啟用通用條件合規性伺服器設定Common Criteria Compliance Enabled Server Configuration

適用於: 是SQL Server 否Azure SQL Database 否Azure Synapse Analytics (SQL DW) 否平行處理資料倉儲 APPLIES TO: yesSQL Server noAzure SQL Database noAzure Synapse Analytics (SQL DW) noParallel Data Warehouse

通用條件合規性選項會啟用 Common Criteria for Information Technology Security Evaluation (資訊技術安全性評估通用條件) 所需的下列項目。The common criteria compliance option enables the following elements that are required for the Common Criteria for Information Technology Security Evaluation.

準則Criteria DescriptionDescription
剩餘資訊保護 (RIP)Residual Information Protection (RIP) 在記憶體重新配置到新的資源之前,RIP 需要使用已知的位元模式來覆寫記憶體配置。RIP requires a memory allocation to be overwritten with a known pattern of bits before memory is reallocated to a new resource. 符合 RIP 標準可促使安全性改善。不過,覆寫記憶體配置可能會降低效能。Meeting the RIP standard can contribute to improved security; however, overwriting the memory allocation can slow performance. 啟用 common criteria compliance enabled 選項之後,就會進行覆寫。After the common criteria compliance enabled option is enabled, the overwriting occurs.
檢視登入統計資料的功能The ability to view login statistics 啟用 common criteria compliance enabled 選項之後,就會啟用登入稽核。After the common criteria compliance enabled option is enabled, login auditing is enabled. 每次使用者成功登入 SQL ServerSQL Server時,就會提供一些資訊,包括上次登入成功的時間、上次登入不成功的時間,以及上次登入成功與目前登入時間之間的登入嘗試次數。Each time a user successfully logs in to SQL ServerSQL Server, information about the last successful login time, the last unsuccessful login time, and the number of attempts between the last successful and current login times is made available. 您可以透過查詢 sys.dm_exec_sessions 動態管理檢視,檢視這些登入統計資料。These login statistics can be viewed by querying the sys.dm_exec_sessions dynamic management view.
資料行 GRANT 不應該覆寫資料表 DENYThat column GRANT should not override table DENY 啟用 common criteria compliance enabled 選項之後,資料表層級 DENY 的優先順序會高於資料行層級 GRANTAfter the common criteria compliance enabled option is enabled, a table-level DENY takes precedence over a column-level GRANT. 如果未啟用此選項,資料行層級 GRANT 的優先順序會高於資料表層級 DENYWhen the option is not enabled, a column-level GRANT takes precedence over a table-level DENY.

[通用條件符合已啟用] 選項是一個進階選項。The common criteria compliance enabled option is an advanced option. Common Criteria 只會針對 Enterprise Edition 和 Datacenter Edition 進行評估和認證。Common criteria is only evaluated and certified for the Enterprise edition and Datacenter edition. 如需有關 Common Criteria 認證的最新狀態,請參閱 Microsoft SQL Server Common Criteria 網站。For the latest status of common criteria certification, see the Microsoft SQL Server Common Criteria Web site.

重要

除了啟用 common criteria compliance enabled 選項之外,您也必須下載並執行可將 SQL ServerSQL Server 設定為符合通用條件評估保證層級 4 (EAL4+) 的指令碼。In addition to enabling the common criteria compliance enabled option, you also must download and run a script that finishes configuring SQL ServerSQL Server to comply with Common Criteria Evaluation Assurance Level 4+ (EAL4+). 您可以從 Microsoft SQL Server Common Criteria 網站下載此指令碼。You can download this script from the Microsoft SQL Server Common Criteria Web site.

如果您要使用 sp_configure 系統預存程序來變更此設定,只有當 [顯示進階選項] 設為 1 時,才能變更 [通用條件符合已啟用]。If you are using the sp_configure system stored procedure to change the setting, you can change common criteria compliance enabled only when show advanced options is set to 1. 伺服器重新啟動之後,設定才會生效。The setting takes effect after the server is restarted. 可能的值為 0 和 1:The possible values are 0 and 1:

  • 0 表示通用條件符合未啟用。0 indicates that common criteria compliance is not enabled. 這是預設值。This is the default.

  • 1 表示通用條件符合已啟用。1 indicates that common criteria compliance is enabled.

範例Examples

下列範例會啟用通用條件符合。The following example enables common criteria compliance.

sp_configure 'show advanced options', 1;  
GO  
RECONFIGURE;  
GO  
sp_configure 'common criteria compliance enabled', 1;  
GO  
RECONFIGURE WITH OVERRIDE; 
GO  

重新啟動 SQL ServerSQL ServerRestart SQL ServerSQL Server.

另請參閱See Also

伺服器組態選項 (SQL Server)Server Configuration Options (SQL Server)