SQL Server, the DoD, and Common Criteria

Published Mar 23 2019 12:16 PM 500 Views
Microsoft
First published on TECHNET on Aug 12, 2011

Common Criteria is an international standard for a set of security characteristics, and the U.S. Department of Defense (DoD) Database Security Technical Implementation Guide (STIG) (via the Security Readiness Review for SQL Server) requires it to be enabled. (See DG0084.)


You can turn it on by using sp_configure ("common criteria compliance enabled") or by using SQL Server Management Studio (server properties, security page, options, "Enable Common Criteria compliance" checkbox).


Enabling SQL Server's Common Criteria switch will enable 3 functions:



  1. Residual Information Protection

  2. The ability to view login statistics

  3. Prevention of a column-level GRANT from overriding a table-level DENY


For more details about these functions, see the SQL Server Books Online article here .


If you want to know about Common Criteria evaluations of different SQL Server versions and service pack levels, just go to this page and click on the tabs across the top.

%3CLINGO-SUB%20id%3D%22lingo-sub-383902%22%20slang%3D%22en-US%22%3ESQL%20Server%2C%20the%20DoD%2C%20and%20Common%20Criteria%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-383902%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3E%20First%20published%20on%20TECHNET%20on%20Aug%2012%2C%202011%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%3CP%3E%3CA%20href%3D%22http%3A%2F%2Fen.wikipedia.org%2Fwiki%2FCommon_Criteria%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ECommon%20Criteria%20%3C%2FA%3E%20is%20an%20international%20standard%20for%20a%20set%20of%20security%20characteristics%2C%20and%20the%20U.S.%20Department%20of%20Defense%20(DoD)%20Database%20Security%20Technical%20Implementation%20Guide%20(STIG)%20(via%20the%20Security%20Readiness%20Review%20for%20SQL%20Server)%20requires%20it%20to%20be%20enabled.%20(See%20DG0084.)%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EYou%20can%20turn%20it%20on%20by%20using%20sp_configure%20(%22common%20criteria%20compliance%20enabled%22)%26nbsp%3Bor%20by%20using%20SQL%20Server%20Management%20Studio%20(server%20properties%2C%20security%20page%2C%20options%2C%20%22Enable%20Common%20Criteria%20compliance%22%20checkbox).%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EEnabling%20SQL%20Server's%20Common%20Criteria%20switch%20will%20enable%203%20functions%3A%3C%2FP%3E%3CBR%20%2F%3E%3COL%3E%3CBR%20%2F%3E%3CLI%3EResidual%20Information%20Protection%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EThe%20ability%20to%20view%20login%20statistics%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3EPrevention%20of%20a%20column-level%20GRANT%20from%20overriding%20a%20table-level%20DENY%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FOL%3E%3CBR%20%2F%3E%3CP%3EFor%20more%20details%20about%20these%20functions%2C%20see%20the%20SQL%20Server%20Books%20Online%20article%20%3CA%20href%3D%22http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Flibrary%2Fbb326650.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20here%20%3C%2FA%3E%20.%3C%2FP%3E%3CBR%20%2F%3E%3CP%3EIf%20you%20want%20to%20know%20about%20Common%20Criteria%20evaluations%20of%20different%20SQL%20Server%20versions%20and%20service%20pack%20levels%2C%20just%20go%20to%20%3CA%20href%3D%22http%3A%2F%2Fwww.microsoft.com%2Fsqlserver%2Fen%2Fus%2Fcommon-criteria.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20this%20page%20%3C%2FA%3E%20and%20click%20on%20the%20tabs%20across%20the%20top.%3C%2FP%3E%0A%20%0A%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-383902%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20TECHNET%20on%20Aug%2012%2C%202011%20Common%20Criteria%26nbsp%3Bis%20an%20international%20standard%20for%20a%20set%20of%20security%20characteristics%2C%20and%20the%20U.%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-383902%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESQLServerSecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Mar 23 2019 12:16 PM
Updated by: