This page was not yet optimized for use on mobile devices.
SQL Server 2016 Database Engine Enterprise Edition x64 (English) 13.0.4001.0 (including Service Pack 1)
This certificate has known related CVEs, which means that
the certified
product might be vulnerable.
CSV information ?
| Status | archived |
|---|---|
| Valid from | 15.02.2017 |
| Valid until | 15.02.2022 |
| Scheme | 🇯🇵 JP |
| Manufacturer | Microsoft Corporation |
| Category | Databases |
| Security level | EAL2+, ALC_FLR.2 |
| Protection profiles |
Heuristics summary ?
Certificate ID: JISEC-CC-CRP-C0537
Certificate ?
Extracted keywords
Vendor
Microsoft CorporationSecurity level
EAL2Security Assurance Requirements (SAR)
ALC_FLR.2Evaluation facilities
TÜV InformationstechnikFile metadata
| Creation date | D:20170316155916+09'00' |
|---|---|
| Modification date | D:20170316160045+09'00' |
| Pages | 1 |
| Creator | Microsoft® Word 2010 |
| Producer | Microsoft® Word 2010 |
Certification report ?
Extracted keywords
Vendor
Microsoft Corporation, MicrosoftSecurity level
EAL2, EAL2+, EAL2 augmentedClaims
T.ACCESS_TSFDATA, T.ACCESS_TSFFUNC, T.IA_MASQUERADE, T.IA_USER, T.RESIDUAL_DATA, T.TSF_COMPROMISE, T.UNAUTHORIZED_, A.PHYSICAL, A.AUTHUSER, A.MANAGE, A.TRAINEDUSER, A.NO_GENERAL_, A.SUPPORT, A.CONNECTSecurity Assurance Requirements (SAR)
ALC_FLR.2Certificates
CRP-C0537-01, Certification No. C0537Evaluation facilities
TÜV InformationstechnikStandards
CCMB-2012-09-001, CCMB-2012-09-002, CCMB-2012-09-003, CCMB-2012-09-004File metadata
| Creation date | D:20170316160424+09'00' |
|---|---|
| Modification date | D:20170316160534+09'00' |
| Pages | 33 |
| Creator | Microsoft® Word 2010 |
| Producer | Microsoft® Word 2010 |
Security target ?
Extracted keywords
Hash functions
SHA-1Trusted Execution Environments
SEVendor
Microsoft Corporation, MicrosoftSecurity level
EAL2+, EAL2, EAL 2, EAL2 augmented, EAL 2 augmentedClaims
O.ACCESS_HISTORY, O.ADMIN_ROLE, O.AUDIT_GENERATION, O.DISCRETIONARY_ACCESS, O.MANAGE, O.MEDIATE, O.RESIDUAL_INFORMATION, O.TOE_ACCESS, O.AUDIT_GENERATI, O.DISCRETIONARY_, O.RESIDUAL_INFOR, T.ACCESS_TSFDATA, T.ACCESS_TSFFUNC, T.IA_MASQUERADE, T.IA_USER, T.RESIDUAL_DATA, T.TSF_COMPROMISE, T.UNAUTHORIZED_ACCESS, A.PHYSICAL, A.AUTHUSER, A.MANAGE, A.TRAINEDUSER, A.NO_GENERAL_PURPOSE, A.SUPPORT, A.CONNECT, OE.ADMIN, OE.INFO_PROTECT, OE.NO_GENERAL_, OE.PHYSICAL, OE.IT_REMOTE, OE.IT_TRUSTED_SYSTEM, OE.NO_GENERAL_PURPOSESecurity Assurance Requirements (SAR)
AGD_ADD, ALC_FLR.2Security Functional Requirements (SFR)
FAU_GEN.1, FAU_GEN.2, FAU_SEL.1, FAU_GEN.1.1, FAU_GEN.1.2, FAU_GEN.2.1, FAU_SEL.1.1, FDP_ACC.1, FDP_ACF.1, FDP_RIP.1, FDP_ACC.1.1, FDP_ACF.1.1, FDP_ACF.1.2, FDP_ACF.1.3, FDP_ACF.1.4, FDP_RIP.1.1, FDP_IFC.1, FIA_USB.1, FIA_ATD.1, FIA_UAU.1, FIA_UID.1, FIA_ATD.1.1, FIA_UAU.1.1, FIA_UAU.1.2, FIA_UID.1.1, FIA_UID.1.2, FMT_MOF.1, FMT_MSA.1, FMT_MSA.3, FMT_MTD.1, FMT_REV.1, FMT_SMF.1, FMT_SMR.1, FMT_MOF.1.1, FMT_MSA.1.1, FMT_MSA.3.1, FMT_MSA.3.2, FMT_MTD.1.1, FMT_REV.1.1, FMT_REV.1.2, FMT_SMF.1.1, FMT_SMR.1.1, FMT_SMR.1.2, FPT_TRC.1, FPT_TRC.1.1, FPT_TRC.1.2, FPT_STM.1, FPT_ITT.1, FTA_MCS.1, FTA_TSE.1, FTA_MCS.1.1, FTA_MCS.1.2, FTA_TSE.1.1, FTA_TAHFile metadata
| Title | Security Target - SQL Server 2016 |
|---|---|
| Subject | Security Target |
| Keywords | CC, ST, Common Criteria, SQL, Security Target, DBMS, Database Management System |
| Author | SQL Team |
| Creation date | D:20161221140607+01'00' |
| Modification date | D:20161221140607+01'00' |
| Pages | 65 |
| Creator | Microsoft® Word 2010 |
| Producer | Microsoft® Word 2010 |
Heuristics ?
