1 Security Target SQL Server 2008 Team Author: Roger French Version: 1.2 Date: Abstract This document is the Security Target (ST) for the Common Criteria certification of the database engine of Microsoft SQL Server Keywords CC, ST, Common Criteria, SQL, Security Target
2 Page 2/56 This page intentionally left blank
3 Page 3/56 Table of Contents 1 ST INTRODUCTION ST and TOE Reference TOE Overview TOE Description Product Type Physical Scope and Boundary of the TOE Architecture of the TOE Logical Scope and Boundary of the TOE Conventions CONFORMANCE CLAIMS CC Conformance Claim PP Conformance Claim SECURITY PROBLEM DEFINITION Assets Assumptions Threats Organizational Security Policies SECURITY OBJECTIVES Security Objectives for the TOE Security Objectives for the operational Environment Security Objectives Rationale Overview Rationale for TOE Security Objectives Rationale for environmental Security Objectives EXTENDED COMPONENT DEFINITION Definition for FAU_STG.5.EXP IT SECURITY REQUIREMENTS TOE Security Functional Requirements Class FAU: Security Audit Class FDP: User Data Protection Class FIA: Identification and authentication Class FMT: Security Management TOE Security Assurance Requirements Security Requirements rationale Security Functional Requirements rationale Rationale for satisfying all Dependencies Rationale for Assurance Requirements TOE SUMMARY SPECIFICATION Security Management (SF.SM) Access Control (SF.AC) Identification and Authentication (SF.I&A)...48 Page
4 Page 4/ Security Audit (SF.AU) APPENDIX Concept of Ownership Chains How Permissions Are Checked in a Chain Example of Ownership Chaining References Glossary and Abbreviations Glossary Abbreviations...55
5 Page 5/56 List of Tables Table 1: Hardware and Software Requirements...11 Table 2 - Assumptions...17 Table 3 - Threats to the TOE...18 Table 4 Organizational Security Policies...19 Table 5 - Security Objectives for the TOE...20 Table 6 - Security Objectives for the TOE Environment...21 Table 7 Summary of Security Objectives Rationale...22 Table 8 Rationale for TOE Security Objectives...23 Table 9 Rationale for IT Environmental Objectives...26 Table 10 - TOE Security Functional Requirements...31 Table 11 - Auditable Events...33 Table 12 - Default Server Roles...39 Table 13 Default Database Roles...39 Table 14 Rationale for TOE Security Requirements...40 Table 15 Functional Requirements Dependencies for the TOE...44 Page List of Figures Figure 1: TOE... 9 Figure 2: Concept of Ownership Chaining...52 Page
6 Page 6/56 1 ST Introduction This chapter presents Security Target (ST) and TOE identification information and a general overview of the ST. An ST contains the information technology (IT) security requirements of an identified Target of (TOE) and specifies the functional and assurance security measures offered by that TOE to meet stated requirements. An ST principally defines: a) A security problem expressed as a set of assumptions about the security aspects of the environment, a list of threats that the TOE is intended to counter, and any known rules with which the TOE must comply (chapter 3, Security Problem Definition) b) A set of security objectives and a set of security requirements to address the security problem (chapters 4 and 6, Security Objectives and IT Security Requirements, respectively). c) The IT security functions provided by the TOE that meet the set of requirements (chapter 7, TOE Summary Specification). 1.1 ST and TOE Reference This chapter provides information needed to identify and control this ST and its Target of (TOE). ST Title: ST Version: 1.2 Date: Author: Certification-ID: TOE Identification: Microsoft SQL Server 2008 Database Engine Common Criteria Security Target Roger French, Microsoft Corporation BSI-DSZ-CC-0520 TOE Version: TOE Platform: Database Engine of Microsoft SQL Server 2008 Enterprise Edition (English) x86 and x64 and its related guidance documentation ([AGD] and [AGD_ADD]) Windows Server 2008 Enterprise Edition (English) Version CC Identification: Common Criteria for Information Technology Security, Version 3.1, Revision 1 as of September 2006 for part I, revision 2 as of September 2007 for parts II and III, English version. Assurance Level: EAL 1 augmented by ASE_OBJ.2, ASE_REQ.2 and ASE_SPD.1. PP Conformance: Keywords: none CC, ST, Common Criteria, SQL, Security Target
7 Page 7/ TOE Overview The TOE is the database engine of SQL Server SQL Server is a Database Management System (DBMS). The TOE has been developed as the core of the DBMS to store data in a secure way. The security functionality of the TOE comprises: Security Management Access Control Identification and Authentication Security Audit A summary of the TOE security functions can be found in chapter A more detailed description of the security functions can be found in chapter 7, TOE Summary Specification. Please note that only the SQL Server 2008 database engine is addressed in this ST. Other related products of the SQL Server 2008 platform, such as Service Broker, provide services that are useful but are not central to the enforcement of security policies. Hence, security evaluation is not directly applicable to those other products. 1.3 TOE Description This chapter provides context for the TOE evaluation by identifying the product type and describing the evaluated configuration. The main purpose of this chapter is to bind the TOE in physical and logical terms. The chapter starts with a description of the product type before it introduces the physical scope, the architecture and last but not least the logical scope of the TOE Product Type The product type of the Target of (TOE) described in this ST is a database management system (DBMS) with the capability to limit TOE access to authorized users, enforce Discretionary Access Controls on objects under the control of the database management system based on user and/or role authorizations, and to provide user accountability via audit of users actions. A DBMS is a computerized repository that stores information and allows authorized users to retrieve and update that information. A DBMS may be a single-user system, in which only one user may access the DBMS at a given time, or a multi-user system, in which many users may access the DBMS simultaneously. The TOE which is described in this ST is the database engine and therefore part of SQL Server It provides a relational database engine providing mechanisms for Access Control, Identification and Authentication and Security Audit.
