On March 8, 2022, Huawei GaussDB 200 ("Huawei Cloud GaussDB (DWS)") officially obtained the global authoritative information technology security evaluation standard CC EAL2 + ALC_FLR.2 level certification. This is the first time that a Chinese data warehouse product has obtained the international Security certification. At present, there are only 6 vendors in the global database field that have passed this certification. Huawei is the only Chinese database vendor that has passed the certification so far.
The only CC security certification in China, HUAWEI CLOUD GaussDB (DWS) to create a data asset Golden Bell Cover
General Standard for Information Technology Security Evaluation (ISO15408) (Common Criteria for Information Technology Security Evaluation abbreviated as Common Criteria or CC) is a computer-related products, information technology The international standard for product safety certification. At present, 31 countries have joined the CCRA mutual recognition agreement, including the United States, Britain, Germany, France, Japan, etc. It is an internationally recognized top-level security certification in the computer dimension and is called the BRICS certification for national security access.
The certification body has comprehensively evaluated the security of products and data from six aspects through more than 100 test cases. With a package of security protection solutions such as fine-grained security audit, built-in data desensitization, and fine-grained authority management, HUAWEI CLOUD GaussDB (DWS) has passed the certification of professional institutions. The successful passing of CC EAL2+ proves that HUAWEI CLOUD GaussDB (DWS) meets the strict security standards of the industry's authoritative certification bodies and is the industry's leading secure data warehouse.
Six Capabilities Create a Data Asset "Golden Bell"
Huawei Cloud GaussDB (DWS) cloud data warehouse is a distributed database with analysis and mixed load capabilities, used for enterprise data warehouses, data marts, data exploration, IoT analysis and Mixed load and other scenarios, with the enterprise financial-level core and unified architecture, provide public cloud and hybrid cloud service deployment forms with consistent user experience, and are widely used in the analysis and decision-making of industries such as automobiles, manufacturing, retail, logistics, Internet, finance, government, and telecommunications system.
In the following six evaluations, HUAWEI CLOUD GaussDB (DWS) passed the certification in all cases. HUAWEI CLOUD GaussDB (DWS) has adequate and correct countermeasures for the risks and threats caused by uncertain factors during the use of users, which can protect the security of customer data assets.
Security audit log: users can configure fine-grained security audit function. Through the security audit, the retrospective accountability, detection, and alarm response of security incidents can be realized, and at the same time, it can play the role of security deterrent.
User data protection: Data desensitization, avoiding the risk of sensitive information leakage by creating a desensitization strategy. The encryption cluster automatically encrypts user static data to prevent user data leakage. Fine-grained permission management, users need to pass permission check before performing all operations. For the objects of private users, the database administrator has no right to add, delete, check, modify and other operations without his authorization.
Identity authentication and authentication: Support identity authentication based on IAM and username and password. Default permissions are minimized, and role-based permission management is supported to prevent unauthorized access.
Security Management: Can manage security attributes, security functions, and different roles. You can set user security policies, set password reuse time, specify the number of allowed login failures, password validity period, and password complexity; configure network access control, including user rights management, IP rights management, SSL connection; different levels of databases, schemas, and database objects rights management.
Safety function self-protection: It has self-protection ability for the safety function itself and the safety function data, and prevents the safety function from being destroyed or bypassed through the self-protection of the safety function. Self-protection of security functions is realized by performing full backup/full recovery and incremental backup/incremental recovery of the cluster.
Client access: When the client accesses and operates GaussDB (DWS), it first needs to establish a user session, and complete the interaction with GaussDB (DWS) through this session. User sessions can be controlled in different dimensions, including user password validity period, number of concurrent sessions, session establishment/locking/unlocking/termination, IP rights management, specific user-specific IP access, etc.