Certificate ID: JISEC-CC-CRP-C0537
Extracted SARs
ALC_FLR.2Related CVEs
| ID | Links | Severity | CVSS Score | Published on | ||
|---|---|---|---|---|---|---|
| Base | Exploitability | Impact | ||||
| CVE-2024-21449 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-35256 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-35271 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-35272 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37318 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37319 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37320 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37321 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37322 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37323 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37324 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37326 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37327 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37328 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37329 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37330 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37331 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37332 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37333 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-37336 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-38087 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
| CVE-2024-38088 | HIGH | 8.8 | 5.9 | 09.07.2024 17:15 | ||
Showing 5 out of 22.
Similar certificates
Showing 5 out of 13.
Scheme data ?
| Cert Id | JISEC-CC-CRP-C0537 | |
|---|---|---|
| Supplier | Microsoft Corporation | |
| Toe Overseas Name | SQL Server 2016 Database Engine Enterprise Edition x64 (English)13.0.4001.0 (including Service Pack 1) | |
| Expiration Date | 01.03.2022 | |
| Claim | EAL2+ALC_FLR.2 PP | |
| Certification Date | 01.02.2017 | |
| Toe Overseas Link | https://www.ipa.go.jp/en/security/jisec/software/certified-cert/c0537_it5563.html | |
| Toe Japan Name | ----- | |
| Enhanced | ||
| Product | SQL Server 2016 Database Engine Enterprise Edition x64 (English) | |
| Toe Version | 13.0.4001.0 (including Service Pack 1) | |
| Product Type | Database Management System (DBMS) | |
| Cc Version | 3.1 Release4 | |
| Assurance Level | EAL2 Augmented with ALC_FLR.2 | |
| Protection Profile | Base Protection Profile for Database Management Systems (DBMS PP), Version 2.07 | |
| Vendor | Microsoft Corporation | |
| Evaluation Facility | TÜV Informationstechnik GmbH, Evaluation Body for IT-Security | |
| Report Link | https://www.ipa.go.jp/en/security/c0537_erpt.pdf | |
| Cert Link | https://www.ipa.go.jp/en/security/c0537_eimg.pdf | |
| Target Link | https://www.ipa.go.jp/en/security/c0537_est.pdf | |
| Description | PRODUCT DESCRIPTION Description of TOE The TOE is the database engine of SQL Server 2016. SQL Server is a Database Management System (DBMS). The TOE has been developed as the core module of the DBMS to store and manage data in a secure way. TOE security functionality This TOE provides the following security functionality: - The Access Control function of the TOE controls the access of users to user data and metadata stored in the TOE. - The Session Handling function of the TOE limits the possibilities of users to establish sessions with the TOE. - The Security Audit function of the TOE produces log files about all security relevant events. - The Security Management function allows authorized administrators to manage the behavior of the security functionality of the TOE. - The Identification and Authentication function of the TOE is able to identify and authenticate users. - The Residual Information Protection function of the TOE overwrites the residual information on the memory that will be used for user sessions. | |
References ?
No references are available for this certificate.
Updates ?
-
21.11.2024 The certificate data changed.
Certificate changed
The computed heuristics were updated.
- The following values were inserted:
{'prev_certificates': [], 'next_certificates': []}.
- The following values were inserted:
-
09.11.2024 The certificate data changed.
Certificate changed
The computed heuristics were updated.
- The scheme_data property was updated, with the
{'cert_id': 'JISEC-CC-CRP-C0537', 'expiration_date': '2022-03-01', 'claim': 'EAL2+ALC_FLR.2 PP', 'certification_date': '2017-02-01', 'enhanced': {'__update__': {'evaluation_facility': 'TÜV Informationstechnik GmbH, Evaluation Body for IT-Security', 'description': 'PRODUCT DESCRIPTION Description of TOE The TOE is the database engine of SQL Server 2016. SQL Server is a Database Management System (DBMS). The TOE has been developed as the core module of the DBMS to store and manage data in a secure way. TOE security functionality This TOE provides the following security functionality: - The Access Control function of the TOE controls the access of users to user data and metadata stored in the TOE. - The Session Handling function of the TOE limits the possibilities of users to establish sessions with the TOE. - The Security Audit function of the TOE produces log files about all security relevant events. - The Security Management function allows authorized administrators to manage the behavior of the security functionality of the TOE. - The Identification and Authentication function of the TOE is able to identify and authenticate users. - The Residual Information Protection function of the TOE overwrites the residual information on the memory that will be used for user sessions.'}, '__delete__': ['certification_date']}}data.
- The scheme_data property was updated, with the
-
17.10.2024 The certificate data changed.
Certificate changed
The Protection Profiles of the certificate were updated.
