NIAP Recommends no further Common Criteria Evaluation of Operating Systems & DBMS

NIAP has posted its public position statements for future Common Criteria evaluation profiles for General Purpose Operating Systems (eg Solaris, Linux, Windows, MacOS, AIX, ...), DBMS (eg Oracle Database, MySQL, DB2, ...).

They are recommending against further development of Common Criterial profiles and against evaluation of GPOS and DBMS systems, due to complexity and cost reasons. 

Note that this is neither a personal statement nor an Oracle statement on the applicability of CC evaluation to GPOS or DBMS systems.

For the status of Oracle products in evaluation please visit this page.

Comments:

Wow.

OK, Common Criteria has always been a heavyweight process (especially for more than just CAPP, in "old money"), but I wonder where this leaves things, for the future. The UK has CPA, and there were views that this would fold into CC at some point, but this statement *really* shakes things up.

I'll keep my eyes peeled, for developments. Thanks for posting this - and please post whatever further info you can, as and when more info comes your way.

Posted by Dave Walker on March 18, 2014 at 06:19 PM GMT #

Darren, can you provide the original citation URL? It's not so obvious from looking at the NIAP site where this statement is being made.

BTW : I would think this is a pretty big deal. Are they suggesting that no new CC test and certifications need to be conducted, or that the protection profiles that exist today are all that is needed for future evaluations?

Posted by Mark Thacker on March 19, 2014 at 12:49 PM GMT #

Hi Mark,

I got these via posts on the Common Criteria discussion forums, they were just links to the PDF files witht the statements.

My interpretation is that they don't think it even makes sense to do CC evaluation of a GPOS or DBMS because they are too big, too complex and too fast moving in features.

Posted by Darren J Moffat on March 19, 2014 at 01:00 PM GMT #

Darren,

Good news. It seems that our message has finally gotten through. Common Criteria never really accomplished the goals of the DoD.

Jim Laurent (Oracle/Sun Retired! ;)

Posted by Jim Laurent on March 19, 2014 at 02:05 PM GMT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Darrenmoffat-Oracle

Search

Categories
Archives
« April 2015
MonTueWedThuFriSatSun
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today