8 Page 8/56 The SQL Server platform additionally includes the following tools which are not part of the TOE: SQL Server Replication: Data replication for distributed or mobile data processing applications and integration with heterogeneous systems Analysis Services: Online analytical processing (OLAP) capabilities for the analysis of large and complex datasets. Reporting Services: A comprehensive solution for creating, managing, and delivering both traditional, paper-oriented reports and interactive, Web-based reports. Integration Services: Microsoft Integration Services is a platform for building enterprise-level data integration and data transformations solutions. Management tools: The SQL Server platform includes integrated management tools for database management and tuning as well as tight integration with tools such as Microsoft Operations Manager (MOM) and Microsoft Systems Management Server (SMS). Development tools: SQL Server offers integrated development tools for the database engine, data extraction, transformation, and loading (ETL), data mining, OLAP, and reporting that are tightly integrated with Microsoft Visual Studio to provide end-to-end application development capabilities Other tools offered by the installation process: Full Text Search, Business Intelligence Development Studio, Client tools connectivity, Client tools backwards compatibility, Client tools SDK, SQL client connectivity SDK, Microsoft sync framework. The TOE itself only comprises the database engine of the SQL Server 2008 platform which provides the security functionality as required by this ST. Any additional tools of the SQL Server 2008 platform interact with the TOE as a standard SQL client. The scope and boundary of the TOE will be described in the next chapter. Please refer to [AGD_ADD] for more information about the installation process of the TOE Physical Scope and Boundary of the TOE The TOE is the database engine of the SQL Server 2008 and its related guidance documentation. This engine has been evaluated in two different configurations (x86 and x64) while the IA64 version of the database engine has not been evaluated. The following figure shows the TOE (including its internal structure) and its immediate environment.
9 Page 9/56 Figure 1: TOE As seen in Figure 1 the TOE internally comprises the following logical units: The Communication part is the interface for programs accessing the TOE. It is the interface between the TOE and clients performing requests. All responses to user application requests return to the client through this part of the TOE. The Relational Engine is the core of the database engine and is responsible for all security relevant decisions. The relational engine establishes a user context, syntactically checks every Transact SQL (T-SQL) statement, compiles every statement, checks permissions to determine if the statement can be executed by the user associated with the request, optimizes the query request, builds and caches a query plan, and executes the statement. The Storage Engine is a resource provider. When the relational engine attempts to execute a T-SQL statement that accesses an object for the first time, it calls upon the storage engine to retrieve the object, put it into memory and return a pointer to the execution engine. To perform these tasks, the storage engine manages the physical resources for the TOE by using the Windows OS. The SQL-OS is a resource provider for all situations where the TOE uses functionality of the operating system. SQL-OS provides an abstraction layer over common OS functions and was designed to reduce the number of context switches within the TOE. SQL-OS especially contains functionality for Task Management and for Memory Management. For Task Management the TOE provides an OS-like environment for threads, including scheduling, and synchronization all running in user mode, all (except for I/O) without calling the Windows Operating System.