- The new value is
{'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.protection_profile.ProtectionProfile', 'pp_name': 'Base Protection Profile for Database Management Systems', 'pp_eal': 'EAL2+', 'pp_link': 'https://www.commoncriteriaportal.org/files/ppfiles/pp0088b_pdf.pdf', 'pp_ids': {'_type': 'Set', 'elements': ['DBMS_PP']}}]}.
- The new value is
-
14.10.2024 The certificate data changed.
Certificate changed
The computed heuristics were updated.
- The cpe_matches property was set to
{'_type': 'Set', 'elements': ['cpe:2.3:a:microsoft:sql_server_2016:13.0.4001.0:*:*:*:*:*:*:*']}. - The related_cves property was set to
{'_type': 'Set', 'elements': ['CVE-2024-37329', 'CVE-2024-37331', 'CVE-2024-37326', 'CVE-2024-35272', 'CVE-2024-37336', 'CVE-2024-35256', 'CVE-2024-35271', 'CVE-2024-37321', 'CVE-2024-21449', 'CVE-2024-37324', 'CVE-2024-37323', 'CVE-2024-37332', 'CVE-2024-37328', 'CVE-2024-38087', 'CVE-2024-37319', 'CVE-2024-37322', 'CVE-2024-37320', 'CVE-2024-37327', 'CVE-2024-38088', 'CVE-2024-37330', 'CVE-2024-37333', 'CVE-2024-37318']}. - The scheme_data property was set to
{'cert_id': 'C0537', 'supplier': 'Microsoft Corporation', 'toe_overseas_name': 'SQL Server 2016 Database Engine Enterprise Edition x64 (English)13.0.4001.0 (including Service Pack 1)', 'expiration_date': '2022-03', 'claim': 'EAL2+ALC_FLR.2 PP', 'certification_date': '2017-02', 'toe_overseas_link': 'https://www.ipa.go.jp/en/security/jisec/software/certified-cert/c0537_it5563.html', 'toe_japan_name': '-----', 'enhanced': {'product': 'SQL Server 2016 Database Engine Enterprise Edition x64 (English)', 'toe_version': '13.0.4001.0 (including Service Pack 1)', 'product_type': 'Database Management System (DBMS)', 'certification_date': '2017-02-15', 'cc_version': '3.1 Release4', 'assurance_level': 'EAL2 Augmented with ALC_FLR.2', 'protection_profile': 'Base Protection Profile for Database Management Systems (DBMS PP), Version 2.07', 'vendor': 'Microsoft Corporation', 'evaluation_facility': 'TÜV Informationstechnik GmbH, \n Evaluation Body for IT-Security', 'report_link': 'https://www.ipa.go.jp/en/security/c0537_erpt.pdf', 'cert_link': 'https://www.ipa.go.jp/en/security/c0537_eimg.pdf', 'target_link': 'https://www.ipa.go.jp/en/security/c0537_est.pdf', 'description': 'PRODUCT DESCRIPTION \n Description of TOE \n The TOE is the database engine of SQL Server 2016. SQL Server is a Database Management System (DBMS). The TOE has been developed as the core module of the DBMS to store and manage data in a secure way. \n \n TOE security functionality \n This TOE provides the following security functionality: \n \n \n \n - \n The Access Control function of the TOE controls the access of users to user data and metadata stored in the TOE. \n \n \n - \n The Session Handling function of the TOE limits the possibilities of users to establish sessions with the TOE. \n \n \n - \n The Security Audit function of the TOE produces log files about all security relevant events. \n \n \n - \n The Security Management function allows authorized administrators to manage the behavior of the security functionality of the TOE. \n \n \n - \n The Identification and Authentication function of the TOE is able to identify and authenticate users. \n \n \n - \n The Residual Information Protection function of the TOE overwrites the residual information on the memory that will be used for user sessions.'}}.
- The cpe_matches property was set to
-
30.09.2024 The certificate data changed.
Certificate changed
The computed heuristics were updated.
- The scheme_data property was set to
None.
- The scheme_data property was set to
-
22.08.2024 The certificate data changed.
Certificate changed
The state of the certificate object was updated.
- The report property was updated, with the
{'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': 'c01e18dbdad0c499dc46b42ce4d19384899797a509f8647ca809715d05dc16ec', 'txt_hash': 'ea6efabb475d8107b300bf1572a0e13a8d393ace9dc5452dc1f81ba225faa42f'}data. - The st property was updated, with the
{'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': 'f0c8433c7f20b1ce5fd24304cff9661223f1afad4e63512f2605f1e794bb47cb', 'txt_hash': '366a3938d32ee8c03f1719b4490a4ee05c88db9451aabecfbb21752a48f9ce6d'}data. - The cert property was updated, with the
{'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': 'e06b4bf851a233995c42ea3442c808670fa41d0a9623dcc6edcb29d625e31239', 'txt_hash': 'd6f03332aaf99dee97c2c1bee96bfbe235b26ac32e9ddd3df2b047a8bda650ba'}data.
The PDF extraction data was updated.
