BSI-DSZ-CC-0782-V for

Certification Report

Certification Report

BSI-DSZ-CC-0946-V for

Certification Report BSI-DSZ-CC for. Vanguard Enforcer Version 7 Release 1. from. Vanguard Integrity Professionals, Inc.

COMMON CRITERIA CERTIFICATION REPORT

Certification Report

Oracle Identity Manager Release running on Red Hat Enterprise Linux AS Version 4 Update 5

COMMON CRITERIA CERTIFICATION REPORT

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme. Validation Report

Certification Report

Certification Report

BSI-DSZ-CC for. NXP J3A080 v2.4.1 Secure Smart Card Controller (JCOP v2.4.1) from. NXP Semiconductors Germany GmbH

Certification Report

Certification Report

CERTIFICATION REPORT

Certification Report

BSI-DSZ-CC for. NXP J3D081_M59_DF and J3D081_M61_DF Secure Smart Card Controller Revision 2 of JCOP V2.4.2 R2. from

Certification Report

Certification Report

BSI-DSZ-CC for. Database Engine of Microsoft SQL Server 2005 Enterprise Edition (English) SP1 Version/Build

Certification Report BSI-DSZ-CC for. SafeGuard Easy, Version 3.20 SR1 for Microsoft Windows from. Utimaco Safeware AG

BSI-DSZ-CC for. S3CC9LC 16-Bit RISC Microcontroller for Smart Card Version 2. from. Samsung Electronics Co., Ltd.

Transcription:

BSI-CC-PP-0088-V2-2017 for Base Protection Profile for Database Management Systems (DBMS PP) Version 2.12 and DBMS PP Extended Package - Access History (DBMS PP_EP_AH) Version 1.02 developed by DBMS Working Group / Technical Community

Federal Office for Information Security (BSI), Postfach 20 03 63, 53133 Bonn, Germany Phone +49 (0)228 99 9582-0, Fax +49 (0)228 9582-5477, Infoline +49 (0)228 99 9582-111 Certification Report V1.0 CC-PP-414 V3.0

BSI-CC-PP-0088-V2-2017 Common Criteria Protection Profile Base Protection Profile for Database Management Systems (DBMS PP) Version 2.12 and DBMS PP Extended Package - Access History (DBMS PP_EP_AH) Version 1.02 developed by DBMS Working Group / Technical Community Assurance Package claimed in the Protection Profile: Common Criteria Part 3 conformant EAL 2 augmented by ALC_FLR.2 Valid until 04. April 2027 SOGIS Recognition Agreement The Protection Profile identified in this certificate has been evaluated at an approved evaluation facility using the Common Methodology for IT Security Evaluation (CEM), Version 3.1 for conformance to the Common Criteria for IT Security Evaluation (CC), Version 3.1. CC and CEM are also published as ISO/IEC 15408 and ISO/IEC 18045. This certificate applies only to the specific version and release of the Protection Profile and in conjunction with the complete Certification Report. The evaluation has been conducted in accordance with the provisions of the certification scheme of the German Federal Office for Information Security (BSI) and the conclusions of the evaluation facility in the evaluation technical report are consistent with the evidence adduced. This certificate is not an endorsement of the Protection Profile by the Federal Office for Information Security or any other organisation that recognises or gives effect to this certificate, and no warranty of the Protection Profile by the Federal Office for Information Security or any other organisation that recognises or gives effect to this certificate, is either expressed or implied. Common Criteria Recognition Arrangement Bonn, 5 April 2017 For the Federal Office for Information Security Bernd Kowalski Head of Department Bundesamt für Sicherheit in der Informationstechnik Godesberger Allee 185-189 - D-53175 Bonn - Postfach 20 03 63 - D-53133 Bonn Phone +49 (0)228 99 9582-0 - Fax +49 (0)228 9582-5477 - Infoline +49 (0)228 99 9582-111