10 Page 10/56 The Memory Manager is responsible for the TOE memory pool. The memory pool is used to supply the TOE with its memory while it is executing. Almost all data structures that use memory in the TOE are allocated in the memory pool. The memory pool also provides resources for transaction logging and data buffers. The immediate environment of the TOE comprises: The Windows 2008 Server Enterprise Edition Operating System, which hosts the TOE. As the TOE is a software only TOE it lives as a process in the Operating System (OS) and uses the resources of the OS. These resources comprise general functionality (e.g. the memory management and scheduling features of the OS) as well as specific functionality of the OS, which is important for the Security Functions of the TOE (see chapter 7 for more details) Other parts of the SQL Server 2008 Platform, which might be installed together with the TOE. The TOE is the central part of a complete DBMS platform, which realizes all Security Functions as described in this ST. However other parts of the platform may be installed on the same machine if they are needed to support the operation or administration of the TOE. However these other parts will interact with the TOE in the same way, every other client would do. Clients (comprising local clients and remote clients) are used to interact with the TOE during administration and operation. Services of the Operating System are used to route the communication of remote clients with the TOE. The TOE relies on functionality of the Windows 2008 Server Operating System and has the following hardware/software requirements:
11 Page 11/56 Table 1: Hardware and Software Requirements CPU Pentium III compatible at 1 GHz or faster (for the 32 bit edition) AMD Opteron, AMD Athlon 64, Intel Xeon with Intel EM64T support, Intel Pentium IV with EM64T support at 1.4 GHz or faster 1 RAM Hard Disk Other Software 512 MB Approx 1500 MB of free space DVD ROM drive, display at Super VGA resolution, Microsoft mouse compatible pointing device, keyboard Windows Server 2008 Enterprise Edition (in 64 or 32 bit), English version, version NET Framework 3.5 SP 1 Windows Installer4.5 The following guidance documents and supportive information belong to the TOE: SQL Server 2008 Books Online: This is the general guidance documentation for the complete SQL Server 2008 platform SQL Server Guidance Addendum / Installation / Startup: This document contains the aspects of the guidance that are specific to the evaluated configuration of SQL Server 2008 The website contains additional information about the TOE and its evaluated configuration. Also the guidance addendum that describes the specific aspects of the certified version can be obtained via this website. The guidance addendum extends the general guidance of SQL Server 2008 that ships along with the product in form of Books Online. This website shall be visited before using the TOE Architecture of the TOE The TOE which is described in this ST comprises one instance of the SQL Server 2008 database engine but has the possibility to serve several clients simultaneously Logical Scope and Boundary of the TOE SQL Server 2008 is able to run multiple instances of the database engine on one machine. After installation one default instance exists. However the administrator is able to add more instances of SQL Server 2008 to the same machine. The TOE comprises one instance of SQL Server Within this ST it is referenced either as "the TOE" or as "instance". The machine the instances are running on is referenced as "server" or "DBMS-server". 1 Please note that IA64 CPUs are not supported for the certified version of the database engine of SQL Server 2008
12 Page 12/56 If more than one instance of SQL Server 2008 is installed on one machine these just represent multiple TOEs as there is no other interface between two instances of the TOE than the standard client interface In this way two or more instances of the TOE may only communicate through the standard client interface. The TOE provides the following set of security functionality The Access Control function of the TOE controls the access of users to user and TSF data stored in the TOE. It further controls that only authorized administrators are able to manage the TOE. The Security Audit function of the TOE produces log files about all security relevant events. The Management function allows authorized administrators to manage the behavior of the security functions of the TOE. The Identification and Authentication 2 function of the TOE is able to identify and authenticate users. The following functions are part of the environment: The Audit Review and Audit Storage functionality has to be provided by the environment and provide the authorized administrators with the capability to review the security relevant events of the TOE. The Access Control Mechanisms has to be provided by the environment for files stored in the environment The environment provides Identification and Authentication 2 for users for the cases where this is required by the TOE (The environment AND the TOE provide mechanisms for user authentication. See chapter 7.3 for more details). The environment has to provide Time stamps to be used by the TOE. The environment provides a cryptographic mechanisms for hashing of passwords All these functions are provided by the underlying Operating System (Windows 2008 Server Enterprise Edition) except Audit Review, for which an additional tool has to be used (e.g. the SQL Server Profiler, which is part of the SQL Server Platform). Access to the complete functionality of the TOE is possible via a set of SQL-commands (see [TSQL]). This set of commands is available via: Shared Memory Named Pipes 2 Note that the TOE as well as the environment provides a mechanism for identification and authentication. Chapter 7 will describe this in more detail.
13 Page 13/56 TCP/IP
14 Page 14/ Conventions For this Security Target the following conventions are used: The CC allows several operations to be performed on functional requirements; refinement, selection, assignment, and iteration are defined in chapter C.4 of Part 1 of the CC. Each of these operations is used in this ST. The refinement operation is used to add detail to a requirement, and thus further restricts a requirement. Refinement of security requirements is denoted by bold text. The selection operation is used to select one or more options provided by the CC in stating a requirement. Selections that have been made are denoted by italicized text. The assignment operation is used to assign a specific value to an unspecified parameter, such as the length of a password. Assignments that have been made are denoted by showing the value in square brackets, [Assignment_value]. The iteration operation is used when a component is repeated with varying operations. Iteration is denoted by showing the iteration number in parenthesis following the component identifier, (iteration_number). The CC paradigm also allows protection profile and security target authors to create their own requirements. Such requirements are termed explicit requirements and are permitted if the CC does not offer suitable requirements to meet the authors needs. Explicit requirements must be identified and are required to use the CC class/family/component model in articulating the requirements. In this ST, explicit requirements will be indicated with the.exp following the component name.
15 Page 15/56 2 Conformance Claims 2.1 CC Conformance Claim This Security Target claims to be CC Part 2 (Version 3.1, Revision 2, September 2007) extended due to the use of the component FAU_STG.5.EXP CC Part 3 (Version 3.1, Revision 2, September 2007) conformant as only assurance components as defined in part III of [CC] have been used. Further this Security Target claims to be conformant to the Security Assurance Requirements package EAL 1 augmented by ASE_OBJ.2, ASE_REQ.2 and ASE_SPD PP Conformance Claim This Security Target does not claim compliance to any Protection Profile.