- The report_metadata property was set to
{'pdf_file_size_bytes': 240723, 'pdf_is_encrypted': True, 'pdf_number_of_pages': 33, '/CreationDate': "D:20170316160424+09'00'", '/Creator': 'Microsoft® Word 2010', '/ModDate': "D:20170316160534+09'00'", '/Producer': 'Microsoft® Word 2010', 'pdf_hyperlinks': {'_type': 'Set', 'elements': []}}. - The st_metadata property was set to
{'pdf_file_size_bytes': 1446524, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 65, '/Title': 'Security Target - SQL Server 2016', '/Author': 'SQL Team', '/Subject': 'Security Target', '/Keywords': 'CC, ST, Common Criteria, SQL, Security Target, DBMS, Database Management System', '/Creator': 'Microsoft® Word 2010', '/CreationDate': "D:20161221140607+01'00'", '/ModDate': "D:20161221140607+01'00'", '/Producer': 'Microsoft® Word 2010', 'pdf_hyperlinks': {'_type': 'Set', 'elements': ['https://www.microsoft.com/sqlserver/en/us/common-criteria.aspx', 'https://www.microsoft.com/licensing/servicecenter/default.aspx']}}. - The cert_metadata property was set to
{'pdf_file_size_bytes': 415538, 'pdf_is_encrypted': True, 'pdf_number_of_pages': 1, '/CreationDate': "D:20170316155916+09'00'", '/Creator': 'Microsoft® Word 2010', '/ModDate': "D:20170316160045+09'00'", '/Producer': 'Microsoft® Word 2010', 'pdf_hyperlinks': {'_type': 'Set', 'elements': []}}. - The report_frontpage property was set to
{}. - The report_keywords property was set to
{'cc_cert_id': {'JP': {'CRP-C0537-01': 1, 'Certification No. C0537': 1}}, 'cc_protection_profile_id': {}, 'cc_security_level': {'EAL': {'EAL2': 4, 'EAL2+': 2, 'EAL2 augmented': 3}}, 'cc_sar': {'ALC': {'ALC_FLR.2': 4}}, 'cc_sfr': {}, 'cc_claims': {'T': {'T.ACCESS_TSFDATA': 1, 'T.ACCESS_TSFFUNC': 1, 'T.IA_MASQUERADE': 1, 'T.IA_USER': 1, 'T.RESIDUAL_DATA': 1, 'T.TSF_COMPROMISE': 1, 'T.UNAUTHORIZED_': 1}, 'A': {'A.PHYSICAL': 1, 'A.AUTHUSER': 1, 'A.MANAGE': 1, 'A.TRAINEDUSER': 1, 'A.NO_GENERAL_': 1, 'A.SUPPORT': 1, 'A.CONNECT': 1}}, 'vendor': {'Microsoft': {'Microsoft Corporation': 7, 'Microsoft': 5}}, 'eval_facility': {'TUV': {'TÜV Informationstechnik': 4}}, 'symmetric_crypto': {}, 'asymmetric_crypto': {}, 'pq_crypto': {}, 'hash_function': {}, 'crypto_scheme': {}, 'crypto_protocol': {}, 'randomness': {}, 'cipher_mode': {}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {}, 'technical_report_id': {}, 'device_model': {}, 'tee_name': {}, 'os_name': {}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {'CC': {'CCMB-2012-09-001': 2, 'CCMB-2012-09-002': 2, 'CCMB-2012-09-003': 2, 'CCMB-2012-09-004': 2}}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {}}. - The st_keywords property was set to
{'cc_cert_id': {}, 'cc_protection_profile_id': {}, 'cc_security_level': {'EAL': {'EAL2+': 66, 'EAL2': 1, 'EAL 2': 3, 'EAL2 augmented': 1, 'EAL 2 augmented': 1}}, 'cc_sar': {'AGD': {'AGD_ADD': 3}, 'ALC': {'ALC_FLR.2': 4}}, 'cc_sfr': {'FAU': {'FAU_GEN.1': 9, 'FAU_GEN.2': 6, 'FAU_SEL.1': 7, 'FAU_GEN.1.1': 1, 'FAU_GEN.1.2': 1, 'FAU_GEN.2.1': 1, 'FAU_SEL.1.1': 1}, 'FDP': {'FDP_ACC.1': 15, 'FDP_ACF.1': 8, 'FDP_RIP.1': 6, 'FDP_ACC.1.1': 1, 'FDP_ACF.1.1': 2, 'FDP_ACF.1.2': 1, 'FDP_ACF.1.3': 1, 'FDP_ACF.1.4': 1, 'FDP_RIP.1.1': 1, 'FDP_IFC.1': 1}, 'FIA': {'FIA_USB.1': 5, 'FIA_ATD.1': 15, 'FIA_UAU.1': 7, 'FIA_UID.1': 14, 'FIA_ATD.1.1': 3, 'FIA_UAU.1.1': 1, 'FIA_UAU.1.2': 1, 'FIA_UID.1.1': 1, 'FIA_UID.1.2': 1}, 'FMT': {'FMT_MOF.1': 6, 'FMT_MSA.1': 7, 'FMT_MSA.3': 8, 'FMT_MTD.1': 6, 'FMT_REV.1': 12, 'FMT_SMF.1': 11, 'FMT_SMR.1': 18, 'FMT_MOF.1.1': 1, 'FMT_MSA.1.1': 1, 'FMT_MSA.3.1': 1, 'FMT_MSA.3.2': 1, 'FMT_MTD.1.1': 1, 'FMT_REV.1.1': 2, 'FMT_REV.1.2': 2, 'FMT_SMF.1.1': 1, 'FMT_SMR.1.1': 1, 'FMT_SMR.1.2': 1}, 'FPT': {'FPT_TRC.1': 6, 'FPT_TRC.1.1': 1, 'FPT_TRC.1.2': 1, 