First Open Source Database Management System to ... - NTT Data

newshumansvilleData Management

Dec 16, 2012 (4 years and 11 months ago)

116 views

April 11, 2007
First Open Source Database Management System to Acquire IT
Security Certification
- Certi fi ed PostgreSQL Rel eased -
NTT DATA Corporation
NTT DATA Corporation is pleased to announce that IT security certification
based on the ISO/IEC 15408 international standard for security evaluation has
been acquired for the PostgreSQL OSS (open source software) database
management system and its administration model. This accomplishment marks
the first time in the world for an OSS database management system to win
ISO/IEC 15408 certification. NTT DATA today released the certified version of
PostgreSQL, responding to the demand for ISO/IEC 15408-compliant middleware
for configuring secure systems in the enterprise field.
ISO/IEC 15408-based IT Security Evaluation and Certification
ISO/IEC 15408 is an international standard def ining the criteria used in ev aluating
whether inf ormation technology products and sy stems are designed and implemented
properly f rom a security standpoint. An IT Security Ev aluation and Certif ication
Scheme
(see Note 1)
was created in Japan in 2001 f or providing ISO/IEC 15408-based
certif ication, and is managed by the Inf ormation-technology Promotion Agency, Japan
(IPA).
As awareness of the need f or inf ormation security grows, the use of products
ev aluated and certif ied based on ISO/IEC 15408 is now being recommended f or
system procurement in government agencies. Another noteworthy dev elopment is that,
in order to qualif y f or the "Special Tax Incentives to Strengthen Inf ormation Security
Inf rastructure"
(see Note 2)
instituted by the Ministry of Economy, Trade and Industry
(METI) f or the period f rom April 1, 2006 to March 31, 2008, products must hav e
acquired IT security certif ication.
Certification of PostgreSQL
NTT DATA applied f or ISO/IEC 15408-based IT security certif ication of the PostgreSQL
open source sof tware in September 2006, af ter boosting its security -related f unctions
and drawing up guidelines f or secure sy stem administration. Certif ication was awarded
f ollowing a process of examination by the IPA.
Prev iously, the only open source sof tware to acquire IT security certif ication was
operating sy stem sof tware. PostgreSQL is the f irst OSS database management
system in the world to achiev e certif ication.
Dev elopment of PostgreSQL has been carried out mainly by the PostgreSQL Global
Dev elopment Team, an open source community. NTT DATA, by satisf y ing the
ev aluation process of a third-party organization and receiv ing certif ication f or
PostgreSQL and its administration model, aims to boost customer conf idence in open
source sof tware in the enterprise f ield, encouraging its wider use.
The Certified Version of PostgreSQL
The PostgreSQL that receiv ed certif ication is based on PostgreSQL 8.1. It has been
conf igured f or compliance with the security ev aluation criteria def ined in ISO/IEC
15408, through enhancements to password authentication, audit log display and v iew
f unctions, and other security -related f eatures. The scope of the certif ication includes
the PostgreSQL executable f ormat program f or Linux as well as guidelines on secure
PostgreSQL administration.
(For inf ormation about the certif ication of this PostgreSQL v ersion, ref er to the IPA list
of products with IT security certif ication.
(see Note 3)
)
Future Developments
NTT DATA has been contributing to the OSS community by dev eloping and releasing
open source sof tware such as PostgresForest
®
, Ludia
TM
, Hinemos
®
, and TOMOYO
®
Linux, as well as activ ely promoting the use of open source sof tware in the enterprise
market.
In the same spirit, the certif ied PostgreSQL executable f ormat program and
administration guidelines, f or which IT security certif ication has been acquired, along
with technical inf ormation, are released today f or the purpose of promoting wider use
of PostgreSQL in the enterprise f ield.
The certif ied v ersion of PostgreSQL is av ailable at this site:
http://www.nttdata.co.jp
/services/postgreSQL/
Notes:
1 Web site of the Information-technology Promotion Agency, Japan (IPA):
http://www.ipa.go.jp/security/jisec
(On IT security certification, see
http://www.ipa.go.jp/security/jisec/pamph.html
)
2 Web site of the Ministry of Economy, Trade and Industry (METI):
http://www.meti.go.jp/policy/it_policy/zeisei
/index.html
3 IPA certified product list:
http://www.ipa.go.jp/security/jisec/cert_list.html
* PostgresForest
®
, Hinemos
®
, and TOMOYO
®
are registered trademarks of NTT DATA Corporation.
* Ludia
TM
is a trademark of NTT DATA Corporation.
* The other names of products, services and companies in this document are the trademarks or registered
trademarks of their respective owners.
Attachment: Ref erence Material
For more i nformati on, pl ease contact:
For media inquiries:
Mr. Takanori Iwauchi
Publ i c Rel ati ons Offi ce
NTT DATA Corporati on
Tel: +81-3-5546-8051
For inquiries about the product and service:
Mr. Tanaka, Mr. Masaya, Mr. Sakamoto
Research and Devel opment Group
Open Source Devel opment Center
NTT DATA Corporati on
E-Mai l:
i so15408pgquery@ki ts.nttdata.co.j p
News Releases.
The serv ices, prices of products and serv ices, specif ications, telephone numbers,
etc. f or inquiries and other inf ormation included in news releases are the data
av ailable on the day of the release. This inf ormation may be changed at any time
without notice. In certain circumstances, due to v arious risks or unexpected
occurrences, actual results may also be dif f erent f rom the plans or projections in
news releases.