Related
Recommended

Common Criteria Compliance: A True Story

solarwinds_worldwide_llc
2 minute read time

In the latest SQL Sentry Custom Conditions Pack, a new condition named 'Common Criteria Compliance' Enabled was added. This setting, as its name implies, assists in meeting international computer security compliance standards known as Common Criteria.

The setting is found on the Security page of Server Properties:

Common Criteria Compliance Setting

Common Criteria Compliance allows the following to occur:

  • Residual Information Protection (RIP)
  • The ability to view login statistics
  • That column GRANT should not override table DENY

The Custom Condition

While the Common Criteria Compliance setting offers a great feature for those who need to use it, it does create additional overhead, and will have some level of impact to your server's performance. A vitally important detail when it comes to enabling this setting is that it doesn't take effect until after the server has been restarted. This is where the custom condition comes into play, allowing you to set an alert in case the feature is set to enabled, whether the server has already been restarted or not, and hopefully preventing an unwanted performance issue from occurring.

You might think we're being overly cautious about this setting, but there is a little story behind it.

Once upon a time, long before I worked at SQL Sentry and could not possibly be at fault for this, a server suddenly began to exhibit performance issues. That ill-performing server had recently been restarted and there had been no recent changes that would have explained its decline in performance. A valiant Sentry set forth post-haste on a quest to save the server from whatever sorcery had caused it to fall ill, vowing to return it to full health! That brilliant Sentry, who (unfortunately this time) was also not me, discovered that Common Criteria Compliance was enabled. The setting had been changed long before the server was restarted, but the effects of the change were not seen at that time (typical warlock magic). Thanks to the Sentry's heroic efforts, the server made a full recovery from this affliction, and everyone at SQL Sentry rejoiced and danced through the hallways, eventually making their way out onto the streets of Huntersville into a grand parade of celebration. At least I think that's what happened; I wasn't exactly there.

The End.

Summary

Common Criteria Compliance is a setting you will want to be cautious about using if you do not absolutely need it. It could go into effect at an unexpected time, including upon failover, and the 'Common Criteria Compliance' Enabled custom condition will help you catch when the setting has been enabled.

Thwack - Symbolize TM, R, and C

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.