'FPT_STM.1': 1, 'FPT_ITT.1': 1}, 'FTA': {'FTA_MCS.1': 7, 'FTA_TSE.1': 6, 'FTA_MCS.1.1': 1, 'FTA_MCS.1.2': 1, 'FTA_TSE.1.1': 1, 'FTA_TAH': 1}}, 'cc_claims': {'O': {'O.ACCESS_HISTORY': 9, 'O.ADMIN_ROLE': 8, 'O.AUDIT_GENERATION': 6, 'O.DISCRETIONARY_ACCESS': 5, 'O.MANAGE': 11, 'O.MEDIATE': 8, 'O.RESIDUAL_INFORMATION': 8, 'O.TOE_ACCESS': 18, 'O.AUDIT_GENERATI': 1, 'O.DISCRETIONARY_': 1, 'O.RESIDUAL_INFOR': 1}, 'T': {'T.ACCESS_TSFDATA': 3, 'T.ACCESS_TSFFUNC': 3, 'T.IA_MASQUERADE': 4, 'T.IA_USER': 3, 'T.RESIDUAL_DATA': 3, 'T.TSF_COMPROMISE': 4, 'T.UNAUTHORIZED_ACCESS': 4}, 'A': {'A.PHYSICAL': 3, 'A.AUTHUSER': 3, 'A.MANAGE': 3, 'A.TRAINEDUSER': 3, 'A.NO_GENERAL_PURPOSE': 3, 'A.SUPPORT': 4, 'A.CONNECT': 4}, 'OE': {'OE.ADMIN': 12, 'OE.INFO_PROTECT': 19, 'OE.NO_GENERAL_': 2, 'OE.PHYSICAL': 8, 'OE.IT_REMOTE': 10, 'OE.IT_TRUSTED_SYSTEM': 9, 'OE.NO_GENERAL_PURPOSE': 6}}, 'vendor': {'Microsoft': {'Microsoft Corporation': 3, 'Microsoft': 10}}, 'eval_facility': {}, 'symmetric_crypto': {}, 'asymmetric_crypto': {}, 'pq_crypto': {}, 'hash_function': {'SHA': {'SHA1': {'SHA-1': 1}}}, 'crypto_scheme': {}, 'crypto_protocol': {}, 'randomness': {}, 'cipher_mode': {}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {}, 'technical_report_id': {}, 'device_model': {}, 'tee_name': {'IBM': {'SE': 3}}, 'os_name': {}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {}}. - The cert_keywords property was set to
{'cc_cert_id': {}, 'cc_protection_profile_id': {}, 'cc_security_level': {'EAL': {'EAL2': 1}}, 'cc_sar': {'ALC': {'ALC_FLR.2': 1}}, 'cc_sfr': {}, 'cc_claims': {}, 'vendor': {'Microsoft': {'Microsoft Corporation': 1}}, 'eval_facility': {'TUV': {'TÜV Informationstechnik': 1}}, 'symmetric_crypto': {}, 'asymmetric_crypto': {}, 'pq_crypto': {}, 'hash_function': {}, 'crypto_scheme': {}, 'crypto_protocol': {}, 'randomness': {}, 'cipher_mode': {}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {}, 'technical_report_id': {}, 'device_model': {}, 'tee_name': {}, 'os_name': {}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {}}. - The report_filename property was set to
c0537_erpt.pdf. - The st_filename property was set to
c0537_est.pdf. - The cert_filename property was set to
c0537_eimg.pdf.
The computed heuristics were updated.
- The cert_id property was set to
JISEC-CC-CRP-C0537.
- The report property was updated, with the
-
17.08.2024 The certificate data changed.
Certificate changed
The report_link was updated.
- The new value is
https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/c0537_erpt.pdf.
The st_link was updated.
- The new value is
https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/c0537_est.pdf.
The state of the certificate object was updated.
- The report property was updated, with the
{'download_ok': False, 'convert_ok': False, 'extract_ok': False, 'pdf_hash': None, 'txt_hash': None}data. - The cert property was updated, with the
{'download_ok': False, 'convert_ok': False, 'extract_ok': False, 'pdf_hash': None, 'txt_hash': None}data.
The PDF extraction data was updated.
- The report_metadata property was set to
None. - The cert_metadata property was set to
None. - The report_frontpage property was set to
None. - The report_keywords property was set to
None. - The cert_keywords property was set to
None. - The report_filename property was set to
None. - The cert_filename property was set to
None.
The computed heuristics were updated.
- The cert_id property was set to
None.
- The new value is
-
12.08.2024 The certificate data changed.
Certificate changed
The state of the certificate object was updated.
- The st property was updated, with the
{'download_ok': False, 'convert_ok': False, 'extract_ok': False, 'pdf_hash': None, 'txt_hash': None}data.