16 Page 16/56 3 Security Problem Definition This chapter describes the assets that have to be protected by the TOE, assumptions about the environment of the TOE, threats against those assets and organizational security policies that TOE shall comply with. 3.1 Assets The TOE maintains two types of data which represent the assets: User Data and TSF Data. The primary assets are the User Data which comprises the following: The user data stored in or as database objects; User-developed queries or procedures that the DBMS maintains for users. The secondary assets comprise the TSF data that the TOE maintains and uses for its own operation. This kind of data is also called metadata. It specifically includes: The definitions of user databases and database objects Configuration parameters, User security attributes, Security Audit instructions and records
17 Page 17/ Assumptions The following table lists all the assumptions about the environment of the TOE. Table 2 - Assumptions Assumption A.NO_EVIL A.NO_GENERAL_PURPOSE A.OS A.PHYSICAL A.COMM Description Administrators are non-hostile, appropriately trained, and follow all administrator guidance. There are no general-purpose computing capabilities (e.g., compilers or user applications) available on DBMS servers, other than those services necessary for the operation, administration and support of the DBMS. It is assumed that the TOE is installed on Windows Server 2008 Enterprise Edition and that this Operating System provides functionality for Identification and authentication of users, Access Control for Files, Time stamps, Audit Storage, Hashing of passwords It is assumed that appropriate physical security is provided for the server, on which the TOE is installed, considering the value of the stored, processed, and transmitted information. It is assumed that any communication path from and to the TOE is appropriately secured to avoid eavesdropping and manipulation.
18 Page 18/ Threats The following table lists the threats against the assets, which are protected by the TOE and its environment. Threat Table 3 - Threats to the TOE Description T. ACCIDENTAL_ADMIN_ERROR An administrator may incorrectly install or configure the TOE resulting in ineffective TSF data and therewith ineffective security mechanisms. T.MASQUERADE T.TSF_COMPROMISE T.UNAUTHORIZED_ACCESS A user or process may claim to be another entity in order to gain unauthorized access to data or TOE resources. A user or process may try to access (i.e. view, modify or delete) configuration data of the TOE. This could allow the user or process to gain knowledge about the configuration of the TOE or could bring the TOE into an insecure configuration in which the security mechanisms for the protection of the assets are not longer working correctly. A user may try to gain unauthorized access to user data for which they are not authorized according to the TOE security policy. Within the scope of this threat the user just tries to access assets, he doesn t have permission on, without trying to masquerade another user or circumventing the security mechanism in any other way.
19 Page 19/ Organizational Security Policies An organizational security policy is a set of rules, practices, and procedures imposed by an organization to address its security needs. This chapter identifies the organizational security policies applicable to the TOE. Table 4 Organizational Security Policies Policy P.ACCOUNTABILITY P.ROLES Description The authorized users of the TOE shall be held accountable for their actions within the TOE. The TOE shall provide an authorized administrators role for secure administration of the TOE. This role shall be separate and distinct from other authorized users.
20 Page 20/56 4 Security Objectives The purpose of the security objectives is to detail the planned response to a security problem or threat. This chapter describes the security objectives for the TOE and its operational environment. 4.1 Security Objectives for the TOE This chapter identifies and describes the security objectives of the TOE. Objective Table 5 - Security Objectives for the TOE Description O.ADMIN_ROLE The TOE will provide authorized administrators roles to isolate administrative actions. O.AUDIT_GENERATION O.MANAGE The TOE will provide administrators with the necessary information for secure management. The TOE will provide the capability to detect and create records of security relevant events associated with users. The TOE will provide all the functions and facilities necessary to support the authorized administrators in their management of the security of the TOE, and restrict these functions and facilities from unauthorized use. O.MEDIATE The TOE must protect user data in accordance with its security policy. O.I&A The TOE will provide a mechanism for identification and authentication of users.
21 Page 21/ Security Objectives for the operational Environment The security objectives for the operational environment of the TOE are defined in the following table. Table 6 - Security Objectives for the TOE Environment Objective OE.NO_EVIL OE.NO_GENERAL_ PURPOSE Description Sites using the TOE shall ensure that authorized administrators are non-hostile, appropriately trained and follow all administrator guidance. There will be no general-purpose computing capabilities (e.g., compilers or user applications) available on DBMS servers, other than those services necessary for the operation, administration and support of the DBMS. OE.OS The TOE shall be installed on Windows Server 2008 Enterprise Edition. This Operating System provides functionality for Identification and authentication of users, Access Control for Files, Time stamps, Audit Storage, Hashing of passwords OE.PHYSICAL OE.COMM OE.AUDIT_REVIEW Physical security shall be provided for the server, on which the TOE will be installed, considering the value of the stored, processed, and transmitted information. Any communication path from and to the TOE will be appropriately secured to avoid eavesdropping and manipulation. The environment shall provide tools for the administrators to review the audit logs that are produced by the TOE.
