SQL Server version 11.0.6 passed the security evaluation by the National Security Agency (NSA) at the Class C2 criteria. (The requirements for the C2 criteria are given by the Department of Defense in DOD 52.00.28-STD, Department of Defense Trusted Computer System Evaluation Criteria [TCSEC], also known as the “Orange Book.”)
The configuration of SQL Server version 11.0.6 that was evaluated at the C2 security level by the NSA in 1996 on the HP 9000 HP-UX BLS, 9.09+ platform is referred to as the evaluated configuration. Certain features of SQL Server, such as remote procedures and direct updates to system tables, were excluded from the evaluated configuration. Notes in the Adaptive Server documentation indicate particular features that were not included in the evaluated configuration. For a complete list of features that were excluded from the evaluated configuration, see Appendix A in the SQL Server Installation and Configuration Guide for HP 9000 HP-UX BLS, 9.09+.
SSL is the standard for securing the transmission of sensitive information, such as credit card numbers, stock trades, and banking transactions over the Internet. It relies on public key cryptography. SSL implementation uses FIPS 140-2 Validated level 1 cryptographic modules using Certicom Security Builder GSE for products running on Windows, Solaris, AIX and HPUX operating systems.
Adaptive Server release 15.0 contains all of the security features included in SQL Server version 11.0.6 plus some new security features. Table 13-4 summarizes the major features.
Copyright © 2005. Sybase Inc. All rights reserved. |