Certification Report BSI-CC-PP-0088-V2-2017 This page is intentionally left blank. 4 / 18

BSI-CC-PP-0088-V2-2017 Certification Report Contents A Certification...7 1 Preliminary Remarks...7 2 Specifications of the Certification Procedure...7 3 Recognition Agreements...8 3.1 European Recognition of ITSEC/CC Certificates (SOGIS-MRA)...8 3.2 International Recognition of CC Certificates (CCRA)...8 4 Performance of Evaluation and Certification...9 5 Validity of the certification result...9 6 Publication...10 B Certification Results...11 1 Protection Profile Overview...12 2 Security Functional Requirements...12 3 Assurance Requirements...13 4 Results of the PP-Evaluation...13 5 Obligations and notes for the usage...14 6 Protection Profile Document...14 7 Definitions...14 7.1 Acronyms...14 7.2 Glossary...15 8 Bibliography...16 C Annexes...17 5 / 18

Certification Report BSI-CC-PP-0088-V2-2017 This page is intentionally left blank. 6 / 18

BSI-CC-PP-0088-V2-2017 Certification Report A Certification 1 Preliminary Remarks Under the Act on the Federal Office for Information Security (BSIG), the Federal Office for Information Security (BSI) has the task of issuing certificates for information technology products as well as for Protection Profiles (PP). A PP defines an implementation-independent set of IT security requirements for a category of products which are intended to meet common consumer needs for IT security. A PP claimed by a user, consumer or stakeholder for IT gives them the possibility to express their IT security needs without referring to a special product. Product certifications can be based on Protection Profiles. For products which have been certified based on a Protection Profile an individual certificate will be issued but the results from a PP certification can be re-used for the Security Taget evaluation within a product evaluation when conformance to the PP has been claimed. Certification of the Protection Profile is carried out on the instigation of the BSI or a sponsor. A part of the procedure is the technical examination (evaluation) of the Protection Profile according to Common Criteria [1]. The evaluation is normally carried out by an evaluation facility recognised by the BSI or by BSI itself. The result of the certification procedure is the present Certification Report. This report contains among others the certificate (summarised assessment) and the detailed Certification Results. 2 Specifications of the Certification Procedure The certification body conducts the procedure according to the criteria laid down in the following: Act on the Federal Office for Information Security (BSIG) 1 BSI Certification and Approval Ordinance 2 BSI Schedule of Costs 3 Special decrees issued by the Bundesministerium des Innern (Federal Ministry of the Interior) DIN EN ISO/IEC 17065 standard BSI certification: Scheme documentation describing the certification process (CC-Produkte) [3], including PP Certification BSI certification: Scheme documentation on requirements for the Evaluation Facility, its approval and licencing process (CC-Stellen) [3] 1 Act on the Federal Office for Information Security (BSI-Gesetz - BSIG) of 14 August 2009, Bundesgesetzblatt I p. 2821 2 Ordinance on the Procedure for Issuance of Security Certificates and approval by the Federal Office for Information Security (BSI-Zertifizierungs- und -Anerkennungsverordnung - BSIZertV) of 17 December 2014, Bundesgesetzblatt 2014, part I, no. 61, p. 2231 3 Schedule of Cost for Official Procedures of the Bundesamt für Sicherheit in der Informationstechnik (BSI-Kostenverordnung, BSI-KostV) of 03 March 2005, Bundesgesetzblatt I p. 519 7 / 18