The PDF extraction data was updated.
- The st_metadata property was set to
None. - The st_keywords property was set to
None. - The st_filename property was set to
None.
- The st property was updated, with the
-
23.07.2024 The certificate was first processed.
New certificate
A new Common Criteria certificate with the product name SQL Server 2016 Database Engine Enterprise Edition x64 (English) 13.0.4001.0 (including Service Pack 1) was processed.
Raw data
{
"_type": "sec_certs.sample.cc.CCCertificate",
"category": "Databases",
"cert_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/c0537_eimg.pdf",
"dgst": "a43cc3e7f97cf843",
"heuristics": {
"_type": "sec_certs.sample.cc.CCCertificate.Heuristics",
"annotated_references": null,
"cert_id": "JISEC-CC-CRP-C0537",
"cert_lab": null,
"cpe_matches": {
"_type": "Set",
"elements": [
"cpe:2.3:a:microsoft:sql_server_2016:13.0.4001.0:*:*:*:*:*:*:*"
]
},
"direct_transitive_cves": null,
"extracted_sars": {
"_type": "Set",
"elements": [
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_FLR",
"level": 2
}
]
},
"extracted_versions": {
"_type": "Set",
"elements": [
"13.0.4001.0"
]
},
"indirect_transitive_cves": null,
"next_certificates": [],
"prev_certificates": [],
"related_cves": {
"_type": "Set",
"elements": [
"CVE-2024-37336",
"CVE-2024-37318",
"CVE-2024-37332",
"CVE-2024-37320",
"CVE-2024-37319",
"CVE-2024-35272",
"CVE-2024-35271",
"CVE-2024-37323",
"CVE-2024-37326",
"CVE-2024-37324",
"CVE-2024-37331",
"CVE-2024-37328",
"CVE-2024-38087",
"CVE-2024-37330",
"CVE-2024-38088",
"CVE-2024-21449",
"CVE-2024-37329",
"CVE-2024-35256",
"CVE-2024-37322",
"CVE-2024-37327",
"CVE-2024-37333",
"CVE-2024-37321"
]
},
"report_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"scheme_data": {
"cert_id": "JISEC-CC-CRP-C0537",
"certification_date": "2017-02-01",
"claim": "EAL2+ALC_FLR.2 PP",
"enhanced": {
"assurance_level": "EAL2 Augmented with ALC_FLR.2",
"cc_version": "3.1 Release4",
"cert_link": "https://www.ipa.go.jp/en/security/c0537_eimg.pdf",
"description": "PRODUCT DESCRIPTION Description of TOE The TOE is the database engine of SQL Server 2016. SQL Server is a Database Management System (DBMS). The TOE has been developed as the core module of the DBMS to store and manage data in a secure way. TOE security functionality This TOE provides the following security functionality: - The Access Control function of the TOE controls the access of users to user data and metadata stored in the TOE. - The Session Handling function of the TOE limits the possibilities of users to establish sessions with the TOE. - The Security Audit function of the TOE produces log files about all security relevant events. - The Security Management function allows authorized administrators to manage the behavior of the security functionality of the TOE. - The Identification and Authentication function of the TOE is able to identify and authenticate users. - The Residual Information Protection function of the TOE overwrites the residual information on the memory that will be used for user sessions.",
"evaluation_facility": "T\u00dcV Informationstechnik GmbH, Evaluation Body for IT-Security",
"product": "SQL Server 2016 Database Engine Enterprise Edition x64 (English)",
"product_type": "Database Management System (DBMS)",
"protection_profile": "Base Protection Profile for Database Management Systems (DBMS PP), Version 2.07",
"report_link": "https://www.ipa.go.jp/en/security/c0537_erpt.pdf",
"target_link": "https://www.ipa.go.jp/en/security/c0537_est.pdf",
"toe_version": "13.0.4001.0 (including Service Pack 1)",
"vendor": "Microsoft Corporation"
},
"expiration_date": "2022-03-01",
"supplier": "Microsoft Corporation",
"toe_japan_name": "-----",
"toe_overseas_link": "https://www.ipa.go.jp/en/security/jisec/software/certified-cert/c0537_it5563.html",
"toe_overseas_name": "SQL Server 2016 Database Engine Enterprise Edition x64 (English)13.0.4001.0 (including Service Pack 1)"
},
