Validated Product - Computer Associates eTrust Security Command Center r8 SP1 with_CR2 patch

PRODUCT DESCRIPTION

eTrust Security Command CenteR™ (SCC) is a software application that provides users the ability to manage and monitor the security of an enterprise at many different levels and offers customizable views, ranging from executive-level summaries to views specially designed for network security specialists.

eTrust SCC allows security event data and audit data to be collected from a diverse set of systems, applications, devices and appliances and then provides the ability to analyze data, set rules for alerts based on events or correlations of events, and perform reporting. eTrust SCC provides capabilities to create and manage a centralized policy regarding the retention of audit information. In addition, eTrust SCC provides tools to monitor the status of network resources and to manage products that reside on the network. eTrust SCC includes eTrust Audit, an audit data collector and analyzer, to further enhance the ability to analyze audited events on diverse systems throughout an enterprise.

EVALUATED CONFIGURATION

The evaluated configuration includes the eTrust SCC, eTrust Audit Policy Manager and Audit Data Tools installed on MS Windows 2000 platforms. MS Windows XP and MS Windows 2000 environment was used to test the managed node features, i.e., nodes from which audit data was collected.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. CA eTrust SCC was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL2. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in January 2007.

ENVIRONMENTAL STRENGTHS

The TOE provides the following security services:

Security Audit: eTrust SCC has the following security auditing functions:

• Collects audit information from its managed resources
• Generates audit records of its own use
• Takes administrator defined actions when a security relevant event is detected in a resource’s audit data or when the status of a resource becomes critical.
• Provides the administrators with rule and filter based specification of security significant events.
• Provides users with audit record viewing capabilities

Identification and Authentication: eTrust SCC provides user identification through user accounts and password-based authentication.

Security Management: eTrust SCC provides security management through the use of the administration capabilities of the web-based user interface. Access to management functions and data is controlled through the use of administrator roles.

Partial Protection of the TSF: eTrust SCC protects its security functions and data from interference and tampering through its own interfaces in conjunction with protection from the IT environment.