Certification Report BSI-CC-PP-0088-V2-2017 Common Criteria for IT Security Evaluation (CC), Version 3.14 4 [1] also published as ISO/IEC 15408 Common Methodology for IT Security Evaluation, Version 3.1 [2] also published as ISO/IEC 18045 BSI certification: Application Notes and Interpretation of the Scheme (AIS) [4] Internal procedure for the issuance of a PP certificate 3 Recognition Agreements In order to avoid multiple certification of the same Protection Profile in different countries a mutual recognition of IT security certificates - as far as such certificates are based on CC - under certain conditions was agreed. Therefore, the results of this evaluation and certification procedure can be re-used by the product certificate issuing scheme in the evaluation of a Security Target within a subsequent product evaluation and certification procedure. 3.1 European Recognition of ITSEC/CC Certificates (SOGIS-MRA) The SOGIS-Mutual Recognition Agreement (SOGIS-MRA) Version 3 became effective in April 2010. It defines the recognition of certificates for IT-Products at a basic recognition level up to and including Common Criteria (CC) Evaluation Assurance Levels EAL 4 and ITSEC Evaluation Assurance Levels E 3 (basic), and in addition at higher recognition levels for IT-Products related to certain technical domains only. In addition, certificates issued for Protection Profiles based on Common Criteria are part of the recognition agreement. The SOGIS-MRA logo printed on the certificate indicates that it is recognised under the terms of this agreement by the nations involved. Details on recognition, technical domains and the agreement itself can be found at http://www.sogisportal.eu. 3.2 International Recognition of CC Certificates (CCRA) The international Common Criteria Recognition Arrangement (CCRA) became effictive in September 2014 in its current version. It defines the recognition of certificates for IT-products based on collaborative Protection Profiles (cpp) (exact use), CC certificates based on assurance components up to and including EAL 2 or the assurance family Flaw Remediation (ALC_FLR) and CC certificates for Protection Profiles and for collaborative Protection Profiles (cpp). In certain cases certificates issued during a transition period until September 2017 are recognised up to EAL 4. The Common Criteria Recognition Arrangement logo printed on the certificate indicates that this certification is recognised under the terms of this agreement by the nations involved. Details on recognition and the agreement itself can be found at http://www.commoncriteriaportal.org. 4 Proclamation of the Bundesministerium des Innern of 12 February 2007 in the Bundesanzeiger dated 23 February 2007 8 / 18

BSI-CC-PP-0088-V2-2017 Certification Report 4 Performance of Evaluation and Certification The certification body monitors each individual evaluation to ensure a uniform procedure, a uniform interpretation of the criteria and uniform ratings. The PP Base Protection Profile for Database Management Systems (DBMS PP) Version 2.12 and DBMS PP Extended Package - Access History (DBMS PP_EP_AH) Version 1.02, have undergone the certification procedure at BSI. This is a re-certification based on BSI-CC-PP-0088-2015. Specific results from the evaluation process based on BSI-CC-PP-0088-2015 were re-used. The evaluation of the PP Base Protection Profile for Database Management Systems (DBMS PP) Version 2.12 and DBMS PP Extended Package - Access History (DBMS PP_EP_AH) Version 1.02 was conducted by the ITSEF atsec information security GmbH. The evaluation was completed on 31. März 2017. The ITSEF atsec information security GmbH is an evaluation facility (ITSEF) 5 recognised by the certification body of BSI. For this certification procedure the sponsor and applicant is: DBMS Working Group / Technical Community. The certification is concluded with the comparability check and the production of this Certification Report. This work was completed by the BSI. 5 Validity of the certification result This Certification Report only applies to the version of the Protection Profile as indicated. In case of changes to the certified version of the Protection Profile, the validity can be extended to new versions and releases, provided the sponsor applies for assurance continuity (i.e. re-certification or maintenance) of the modified Protection Profile, in accordance with the procedural requirements, and the evaluation does not reveal any security deficiencies. For the meaning of the CC concepts and terms please refer to CC [1] Part 1 for the concept of PPs, to CC [1] Part 2 for the definition of Security Functional Requirements components (SFRs) and to CC [1] Part 3 for the definition of the Security Assurance Requirements components (SARs), for the class AVA Vulnerability assessment and for the cross reference of Evaluation Assurance Levels (EALs) and assurance components. The validity of this certificate ends as outlined on the certificate. The applicant and the sponsor of this certificate are recommended to review the technical content of the Protection Profile certified according to the evolvement of the technology and of the intended operational environment of the type of product concerned as well as according to the evolvement of the evaluation criteria. Such review should result in an update and a re-certification of the Protection Profile accordingly. Typically, technical standards are reviewed on a five years basis. The limitation of validity of this PP certificate does not necessarily impact the validity period of a product certificate referring to this Protection Profile, but the certification body issuing a product certificate based on this Protection Profile should take it into its consideration on validity. 5 Information Technology Security Evaluation Facility 9 / 18

Certification Report BSI-CC-PP-0088-V2-2017 6 Publication The PP Base Protection Profile for Database Management Systems (DBMS PP) Version 2.12 and DBMS PP Extended Package - Access History (DBMS PP_EP_AH) Version 1.02 have been included in the BSI list of the certified Protection Profiles, which is published regularly (see also Internet: https://www.bsi.bund.de and [5]). Further information can be obtained from BSI-Infoline +49 228 9582-111. The Certification Report may be obtained in electronic form at the internet address stated above. 10 / 18

BSI-CC-PP-0088-V2-2017 Certification Report B Certification Results The following results represent a summary of the certified Protection Profile, the relevant evaluation results from the evaluation facility, and complementary notes and stipulations of the certification body. 11 / 18

Certification Report BSI-CC-PP-0088-V2-2017 1 Protection Profile Overview The Protection Profile Base Protection Profile for Database Management Systems (DBMS PP) Version 2.12 and DBMS PP Extended Package - Access History (DBMS PP_EP_AH) Version 1.02 [7, 8] are established by the DBMS Working Group / Technical Community as a basis for the development of Security Targets in order to perform a certification of an IT-product, the Target of Evaluation (TOE). The "Protection Profile for Database Management Systems (Base Package)" version 2.12 as of 2017-03-23 specifies security requirements for a commercial-off-the-shelf (COTS) database management system (DBMS). The TOE type defined by the PP is a database management system. A product compliant with this Protection Profile includes, but is not limited to, a DBMS server and can be evaluated as a software only application layered on an underlying system, i.e., operating system, hardware, network services, and/or custom software, and is usually embedded as a component of a larger system within an operational environment. This profile establishes the requirements necessary to achieve the security objectives of the Target of Evaluation (TOE) it covers and its environment. Conformant products provide access control based on user identity and, optionally, group membership, e.g., Discretionary Access Control (DAC), and generation of audit records for security relevant events. Authorized administrators are trusted to not misuse the privileges assigned to them. Security Targets (STs) that claim conformance to this PP shall meet a minimum standard of demonstrable-pp conformance at level EAL2 augmented by ALC_FLR.2. The Protection Profile may be extended by functionality related to TOE access history, which is defined by the "DBMS PP Extended Package - Access History" version 1.02 as of 2017-03-23. The extended package can only be claimed in combination with the DBMS PP base package, and the resulting combination defines the same functionality as the previous version 2.07 of the DBMS PP already certified as BSI-CC-PP-0088-2015. The assets to be protected by a TOE claiming conformance to this PP are defined in the Protection Profile [7], chapter 4. Based on these assets the security problem definition is defined in terms of assumptions, threats and organisational security policies. This is outlined in the Protection Profile [7], chapter 4. These assumptions, threats and organisational security policies are split into security objectives to be fulfilled by a TOE claiming conformance to this PP and security objectives to be fulfilled by the operational environment of a TOE claiming conformance to this PP. These objectives are outlined in the PP [7], chapter 5, and the EP [8], chapter 4. The Protection Profile [7] requires a Security Target based on this PP or another PP claiming this PP to fulfil the CC requirements for demonstrable conformance. 2 Security Functional Requirements Based on the security objectives to be fulfilled by a TOE claiming conformance to this PP the security policy is expressed by the set of security functional requirements (SFR) to be implemented by a TOE. It covers the following issues: FAU: Security Audit FDP: User data protection 12 / 18