22 O.ADMIN_ROLE O.AUDIT_GENERATION O.MANAGE O.MEDIATE O.I&A OE.NO_EVIL OE.NO_GENERAL_ PURPOSE OE.OS OE.PHYSICAL OE.COMM OE:AUDIT_REVIEW Security Target Microsoft SQL Server 2008 Database Engine Common Criteria Page 22/ Security Objectives Rationale Overview The following table summarizes the rationale for the security objectives. Table 7 Summary of Security Objectives Rationale Threats, Assumptions, OSP / Security Objectives T.ACCIDENTAL_ADMIN_ERROR X T.MASQUERADE X T.TSF_COMPROMISE X T.UNAUTHORIZED_ACCESS X X P.ACCOUNTABILITY X X X P.ROLES X A.NO_EVIL A.NO_GENERAL_PURPOSE A.OS A.PHYSICAL A.COMM X X X X X Details are given in the following subchapters.
23 Page 23/ Rationale for TOE Security Objectives Table 8 Rationale for TOE Security Objectives Threat/Policy T.ACCIDENTAL_ADMIN_ERR OR An administrator may incorrectly install or configure the TOE resulting in ineffective security mechanisms. T.MASQUERADE A user or process may claim to be another entity in order to gain unauthorized access to data or TOE resources. T.TSF_COMPROMISE A user or process may try to access (i.e. view, modify or delete) configuration data of the TOE. This could allow the user or process to gain knowledge about the configuration of the TOE or could bring the TOE into an insecure configuration in which the security mechanisms for the protection of the assets are not longer working correctly. T.UNAUTHORIZED_ACCESS A user may try to gain unauthorized access to user data for which they are not authorized according to the Objectives Addressing the Threat/Policy O.ADMIN_ROLE The TOE will provide administrators with the necessary information for secure management. O.I&A The TOE will provide a mechanism for identification and authentication of users. O.MANAGE The TOE will provide all the functions and facilities necessary to support the authorized administrators in their management of the security of the TOE and restrict these functions and facilities from unauthorized use. O.MEDIATE The TOE must protect user data in accordance with its security policy. Rationale O.ADMIN_ROLE counters this threat by ensuring the TOE administrators have guidance that instructs them how to administer the TOE in a secure manner. Having this guidance and considering the assumption A.NO_EVIL mitigates the threat that an administrator might cause the TOE to be configured insecurely to an acceptable level. O.I&A counters this threat by providing the means to identify and authenticate the user where the I&A mechanisms of the environment is not used. The correct identity of the user is the basis for any decision of the TOE about an attempt of a user to access data. In this way it is not possible for a user or process to masquerade as another entity and the threat is removed. O.MANAGE counters this threat as it defines that only authorized administrators shall be able to use the management functionality, provided by the TOE. In this way the threat is removed. O.MEDIATE ensures that all accesses to user data are subject to mediation. The TOE requires successful authentication to the TOE prior to gaining access to any controlled-
24 Page 24/56 TOE security policy. Within the scope of this threat the user just tries to access assets, he doesn t have permission on, without trying to masquerade another user or circumventing the security mechanism in any other way. O.I&A The TOE will provide a mechanism for identification and authentication of users. access content Lastly, the TSF will ensure that all configured enforcement functions (authentication, access control rules, etc.) must be invoked prior to allowing a user to gain access to TOE or TOE mediated services. The TOE restricts the ability to modify the security attributes associated with access control rules, access to authenticated and unauthenticated services, etc to the administrator. Together with O.I&A this mechanism ensures that no user can gain unauthorized access to data and in this way removes the threat. O.I&A contributes to countering this threat by providing the means to identify and authenticate the user where the I&A mechanism of the environment is not used. The correct identity of the user is the basis for any decision of the TOE about an attempt of a user to access data. P.ACCOUNTABILITY The authorized users of the TOE shall be held accountable for their actions within the TOE. O.AUDIT_GENERATION The TOE will provide the capability to detect and create records of security relevant events associated with users. O.I&A The TOE will provide a mechanism for identification and authentication of users. O.AUDIT_GENERATION addresses this policy by providing the authorized administrator with the capability of configuring the audit mechanism to record the actions of a specific user. O.I&A supports this policy by providing the means to identify and authenticate the user where the I&A mechanisms of the environment cannot be used. The identity of the user is stored in the audit logs.
Microsoft SQL Server 2012 Database Engine Common Criteria Evaluation (EAL2) Security Target SQL Server 2012 Team Author: Version: 1.2 Roger French (Microsoft Corporation) Date: 2012-08-07 Abstract This
SQL Server 2008 Team Author: Roger French Version: 1.04 Date: 2011-09-26 Abstract This document is the (ST) for the Common Criteria certification of the database engine of Microsoft SQL Server 2008 R2.
Security Target Microsoft SQL Server Team Author: Roger French Version: 1.27 Date 2008-07-23 File Name: MS_SQL_ST_1.27 Abstract This document is the Security Target (ST) for the Common Criteria evaluation
Microsoft SQL Server 2014 Database Engine Common Criteria Evaluation (EAL2+) Security Target SQL Server 2014 Team Author: Version: 1.42 Roger French (Microsoft Corporation) Date: 2015-03-27 Abstract This
U.S. Government Protection Profile for Database Management Systems Information Assurance Directorate Version 1.3 December 24, 2010 Protection Profile Title: 1 U.S. Government Protection Profile for Database
Security Target Symantec TM Network Access Control Version 12.1.2 Document Version 0.12 February 14, 2013 Document Version 0.12 Symantec Page 1 of 39 Prepared For: Prepared By: Symantec Corporation 350
Mobile Billing System Security Target Common Criteria: EAL1 Version 1.2 25 MAY 11 Document management Document identification Document ID Document title Product version IDV_EAL1_ASE IDOTTV Mobile Billing
Security Target McAfee Enterprise Mobility Management 9.7 Document Version 0.9 July 5, 2012 Document Version 0.9 McAfee Page 1 of 39 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa
EMC Documentum EMC Documentum Content Server TM V5.3 and EMC Documentum Administrator TM V5.3 Security Target V2.0 December 8, 2005 ST prepared by Suite 5200, 4925 Jones Branch Drive McLean, VA 22102-3305
MAGIC Telephone Hybrid System - SQL Migration - using the example Wolfgang Peters 1 Overview of the SQL Migration Requirements Remarks for Windows 7 Users Hardware requirements SQL-Server Software requirements
U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments Information Assurance Directorate Version 1.1 July 25, 2007 Forward This Protection Profile US Government
EAL4+ Security Target Common Criteria: EAL4 augmented with ALC_FLR.3 Version 1.0 21-DEC-10 Document management Document identification Document ID Document title Release authority E14_EAL4_ASE Microsoft
Security Target McAfee Enterprise Mobility Management 12.0 Document Version 1.16 September 17, 2014 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 Primasec Ltd
Security Target Securonix Security Intelligence Platform 4.0 Document Version 1.12 January 9, 2015 Document Version 1.12 Copyright Securonix Page 1 of 41 Prepared For: Prepared By: Securonix 5777 W. Century
Teradata Database Version 2 Release 6.1.0 (V2R6.1.0) Security Target Version 2.0 February 2007 TRP Number: 541-0006458 NCR, Teradata and BYNET are registered trademarks of NCR Corporation. Microsoft, Windows,
McAfee Web Gateway Version 18.104.22.168 EAL 2 + ALC_FLR.2 Release Date: 5 October 2012 Version: 1.0 Prepared By: Primasec Ltd. Prepared For: McAfee Inc. 3965 Freedom Circle Santa Clara, CA 95054 Document Introduction
Firewall Protection Profile V2.0 2008. 4. 24 (This page left blank on purpose for double-side printing) Protection Profile Title Firewall Protection Profile for Government Evaluation Criteria Version This
Security Target Symantec Security Information Manager Version 4.8.1 Document Version 1.7 January 30, 2014 Document Version 1.7 Copyright Symantec Corporation Page 1 of 42 Prepared For: Prepared By: Symantec
Identity Management Protection Profile IMPP BSI-PP-0024 Version Number 1.17 Date: January 12, 2006 Status: Final Author: David Ochel Owner: Brian Matthiesen Note: This document will become a public document
Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team Author: Microsoft Corp. Version: 1.0 Last Saved: 2011-03-10 File Name: MS_UAG_ST_1.0.docx
JMCS Northern Light Video Conferencing System Security Target Common Criteria: EAL2 Version 1.2 22 FEB 12 Document management Document identification Document ID Document title Product version NLVC_ST_EAL2
Forefront Identity Manager (FIM) 2010 Security Target Common Criteria: EAL4 augmented with ALC_FLR.3 Version 1.0 24-MAR-2012 Document history Version Date Description 0.1 28-APR-11 Initial draft for review.
BMC ProactiveNet Performance Management 9.5 Security Target Version 0.4 18 July 2014 Copyright 2014 BMC Software, Inc. All rights reserved. BMC, BMC Software, and the BMC Software logo are the exclusive
May 17, 2011 SQL SERVER SECURITY GRANTING, CONTROLLING, AND AUDITING DATABASE ACCESS Mike Fal Working with SQL Server since MSSQL 7. Currently supporting 100+ servers with varying requirements. Blog www.mikefal.net
Rapid7 Nexpose Vulnerability Management and Penetration Testing System V.5.1 Security Target Version 1.7 May 11, 2012 Prepared for: Rapid7 LLC 545 Boylston Street, Suite 400 Boston, MA 02116 Prepared By:
IBM Security Access Manager for Enterprise Single Sign-On Version 8.2 with IMS Server Interim Fix 4 and AccessAgent Fix Pack 22 Security Target Version: Status: Last Update: 1.19 Released 2014-03-05 Trademarks
MAGIC THipPro - SQL Server Installation - using the example of Express Wolfgang Peters 1 Installation of the SQL Server Configuration of the SQL Server Create SQL User Create empty database Install SQL
Security Target: Symantec Endpoint Protection Version 11.0 ST Version 1.6 June 2, 2008 Document Version 1.6 Symantec Corporation Page 1 of 68 Prepared For: Prepared By: Symantec Corporation 20330 Stevens
Marimba Client and Server Management from BMC Software Release 6.0.3 Version 2.3.0 4 June, 2007 Prepared by: BMC Software, Inc. 2101 City West Blvd. Houston, Texas 77042 TABLE OF CONTENTS 1. Introduction...
Wyse Technology Inc. Wyse Device Manager Enterprise Edition Version 4.7.2 Security Target Version 1.8 April 18, 2011 Wyse Technology Inc. 3471 N. First Street San Jose, CA 95134 DOCUMENT INTRODUCTION Prepared
12 SQL Server SQL Server NT SQL Server 12.1 SQL Server SQL Server SQL Server SQL Server 12.1 12.1.1 SQL Server SQL Server SQL Server SQL Server Windows NT SQL Server Windows NT 12.1.2 SQL Server SQL Server
RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5 Security Target Evaluation Assurance Level: EAL2 Augmented with ALC_FLR.1 Document Version: 0.7 Prepared for: Prepared by: RSA, The
CA CA, Inc. Identity Manager 12.5 Identity Manager r12.1 Security Target Version 2.0 June Version 21, 2010 0.6 December 29, 2008 Prepared for: Prepared CA for: 100 Staples CA, Inc. Drive Framingham, 100
Network Intrusion Prevention System Protection Profile V1.1 December 21, 2005 (This page left blank on purpose for double-side printing) Protection Profile Title Network Intrusion Prevention System Protection
Trustwave DbProtect Version 6.4.3 Security Target Version 1.8 July 21, 2015 Trustwave 70 West Madison Street Suite 1050 Chicago, IL 60602 Prepared By: Common Criteria Consulting LLC 15804 Laughlin Lane
Red Hat Enterprise Linux 3 (running on specified Dell and Hewlett-Packard hardware) Security Target Version 1.7 January 2004 Document Control DOCUMENT TITLE Red Hat Enterprise Linux 3 Security Target Version
Evaluating Windows: Something Old, Something New, Something Borrowed, Something Blue September 11, 2013 Mike Grimm, Microsoft Corp. Agenda History of Windows CC evaluations Experiences with Windows 7 and
SolarWinds Log and Event Manager Software Security Target Version 1.5 August 25, 2014 SolarWinds Worldwide, LLC 3711 South MoPac Expressway Building Two Austin, Texas 78746 Copyright 2013 SolarWinds Worldwide,
Extended Package for Mobile Device Management Agents 31 December 2014 Version 2.0 REVISION HISTORY Version Date Description 1.0 21 October 2013 Initial Release 1.1 7 February 2014 Typographical changes
Security Target McAfee Data Loss Prevention Endpoint 9.4 and epolicy Orchestrator 5.1.3 Document Version 1.0 November 24, 2015 Prepared For: Prepared By: Intel Corporation. 2821 Mission College Blvd. Santa
DataPower S40 ML Security Gateway and DataPower I50 Integration Appliance Version 3.6 Security Target Version 0.75 10/09/2008 Prepared for: IBM SOA Appliance Group One Rogers St Cambridge, MA 02142 Prepared
IBM WebSphere Message Broker Security Target Version 2.1.2 2007-08-22 Document History Version Date Summary Author 1.0 2006-10-23 Final EAL3 ST plus changes by IBM. SAIC / IBM 1.1 2006-12-11 Fixed inconsistencies.
Secuware Virtual System (SVS) SECURITY TARGET EAL2 Copyright 2008 by SECUWARE All rights reserved. The information in this document is exclusive property of SECUWARE and may not be changed without express
Check Point Endpoint Security Media Encryption Security Target Version 1.0 June 23, 2010 Prepared for: 5 Ha Solelim St. Tel Aviv, Israel 67897 Prepared By: Science Applications International Corporation
Trustwave Secure Web Gateway Security Target Version 1.5 September 18, 2013 Trustwave 70 West Madison Street Suite 1050 Chicago, IL 60602 Prepared By: Common Criteria Consulting LLC 15804 Laughlin Lane
Exchange Server 2003 Common Criteria Evaluation Security Target Exchange Server 2003 Team Author: Michael Grimm Status: Final Version: 1.9 Revision: 1 Last Saved: 2005-06-21 File Name: MS_EX_ST_1.9.doc
SenSage, Inc. SenSage 4.6.2 Security Target Evaluation Assurance Level: EAL2+ Document Version: 1.2 Prepared for: Prepared by: SenSage, Inc. 55 Hawthorne Street San Francisco, CA 94105 United States of
Security Target: Symantec Mail Security 8300 Series Appliances Version 5.0 ST Version 1.6 August 20, 2007 Document Version 1.6 Symantec Corporation Page 1 of 55 Prepared For: Prepared By: Symantec Corporation
GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0.1 Security Target Version 2.01 Common Criteria EAL4 augmented
SECURITY TARGET FOR CENTRIFY SUITE VERSION 2013.2 Document No. 1769-000-D0007 Version: v0.89, 12 September 2013 Prepared for: Centrify Corporation 785 N. Mary Avenue, Suite 200 Sunnyvale, California USA,
Senforce Endpoint Security Suite Version 3.1.175 Security Target Version 1.0 06/19/07 Prepared for: Senforce Technologies, Inc. 147 W Election Rd Ste 110 Draper UT 84020 Prepared By: Science Applications
Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP-0081-2012 Version 1.0 German Federal Office for Information Security PO Box 20 03 63 D-53133 Bonn Tel.:
McAfee Firewall Enterprise v7.0.1.02 Security Target 8 Nov 2010 Version 1.3 Prepared By: Primasec Ltd For McAfee Inc 2340 Energy Park Drive St. Paul, MN 55108 USA McAfee Inc. Page 1 of 60 Contents 1 Introduction...
Check Point Endpoint Security Full Disk Encryption Security Target ST Version 2.4 June 22, 2009 Prepared for: 5 Ha Solelim St. Tel Aviv, Israel 67897 Prepared by: Metatron Ltd. 66 Yosef St., Modiin, Israel
Low Assurance Protection Profile for a VoIP Infrastructure Version 1.1 Date Author(s) Dirk-Jan Out Certification ID Sponsor File name No of pages 12 TNO-ITSEF BV VoIP Low Assurance Protection Profile 1.1
Security Target Symantec Data Loss Prevention 11.1.1 Document Version 1.0 January 23, 2012 Document Version 1.0 Symantec Corporation Page 1 of 40 Prepared For: Prepared By: Symantec Corporation 350 Ellis
Security Target for Oracle Database 11g Release 2 (22.214.171.124) Standard Edition and Standard Edition One October 2011 Version 1.3 Security Evaluations Oracle Corporation 500 Oracle Parkway Redwood Shores,
SECURITY TARGET CITADEL HERCULES ENTERPRISE VULNERABILITY MANAGEMENT (EVM) VERSION 4.1 Document No. 1517-011-D001 Version 1.1, 3 August 2006 Prepared for: Citadel Security Software Inc. Two Lincoln Centre
Tivoli Security Policy Manager Version 7.1 Security Target Document Version Version: 1.24 2013-10-31 Page 1 of 56 Trademarks IBM and the IBM logo are trademarks or registered trademarks of International
Common Commercial Database Management System (C.DBMS PP) March 1998 Common Commercial Database Management System March 1998 Page ii Contents March 1998 1 Introduction... 1 1.1 Identification of... 1 1.2
v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 10 January 2012 Version 1.1 Prepared By: Primasec Ltd For McAfee Inc 2340 Energy Park Drive St. Paul, MN 55108 USA Contents 1 Introduction...
IronMail Secure Email Gateway Software Version 4.0.0 Security Target April 27, 2006 Document No. CipherTrust E2-IM4.0.0 CipherTrust 4800 North Point Parkway Suite 400 Alpharetta, GA 30022 Phone: 678-969-9399
Microsoft Windows Vista and Windows Server 2008 EAL1 Security Target Version 1.0 August 14, 2008 Prepared For: Microsoft Corporation Corporate Headquarters One Microsoft Way Redmond, WA 98052-6399 Prepared
C038 Certification Report TAXSAYA Online File name: Version: v1a Date of document: 15 August 2013 Document classification: For general inquiry about us or our services, please email: firstname.lastname@example.org
Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target Revision 1.0 August 2011 1 Table of Contents 1 SECURITY TARGET INTRODUCTION... 6 1.1 ST and TOE Reference... 6 1.2 Acronyms
Security Target McAfee Database Security 4.4.3 Document Version 1.4 June 18, 2013 Document Version 1.4 McAfee Page 1 of 66 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa Clara,
Protection Profile for Server Virtualization 29 October 2014 Version 1.0 i 0 Preface 0.1 Objectives of Document This document presents the Common Criteria (CC) Protection Profile (PP) to express the fundamental
Green Hills Software INTEGRITY-178B Separation Kernel Security Target Version 1.0 Prepared for: Green Hills Software, Inc. 34125 US Hwy 19 North Suite 100 Palm Harbor, FL 34684 USA Prepared By: Science
McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 888.847.8766 www.mcafee.com McAfee Endpoint Encryption 7.0 for PC with McAfee epolicy Orchestrator 4.6 Common Criteria EAL2+ Security Target
BMC Remedy Action Request System 6.3 Security Target Version 4.5 March 28, 2007 Part number: 60658 Prepared by: BMC Software, Inc. 1030 W. Maude Avenue Sunnyvale, CA 94085 Copyright 2004-2007 BMC Software,
Common Criteria Security Target For XenApp 6.0 for Windows Server 2008 R2 Platinum Edition Version 1-0 7 February 2011 2011 Citrix Systems, Inc. All rights reserved. Summary of Amendments Version 1-0 7