Acknowledgements
This PP-Configuration was developed by the Database Management Systems international Technical Community (iTC), also known as DBMS-iTC, with representatives from industry, Government agencies, Common Criteria Test Laboratories, and members of academia.
Revision History
| Version | Date | Description |
|---|---|---|
0.4 |
2026-06-30 |
Initial public review draft. Defines the PP-Configuration for claiming the DBMS Cryptographic Functions Module with the DBMS Base PP, including formal CCDB-018 consumption and the optional Enterprise Enhanced use case. |
1. Introduction
1.1. PP-Configuration Overview
This PP-Configuration combines the collaborative Protection Profile for Database Management Systems (Version 2.0) with the collaborative PP-Module for DBMS Cryptographic Functions, Version 0.4.
The configuration is intended for DBMS products that claim DBMS-specific cryptographic support without also claiming a cloud deployment module. The DBMS Cryptographic Functions Module defines the TOE-enforced requirements for DBMS key management, data-at-rest encryption, and data-in-transit protection.
1.2. PP-Configuration Reference
| Attribute | Value |
|---|---|
PP-Configuration Title |
PP-Configuration for cPP_DBMS and DBMS Cryptographic Functions Module |
PP-Configuration Short Name |
PPC_DBMS_CRYPTO |
PP-Configuration Version |
0.4 |
PP-Configuration Publication Date |
2026-06-30 |
Sponsor |
Database Management Systems international Technical Community (DBMS-iTC) |
CC Version |
CC:2022 |
1.3. PP-Configuration Components
| Type | Component | Version / Date | Role in Configuration |
|---|---|---|---|
Base PP |
collaborative Protection Profile for Database Management Systems |
Version 2.0, 27 April 2026 |
Defines the baseline DBMS TOE type, security problem definition, mandatory SFRs, SAR package, and exact conformance baseline. |
PP-Module |
collaborative PP-Module for DBMS Cryptographic Functions |
Version 0.4, 2026-06-30 |
Adds DBMS-specific cryptographic SFRs and consumes CCDB-018 components for key management and data-at-rest encryption; data-in-transit protocols and certificate behavior are supplied by applicable Functional Packages. |
1.4. Configuration Scope
This PP-Configuration applies to DBMS TOEs that provide DBMS-specific cryptographic functions as part of the TOE Security Functionality. It does not include the DBMS in the Cloud Module or the DBMS DBaaS Module. A TOE claiming either cloud deployment module shall use the corresponding PP-Configuration for that module.
2. Component Statements
2.1. Base PP Statement
The DBMS Base PP is the required Base PP for this PP-Configuration. All mandatory requirements of the Base PP apply.
The Base PP assumption A.CONNECT is displaced for the data-in-transit channels covered by the DBMS Cryptographic Functions Module. In this PP-Configuration, the mandatory Crypto Module requirement FDP_DIT_EXT.1 provides TOE-enforced data-in-transit protection for data transmitted between the TOE and external entities.
2.2. DBMS Cryptographic Functions Module Statement
The DBMS Cryptographic Functions Module is mandatory in this PP-Configuration. The Security Target shall include all mandatory SFRs from the module and all selection-based SFRs triggered by completed selections.
The module is responsible for:
-
DBMS master key and data encryption key lifecycle requirements
-
Data-at-rest encryption strategy
-
Data-in-transit protection
-
Applicable Catalogue-derived components consumed in the Crypto Module and applicable TLS/X.509 Functional Package components
2.3. Crypto Module Use Case Statement
The Security Target shall identify [USE CASE 1] General-Purpose Cryptographic Deployment, [USE CASE 2] Enterprise Enhanced, or both, as applicable. Enterprise Enhanced is optional in this PP-Configuration and constrains only the applicable Catalogue operations according to the Crypto Module’s Enterprise Enhanced Use Case Selection Template. It does not create a separate PP-Configuration or independently assert FIPS 140-3 validation, NIAP approval, or complete-product CNSA 2.0 conformance.
3. Conformance Claims
3.1. CC Conformance
This PP-Configuration and its components claim conformance to Common Criteria for Information Technology Security Evaluation, CC:2022, as follows:
-
CC Part 1 conformant
-
CC Part 2 extended
-
CC Part 3 conformant
3.2. PP-Configuration Conformance Statement
To be conformant to this PP-Configuration, a Security Target shall demonstrate Exact Conformance to this PP-Configuration and to each component listed in Section 1.3, “PP-Configuration Components”.
The Security Target shall include:
-
A statement that the claimed PP-Configuration includes the DBMS Base PP.
-
A statement that the claimed PP-Configuration includes the DBMS Cryptographic Functions Module.
-
All mandatory SFRs from the DBMS Base PP and the DBMS Cryptographic Functions Module.
-
All selection-based SFRs triggered by completed selections in the DBMS Base PP or the DBMS Cryptographic Functions Module.
-
Identification of the applicable Crypto Module use case or use cases and, when Enterprise Enhanced is selected, completion of all applicable operations according to its selection template.
-
The SAR package inherited from the DBMS Base PP.
While iteration is allowed, the Security Target shall not include additional requirements from CC Part 2, CC Part 3, or extended components not already included in the DBMS Base PP, the DBMS Cryptographic Functions Module, or another component explicitly permitted by this PP-Configuration.
4. Security Assurance Requirements
The SAR package for this PP-Configuration is inherited from the DBMS Base PP: EAL2 as defined in CC:2022 Part 5, augmented by ALC_FLR.3 Systematic flaw remediation.
No additional SARs are introduced by this PP-Configuration.
5. SFR Composition
| Source | SFR Treatment | Notes |
|---|---|---|
DBMS Base PP |
All mandatory, optional, and selection-based requirements apply as specified by the Base PP. |
The Base PP provides the baseline DBMS requirements and conformance rules. |
DBMS Cryptographic Functions Module |
All mandatory requirements apply. Selection-based requirements apply when triggered by module selections. |
The module provides mandatory |
Catalogue and Functional Package components |
Catalogue-derived components are consumed and reproduced by the DBMS Cryptographic Functions Module; protocol and certificate components are supplied by the applicable Functional Packages. |
The ST author shall include every Catalogue-derived component triggered by the Crypto Module selections and the applicable TLS/X.509 Functional Package components required by |
6. Consistency Rationale
This PP-Configuration is consistent because the DBMS Cryptographic Functions Module strengthens the DBMS Base PP without contradicting it. The Base PP relies on an operational-environment assumption for connectivity protection. The Crypto Module converts the relevant data-in-transit protection into a TOE-enforced SFR through FDP_DIT_EXT.1.
The Crypto Module does not alter the DBMS TOE type defined by the Base PP. It adds cryptographic security functions that are appropriate for DBMS TOEs and are evaluated in conjunction with the Base PP assurance activities and the module Supporting Document.
7. Technical Decisions
Technical Decisions applicable to the DBMS Base PP or the DBMS Cryptographic Functions Module apply according to the affected component document. This PP-Configuration does not introduce additional Technical Decisions.
Appendix A: Related Documents
-
[CC1] Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model, CCMB-2022-11-001, CC:2022 Revision 1, November 2022.
-
[CC2] Common Criteria for Information Technology Security Evaluation, Part 2: Security functional requirements, CCMB-2022-11-002, CC:2022 Revision 1, November 2022.
-
[CC3] Common Criteria for Information Technology Security Evaluation, Part 3: Security assurance requirements, CCMB-2022-11-003, CC:2022 Revision 1, November 2022.
-
[CC4] Common Criteria for Information Technology Security Evaluation, Part 4: Framework for the specification of evaluation methods and activities, CCMB-2022-11-004, CC:2022 Revision 1, November 2022.
-
[CC5] Common Criteria for Information Technology Security Evaluation, Part 5: Pre-defined packages of security requirements, CCMB-2022-11-005, CC:2022 Revision 1, November 2022.
-
[CEM] Common Methodology for Information Technology Security Evaluation, Evaluation methodology, CCMB-2022-11-006, CEM:2022 Revision 1, November 2022.
-
[cPP_DBMS] collaborative Protection Profile for Database Management Systems, Version 2.0, 27 April 2026.
-
[cPP_DBMS_SD] Supporting Document Mandatory Technical Document Evaluation Activities for the collaborative Protection Profile for Database Management Systems, Version 2.0, 27 April 2026.
-
[DBMS_MOD_CRYPTO] collaborative PP-Module for DBMS Cryptographic Functions, Version 0.4, 2026-06-30.
-
[DBMS_MOD_CRYPTO_SD] Supporting Document - Evaluation Activities for DBMS Cryptographic Functions Module, Version 0.4, 2026-06-30.
Appendix B: Acronyms
| Acronym | Meaning |
|---|---|
CC |
Common Criteria |
CEM |
Common Evaluation Methodology |
cPP |
collaborative Protection Profile |
DBMS |
Database Management System |
EAL |
Evaluation Assurance Level |
PP |
Protection Profile |
SAR |
Security Assurance Requirement |
SFR |
Security Functional Requirement |
ST |
Security Target |
TOE |
Target of Evaluation |
TSF |
TOE Security Functionality |