BSI-CC-PP-0088-V2-2017 Certification Report FIA: Identification and Authentication FMT: Security Management FPT: Protection of the TSF FTA: TOE Access A DBMS evaluated against the base package of the DBMS PP will provide the following security services: Discretionary Access Control (DAC) limits access to objects based on the identity of the subjects or groups to which the subjects and objects belong, and which allows authorized users to specify how the objects that they control are protected. Audit Capture for creation of information on all auditable events. Authorized administration role to allow authorized administrators to configure the policies for discretionary access control, identification and authentication, and auditing. The product must enforce the authorized administration role. Some administrative tasks may be delegated to specific users (which by that delegation become administrators although they can only perform some limited administrative actions). Ensuring that those users cannot extend the administrative rights assigned to them is a security functionality the product has to provide. The Extended Package - Access History of the DBMS PP covers an additional security objective for DBMS evaluated against that package in combination with the base package. When claimed, the security services of the DBMS will be extended by functionality related to access history that allows trained users to review their access history in order to help identify unauthorized access attempts. These TOE security functional requirements are outlined in the PP [7], chapter 7, and in the EP [8], chapter 6. They are selected from Common Criteria Part 2 and some of them are newly defined. Thus the SFR claim is called: 3 Assurance Requirements Common Criteria Part 2 extended The TOE security assurance package claimed in the Protection Profile is based entirely on the assurance components defined in part 3 of the Common Criteria. Thus, this assurance package is called: Common Criteria Part 3 conformant EAL 2 augmented by ALC_FLR.2 (for the definition and scope of assurance packages according to CC see [1], part 3 for details). 4 Results of the PP-Evaluation The Evaluation Technical Report (ETR) [6] was provided by the ITSEF according to the Common Criteria [1], the Methodology [2], the requirements of the Scheme [3] and all Application Notes and Interpretations of the Scheme (AIS) [4] as relevant for the TOE. As a result of the evaluation, the verdict PASS is confirmed for the assurance components of the class APE. 13 / 18

Certification Report BSI-CC-PP-0088-V2-2017 The following assurance components were used: APE_INT.1 PP introduction APE_CCL.1 Conformance claims APE_SPD.1 Security problem definition APE_OBJ.2 Security objectives APE_ECD.1 Extended components definition APE_REQ.2 Derived security requirements As the evaluation work performed for this certification procedure was carried out as a re-evaluation based on the certificate BSI-CC-PP-0088-2015, re-use of specific evaluation tasks was possible. The previous version (version 2.07) of the base Protection Profile included the security objective O.ACCESS_HISTORY, and evaluations of DBMS performed with a PP claim to version 2.07 (BSI-CC-PP-0088-2015) can be considered equivalent to an evaluation claiming conformance to this version of the PP [7] and the extended package Access History [8]. The focus of this re-evaluation was therefore on verifying that the base PP solves its security problem without meeting the security objective O.ACCESS_HISTORY, which was moved to the optional extended package for increased adaptivity. The results of the evaluation are only applicable to the Protection Profile and Extended Package as defined in chapter 1. 5 Obligations and notes for the usage The following aspects need to be fulfilled when using the Protection Profile: none 6 Protection Profile Document The Protection Profile Base Protection Profile for Database Management Systems (DBMS PP) Version 2.12 and DBMS PP Extended Package - Access History (DBMS PP_EP_AH) Version 1.02 [7, 8] are being provided within a separate document as Annex A of this report. 7 Definitions 7.1 Acronyms AH AIS BSI BSIG CCRA CC CEM COTS Access History Application Notes and Interpretations of the Scheme Bundesamt für Sicherheit in der Informationstechnik / Federal Office for Information Security, Bonn, Germany BSI-Gesetz / Act on the Federal Office for Information Security Common Criteria Recognition Arrangement Common Criteria for IT Security Evaluation Common Methodology for Information Technology Security Evaluation Commercial Off The Shelf 14 / 18

