Validated Product - StillSecure Safe Access V5.0

Certificate Date: 04 October 2007

Validation Report Number: CCEVS-VR-VID10270-2007

Product Type: Network Access Control

Conformance Claim: EAL2

PP Identifiers: None

CC Testing Lab: CygnaCom Solutions, Inc

Security Target [PDF]
Validation Report [PDF]
CC Certificate [PDF]

PRODUCT DESCRIPTION

This Security Target (ST) defines the Information Technology (IT) security requirements for StillSecure Safe Access V5.0. StillSecure Safe Access is a flexible Network Access Control (NAC) solution that provides three methods of endpoint compliance testing and three methods of NAC policy enforcement. Safe Access enforces compliance with the NAC security policy by matching endpoint attributes against an administrator configured NAC security policy. If an endpoint fails to meet the NAC security policy requirements the endpoint is quarantined to a specific portion of the network. This ensures that potentially damaging applications such as peer-to-peer or spyware software and the latest worms and viruses cannot take root inside a protected network.

EVALUATED CONFIGURATION

Multiple-server installation:

MS installation

  • One server-class network interface card (NIC) and

and

ES installation

  • DHCP – Two server-class network interface cards (NICs)
  • Inline – Two server-class network interface cards (NICs)
  • 802.1x-enabled installation one server-class network interface cards

Single-server installation

  • Two server-class network interface cards (NICs)

CD-ROM drive An Internet connection or a web Proxy server that allows outbound HTTPS communications from the MS.

 

Workstation

A workstation running one of the following browsers with 128-bit encryption:

Windows

  • Mozilla version 1.7
  • Mozilla Firefox version 1.5
  • Internet Explorer 6.0

Linux

  • Mozilla version 1.7
  • Mozilla Firefox version 1.5

 

Network Protocols

  • TCP/IP installed and configured.
  • Windows file and print sharing enabled for agentless testing.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. StillSecure Safe Access was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL2. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in August 2007.

ENVIRONMENTAL STRENGTHS

The logical boundary of the TOE will be broken down into the following security class features which are further described in sections 5 and 6 of the ST. StillSecure Safe Access provides the following security features:

  • Security audit– StillSecure Safe Access provides its own internal auditing capabilities separate from those of the Operating System. StillSecure Safe Access provides the ability to search and view its own audit records.
  • Network Access Control– StillSecure Safe Access provides user data protection by enforcing, default or administrator defined NAC policy on endpoints accessing the protected network. StillSecure Safe Access tests all endpoints for compliance and grants or denies access to the protected network based on test results.
  • Identification and authentication – StillSecure Safe Access provides TOE user identification and authentication through the use of user accounts and passwords.
  • Security management – StillSecure Safe Access provides security management through the Management Server’s Web-based console and by reporting the endpoint compliance and access activity. Also, the TOE provides two administrative roles FMT_SMR.1).
  • Protection of TSF – StillSecure Safe Access partially protects its programs and data from unauthorized access through its own interfaces.
  • StillSecure Safe Access Reporting– Safe Access provides a provision for Safe Access users with the necessary privileges to generate and view reports providing security status information on endpoint compliance and access activity. System administrators can operate on the reports pertaining to all clusters. Cluster administrator, Help desk technician, and User defined role with explicitly assigned privilege can operate on the reports pertaining to their own clusters.
  • Trusted Path/Channel usage– The TOE makes use of trusted paths and channel supported in the IT environment.