"st_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"verified_cpe_matches": null
},
"maintenance_updates": {
"_type": "Set",
"elements": []
},
"manufacturer": "Microsoft Corporation",
"manufacturer_web": "https://www.microsoft.com",
"name": "SQL Server 2016 Database Engine Enterprise Edition x64 (English) 13.0.4001.0 (including Service Pack 1)",
"not_valid_after": "2022-02-15",
"not_valid_before": "2017-02-15",
"pdf_data": {
"_type": "sec_certs.sample.cc.CCCertificate.PdfData",
"cert_filename": "c0537_eimg.pdf",
"cert_frontpage": null,
"cert_keywords": {
"asymmetric_crypto": {},
"cc_cert_id": {},
"cc_claims": {},
"cc_protection_profile_id": {},
"cc_sar": {
"ALC": {
"ALC_FLR.2": 1
}
},
"cc_security_level": {
"EAL": {
"EAL2": 1
}
},
"cc_sfr": {},
"certification_process": {},
"cipher_mode": {},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {},
"eval_facility": {
"TUV": {
"T\u00dcV Informationstechnik": 1
}
},
"hash_function": {},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {},
"side_channel_analysis": {},
"standard_id": {},
"symmetric_crypto": {},
"technical_report_id": {},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Microsoft": {
"Microsoft Corporation": 1
}
},
"vulnerability": {}
},
"cert_metadata": {
"/CreationDate": "D:20170316155916+09\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2010",
"/ModDate": "D:20170316160045+09\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2010",
"pdf_file_size_bytes": 415538,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": true,
"pdf_number_of_pages": 1
},
"report_filename": "c0537_erpt.pdf",
"report_frontpage": {},
"report_keywords": {
"asymmetric_crypto": {},
"cc_cert_id": {
"JP": {
"CRP-C0537-01": 1,
"Certification No. C0537": 1
}
},
"cc_claims": {
"A": {
"A.AUTHUSER": 1,
"A.CONNECT": 1,
"A.MANAGE": 1,
"A.NO_GENERAL_": 1,
"A.PHYSICAL": 1,
"A.SUPPORT": 1,
"A.TRAINEDUSER": 1
},
"T": {
"T.ACCESS_TSFDATA": 1,
"T.ACCESS_TSFFUNC": 1,
"T.IA_MASQUERADE": 1,
"T.IA_USER": 1,
"T.RESIDUAL_DATA": 1,
"T.TSF_COMPROMISE": 1,
"T.UNAUTHORIZED_": 1
}
},
"cc_protection_profile_id": {},
"cc_sar": {
"ALC": {
"ALC_FLR.2": 4
}
},
"cc_security_level": {
"EAL": {
"EAL2": 4,
"EAL2 augmented": 3,
"EAL2+": 2
}
},
"cc_sfr": {},
"certification_process": {},
"cipher_mode": {},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {},
"eval_facility": {
"TUV": {
"T\u00dcV Informationstechnik": 4
}
},
"hash_function": {},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {},
"side_channel_analysis": {},
"standard_id": {
"CC": {
"CCMB-2012-09-001": 2,
"CCMB-2012-09-002": 2,
"CCMB-2012-09-003": 2,
"CCMB-2012-09-004": 2
}
},
"symmetric_crypto": {},
"technical_report_id": {},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"Microsoft": {
"Microsoft": 5,
"Microsoft Corporation": 7
}
},
"vulnerability": {}
},
"report_metadata": {
"/CreationDate": "D:20170316160424+09\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2010",
"/ModDate": "D:20170316160534+09\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2010",
"pdf_file_size_bytes": 240723,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": true,
"pdf_number_of_pages": 33
},
"st_filename": "c0537_est.pdf",
"st_frontpage": null,
"st_keywords": {
"asymmetric_crypto": {},
"cc_cert_id": {},
"cc_claims": {
"A": {
"A.AUTHUSER": 3,
"A.CONNECT": 4,
"A.MANAGE": 3,
"A.NO_GENERAL_PURPOSE": 3,
"A.PHYSICAL": 3,
"A.SUPPORT": 4,
"A.TRAINEDUSER": 3
},
"O": {
"O.ACCESS_HISTORY": 9,
"O.ADMIN_ROLE": 8,
"O.AUDIT_GENERATI": 1,
"O.AUDIT_GENERATION": 6,
"O.DISCRETIONARY_": 1,
"O.DISCRETIONARY_ACCESS": 5,
"O.MANAGE": 11,
"O.MEDIATE": 8,
"O.RESIDUAL_INFOR": 1,
"O.RESIDUAL_INFORMATION": 8,
"O.TOE_ACCESS": 18
},
"OE": {
"OE.ADMIN": 12,
"OE.INFO_PROTECT": 19,
"OE.IT_REMOTE": 10,
"OE.IT_TRUSTED_SYSTEM": 9,
"OE.NO_GENERAL_": 2,
"OE.NO_GENERAL_PURPOSE": 6,
"OE.PHYSICAL": 8
},
"T": {
"T.ACCESS_TSFDATA": 3,
"T.ACCESS_TSFFUNC": 3,
"T.IA_MASQUERADE": 4,
"T.IA_USER": 3,
"T.RESIDUAL_DATA": 3,
"T.TSF_COMPROMISE": 4,
"T.UNAUTHORIZED_ACCESS": 4
}
},
"cc_protection_profile_id": {},