BSI-CC-PP-0088-V2-2017 Certification Report DBMS DAC EAL EP ETR IT ITSEC ITSEF PP SAR SF SFP SFR ST TOE TSF Database Management System Discretionary Access Control Evaluation Assurance Level Extended Package Evaluation Technical Report Information Technology Information Technology Security Evaluation Criteria Information Technology Security Evaluation Facility Protection Profile Security Assurance Requirement Security Function Security Function Policy Security Functional Requirement Security Target Target of Evaluation TOE Security Functionality 7.2 Glossary Augmentation - The addition of one or more requirement(s) to a package. Database Management System - A suite of programs that typically manage large structured sets of persistent data, offering ad hoc query facilities to many users. They are widely used in business applications. Discretionary Access Control - A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. Those controls are discretionary in the sense that a subject with certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject. Extension - The addition to an ST or PP of functional requirements not contained in part 2 and/or assurance requirements not contained in part 3 of the CC. Formal - Expressed in a restricted syntax language with defined semantics based on well-established mathematical concepts. Informal - Expressed in natural language. Object - A passive entity in the TOE, that contains or receives information, and upon which subjects perform operations. Protection Profile - An implementation-independent statement of security needs for a TOE type. Security Target - An implementation-dependent statement of security needs for a specific identified TOE. Semiformal - Expressed in a restricted syntax language with defined semantics. Subject - An active entity in the TOE that performs operations on objects. 15 / 18

Certification Report BSI-CC-PP-0088-V2-2017 Target of Evaluation - A set of software, firmware and/or hardware possibly accompanied by guidance. TOE Security Functionality - Combined functionality of all hardware, software, and firmware of a TOE that must be relied upon for the correct enforcement of the SFRs. 8 Bibliography [1] Common Criteria for Information Technology Security Evaluation, Version 3.1, Part 1: Introduction and general model, Revision 4, September 2012 Part 2: Security functional components, Revision 4, September 2012 Part 3: Security assurance components, Revision 4, September 2012 http://www.commoncriteriaportal.org [2] Common Methodology for Information Technology Security Evaluation (CEM), Evaluation Methodology, Version 3.1, Revision 4, September 2012 http://www.commoncriteriaportal.org [3] BSI certification: Scheme documentation describing the certification process (CC-Produkte) and Scheme documentation on requirements for the Evaluation Facility, approval and licencing (CC-Stellen), https://www.bsi.bund.de/zertifizierung [4] Application Notes and Interpretations of the Scheme (AIS) as relevant for the TOE 6. [5] German IT Security Certificates (BSI 7148), periodically updated list published also on the BSI Website [6] Evaluation Technical Report, Version 2, 2017-03-29, Final Evaluation Technical Report, atsec information security GmbH (confidential document) [7] Protection Profile for Database Management Systems (DBMS PP) Base Package, Version 2.12, 2017-03-23, BSI-CC-PP-0088-V2, DBMS Working Group / Technical Community [8] DBMS PP Extended Package Access History (DBMS PP_EP_AH), Version 1.02, 2017-03-23, BSI-CC-PP-0088-V2, DBMS Working Group / Technical Community 6 specially AIS 32, Version 7, CC-Interpretationen im deutschen Zertifizierungsschema AIS 38, Version 2, Reuse of evaluation results 16 / 18

BSI-CC-PP-0088-V2-2017 Certification Report C Annexes List of annexes of this certification report Annex A: Protection Profile Base Protection Profile for Database Management Systems (DBMS PP) Version 2.12 and DBMS PP Extended Package - Access History (DBMS PP_EP_AH) Version 1.02 [7, 8] provided within a separate document. Note: End of report 17 / 18

Certification Report BSI-CC-PP-0088-V2-2017 This page is intentionally left blank. 18 / 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback