已启用符合通用准则的服务器配置Common Criteria Compliance Enabled Server Configuration

适用对象:是SQL Server 否Azure SQL 数据库 否Azure Synapse Analytics (SQL DW) 否并行数据仓库APPLIES TO: yesSQL Server noAzure SQL Database noAzure Synapse Analytics (SQL DW) noParallel Data Warehouse

符合通用准则选项支持信息技术安全评估通用准则所需的以下元素。The common criteria compliance option enables the following elements that are required for the Common Criteria for Information Technology Security Evaluation.

条件Criteria 描述Description
残留信息保护 (RIP)Residual Information Protection (RIP) RIP 要求将内存重新分配给新资源之前,用已知的位模式覆盖内存分配。RIP requires a memory allocation to be overwritten with a known pattern of bits before memory is reallocated to a new resource. 满足 RIP 标准有助于提高安全性;然而,覆盖内存分配会使性能降低。Meeting the RIP standard can contribute to improved security; however, overwriting the memory allocation can slow performance. 启用 common criteria compliance enabled 选项之后,将执行覆盖操作。After the common criteria compliance enabled option is enabled, the overwriting occurs.
查看登录统计信息的能力The ability to view login statistics 启用 common criteria compliance enabled 选项之后,将启用登录审核。After the common criteria compliance enabled option is enabled, login auditing is enabled. 用户每次成功登录到 SQL ServerSQL Server时,系统都会提供有关上一次成功登录的时间、上一次登录失败的时间以及上一次成功登录时间和当前登录时间之间尝试登录的次数的信息。Each time a user successfully logs in to SQL ServerSQL Server, information about the last successful login time, the last unsuccessful login time, and the number of attempts between the last successful and current login times is made available. 可以通过查询 sys.dm_exec_sessions 动态管理视图来查看这些登录统计信息。These login statistics can be viewed by querying the sys.dm_exec_sessions dynamic management view.
GRANT 列不应覆盖 DENYThat column GRANT should not override table DENY 启用 common criteria compliance enabled 选项后,表级 DENY 将优先于列级 GRANTAfter the common criteria compliance enabled option is enabled, a table-level DENY takes precedence over a column-level GRANT. 未启用该选项时,列级 GRANT 则优先于表级 DENYWhen the option is not enabled, a column-level GRANT takes precedence over a table-level DENY.

common criteria compliance enabled 选项是高级选项。The common criteria compliance enabled option is an advanced option. 通用准则仅针对 Enterprise Edition 和 Datacenter Edition 进行评估和认证。Common criteria is only evaluated and certified for the Enterprise edition and Datacenter edition. 有关通用准则认证的最新状态,请参阅 Microsoft SQL Server 通用准则 网站。For the latest status of common criteria certification, see the Microsoft SQL Server Common Criteria Web site.

重要

除启用“common criteria compliance enabled”选项以外,还必须下载和运行一个版本,该版本可完成对 SQL ServerSQL Server 的配置以便符合通用准则评估保证级别 4 (EAL4+)。In addition to enabling the common criteria compliance enabled option, you also must download and run a script that finishes configuring SQL ServerSQL Server to comply with Common Criteria Evaluation Assurance Level 4+ (EAL4+). 可以从 Microsoft SQL Server Common Criteria (Microsoft SQL Server 通用准则)网站下载此脚本。You can download this script from the Microsoft SQL Server Common Criteria Web site.

如果使用 sp_configure 系统存储过程来更改该设置,则只有在“show advanced options”设置为 1 时才能更改“common criteria compliance enabled”。If you are using the sp_configure system stored procedure to change the setting, you can change common criteria compliance enabled only when show advanced options is set to 1. 该设置在服务器重新启动后生效。The setting takes effect after the server is restarted. 可能的值为 0 和 1:The possible values are 0 and 1:

  • 0 表示未启用符合通用准则。0 indicates that common criteria compliance is not enabled. 这是默认设置。This is the default.

  • 1 表示启用了符合通用准则。1 indicates that common criteria compliance is enabled.

示例Examples

以下示例启用符合通用准则。The following example enables common criteria compliance.

sp_configure 'show advanced options', 1;  
GO  
RECONFIGURE;  
GO  
sp_configure 'common criteria compliance enabled', 1;  
GO  
RECONFIGURE WITH OVERRIDE; 
GO  

重新启动 SQL ServerSQL ServerRestart SQL ServerSQL Server.

另请参阅See Also

服务器配置选项 (SQL Server)Server Configuration Options (SQL Server)