"cc_sar": {
"AGD": {
"AGD_ADD": 3
},
"ALC": {
"ALC_FLR.2": 4
}
},
"cc_security_level": {
"EAL": {
"EAL 2": 3,
"EAL 2 augmented": 1,
"EAL2": 1,
"EAL2 augmented": 1,
"EAL2+": 66
}
},
"cc_sfr": {
"FAU": {
"FAU_GEN.1": 9,
"FAU_GEN.1.1": 1,
"FAU_GEN.1.2": 1,
"FAU_GEN.2": 6,
"FAU_GEN.2.1": 1,
"FAU_SEL.1": 7,
"FAU_SEL.1.1": 1
},
"FDP": {
"FDP_ACC.1": 15,
"FDP_ACC.1.1": 1,
"FDP_ACF.1": 8,
"FDP_ACF.1.1": 2,
"FDP_ACF.1.2": 1,
"FDP_ACF.1.3": 1,
"FDP_ACF.1.4": 1,
"FDP_IFC.1": 1,
"FDP_RIP.1": 6,
"FDP_RIP.1.1": 1
},
"FIA": {
"FIA_ATD.1": 15,
"FIA_ATD.1.1": 3,
"FIA_UAU.1": 7,
"FIA_UAU.1.1": 1,
"FIA_UAU.1.2": 1,
"FIA_UID.1": 14,
"FIA_UID.1.1": 1,
"FIA_UID.1.2": 1,
"FIA_USB.1": 5
},
"FMT": {
"FMT_MOF.1": 6,
"FMT_MOF.1.1": 1,
"FMT_MSA.1": 7,
"FMT_MSA.1.1": 1,
"FMT_MSA.3": 8,
"FMT_MSA.3.1": 1,
"FMT_MSA.3.2": 1,
"FMT_MTD.1": 6,
"FMT_MTD.1.1": 1,
"FMT_REV.1": 12,
"FMT_REV.1.1": 2,
"FMT_REV.1.2": 2,
"FMT_SMF.1": 11,
"FMT_SMF.1.1": 1,
"FMT_SMR.1": 18,
"FMT_SMR.1.1": 1,
"FMT_SMR.1.2": 1
},
"FPT": {
"FPT_ITT.1": 1,
"FPT_STM.1": 1,
"FPT_TRC.1": 6,
"FPT_TRC.1.1": 1,
"FPT_TRC.1.2": 1
},
"FTA": {
"FTA_MCS.1": 7,
"FTA_MCS.1.1": 1,
"FTA_MCS.1.2": 1,
"FTA_TAH": 1,
"FTA_TSE.1": 6,
"FTA_TSE.1.1": 1
}
},
"certification_process": {},
"cipher_mode": {},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {},
"eval_facility": {},
"hash_function": {
"SHA": {
"SHA1": {
"SHA-1": 1
}
}
},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {},
"side_channel_analysis": {},
"standard_id": {},
"symmetric_crypto": {},
"technical_report_id": {},
"tee_name": {
"IBM": {
"SE": 3
}
},
"tls_cipher_suite": {},
"vendor": {
"Microsoft": {
"Microsoft": 10,
"Microsoft Corporation": 3
}
},
"vulnerability": {}
},
"st_metadata": {
"/Author": "SQL Team",
"/CreationDate": "D:20161221140607+01\u002700\u0027",
"/Creator": "Microsoft\u00ae Word 2010",
"/Keywords": "CC, ST, Common Criteria, SQL, Security Target, DBMS, Database Management System",
"/ModDate": "D:20161221140607+01\u002700\u0027",
"/Producer": "Microsoft\u00ae Word 2010",
"/Subject": "Security Target",
"/Title": "Security Target - SQL Server 2016",
"pdf_file_size_bytes": 1446524,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://www.microsoft.com/licensing/servicecenter/default.aspx",
"https://www.microsoft.com/sqlserver/en/us/common-criteria.aspx"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 65
}
},
"protection_profiles": {
"_type": "Set",
"elements": [
{
"_type": "sec_certs.sample.protection_profile.ProtectionProfile",
"pp_eal": "EAL2+",
"pp_ids": {
"_type": "Set",
"elements": [
"DBMS_PP"
]
},
"pp_link": "https://www.commoncriteriaportal.org/files/ppfiles/pp0088b_pdf.pdf",
"pp_name": "Base Protection Profile for Database Management Systems"
}
]
},
"report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/c0537_erpt.pdf",
"scheme": "JP",
"security_level": {
"_type": "Set",
"elements": [
"ALC_FLR.2",
"EAL2+"
]
},
"st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/c0537_est.pdf",
"state": {
"_type": "sec_certs.sample.cc.CCCertificate.InternalState",
"cert": {
"_type": "sec_certs.sample.cc.CCCertificate.DocumentState",
"convert_garbage": false,
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"pdf_hash": "e06b4bf851a233995c42ea3442c808670fa41d0a9623dcc6edcb29d625e31239",
"txt_hash": "d6f03332aaf99dee97c2c1bee96bfbe235b26ac32e9ddd3df2b047a8bda650ba"
},
"report": {
"_type": "sec_certs.sample.cc.CCCertificate.DocumentState",
"convert_garbage": false,
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"pdf_hash": "c01e18dbdad0c499dc46b42ce4d19384899797a509f8647ca809715d05dc16ec",
"txt_hash": "ea6efabb475d8107b300bf1572a0e13a8d393ace9dc5452dc1f81ba225faa42f"
},
"st": {
"_type": "sec_certs.sample.cc.CCCertificate.DocumentState",
"convert_garbage": false,
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"pdf_hash": "f0c8433c7f20b1ce5fd24304cff9661223f1afad4e63512f2605f1e794bb47cb",
"txt_hash": "366a3938d32ee8c03f1719b4490a4ee05c88db9451aabecfbb21752a48f9ce6d"
}
},
"status": "archived"
}