Oracle, Symantec validated under security standard

Oracle Corp., Redwood Shores, Calif., and Symantec Corp., Cupertino, Calif., have both had products receive Common Criteria certification through an evaluation program run by the National Security Agency and the National Institute of Standards and Technology.

Oracle received Common Criteria Evaluation Assurance Level Four for its Oracle8i Label Security, version 8.1.7. This product can control what information users can see in a database according to their access levels.

Symantec received level four validation for its Enterprise Firewall 7.0 product.

Both products are eligible for use in systems that handle information concerning national security. The National Security Telecommunications and Information Systems Security Policy No. 11, or NSTISSP No. 11, stipulates that, starting in July, all networks handling national security data must use equipment that is certified as secure.

The International Common Criteria for Information Security Technology Security Evaluation is one of the standards approved by Policy 11. Common Criteria is a set of evaluation criteria agreed to by a NSA-NIST effort called the National Information Assurance Partnership.

Common Criteria testing laboratories are operated by companies such as Booz Allen Hamilton Inc., McLean, Va., Computer Sciences Corp., El Segundo, Calif., and Science Applications International Corp., San Diego.

Mary Ann Davidson, chief security officer for Oracle, said that, given the events of Sept. 11, the NSTISSP mandate will be far-reaching and will affect systems not commonly considered a part of national security. She said the Defense Integrated Military Human Resource System, the Defense Department's unified payroll system now in the solicitation stage, might come under mandate.

Another candidate would be the Navy-Marine Corps Intranet, the $6.9 billion project led by Electronic Data Systems Corp., Plano, Texas, said Eric Mazzacone, a spokesperson for the Navy's Program Executive Officer for Information Technology

To pass NSTISSP muster, products must be certified by a Common Criteria laboratory, NIAP or NIST's Federal Information Processing Standard.

For more information on Policy 11, see A list of validated equipment appears at

About the Author

Joab Jackson is the senior technology editor for Government Computer News.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here


  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.