Oracle product passes security test

Oracle Advanced Security has passed one of the most rigorous evaluations

to certify that it meets high-level security requirements for federal agencies,

Oracle Corp. announced Tuesday.

Oracle Advanced Security for Oracle8i Release 8.1.6 — a suite of features

that protect enterprise networks and extend security over the Internet — has received Federal Information Processing Standard 140-1 Level 2 validation.

The FIPS 140-1 Level 2 designation certifies that data transmitted to the

database is protected with strong cryptographic algorithms, according to

an Oracle statement.

The Oracle Advanced Security option protects against threats to the security

of an organization's networks. It ensures data integrity, privacy, authentication

and authorization in the transmission of data over internal and external

networks.

The standards were established by the National Institute of Standards and

Technology and have required agencies since June 30, 1997, to buy cryptographic

modules. Such modules, like the Oracle Advance Security option, encrypt

data, authenticate users' identities and rely on digital signatures, private-key

management and other services that have been validated by government-accredited

laboratories.

Products are validated for FIPS 140-1 at security levels ranging from Level

1, which is the lowest, to Level 4, the highest. The standard applies to

data, such as medical records, tax information and personnel records, that

may not be deemed classified but that needs to be protected during transmission

or storage.