Certified/Validated Products List

Microsoft SQL Server 2014 Database Engine Enterprise Edition x64 (English)
12.0.2000.8

Microsoft Corporation
Last Updated 2015-07-24
Product Name :
Microsoft SQL Server 2014 Database Engine Enterprise Edition x64 (English)
Version of TOE :
12.0.2000.8
Product Type :
Database Management System (DBMS)
Certification No. :
C0475
Date :
2015-06-16
Version of Common Criteria:
3.1 Release4
Conformance Claim :
EAL2 Augmented with ALC_FLR.2
PP Identifier :
U.S. Government Protection Profile for Database Management Systems, Version 1.3

PRODUCT DESCRIPTION

Description of TOE

The TOE is the database engine of SQL Server 2014. SQL Server is a Database Management System (DBMS). The TOE has been developed as the core module of the DBMS to store and manage data in a secure way.

 

TOE security functionality

This TOE provides the following security functionality:

- The Access Control function of the TOE controls the access of users to user data and metadata stored in the TOE.
- The Session Handling function of the TOE limits the possibilities of users to establish sessions with the TOE.
- The Security Audit function of the TOE produces log files about all security relevant events.
- The Security Management function allows authorized administrators to manage the behavior of the security functionality of the TOE.
- The Identification and Authentication function of the TOE is able to identify and authenticate users.
- The Residual Information Protection function of the TOE overwrites the residual information on the memory that will be used for user sessions.

 

Security functional requirements

The TOE implements the following security functional requirements.

Security audit Non-repudiation of origin/receipt Cryptographic functionality Access control
Data authentication Export data protection Information flow control Import data protection
Internal transfer data protection Residual information protection Rollback Stored data integrity
Transfer data confidentiality Transfer data integrity Identification and authentication Security management
Privacy Control Security functionality protection Resource utilisation management TOE access control
Trusted path/channels