Validated Product - Metastorm e-Work® 6.6Certificate Date: 24 October 2006 Validation Report Number: CCEVS-VR-06-0046 Product Type: Miscellaneous Conformance Claim: EAL2 PP Identifiers: None CC Testing Lab: SAIC Common Criteria Testing Laboratory
Maintenance Release: PRODUCT DESCRIPTIONThe Target of Evaluation (TOE) is Metastorm e-Work 6.6.1. The TOE can control access to objects called forms and folders. Forms are used to define business process information in objects. Folders are collections of forms that represent logical constructs of business process model maps and diagrams. Combinations of forms and folders represent business processes (procedures) that the TOE can provide users interfaces with in order to view and manage. Non-administrative users access the TOE using a web browser in the IT environment to access the TOE HTTP network protocol interface. Users are required to provide a user name and password before a session with the TOE can be established. Administrative users access the TOE using e-Work Engine administrator console component Windows application graphical user interface (GUI) interfaces. Administrators are required to provide a user name and password before a session with the TOE can be established. The TOE in its intended environment can be described in terms of the following components:
SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Metastorm e-Work 6.6.1 TOE was judged is described in the Common Criteria for Information Technology Security Evaluation, Version 2.2, Revision 256, January 2004 and International Interpretations effective on 1July 2005. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 2.2, Revision 256, January 2004. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL2 family of assurance requirements. The product, when configured as specified in the Metastorm e-Work Release 6.6 Installation Prerequisites, April 2005 document and Metastorm e-Work Release 6.6 Installation Guide, April 2005, satisfies all of the security functional requirements stated in the Metastorm e-Work 6.6.1 Security Target, Version 1.0. One Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in August 2006. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-06-0046, dated 26 October 2006) prepared by CCEVS. ENVIRONMENTAL STRENGTHSThe TOE is an IT enabled Business Process Management (BPM) software product supported on Windows 2003, 2000, and XP. BPM is the process of viewing and managing the information, activities, and instructions required to automate a business process which is called a procedure. The main component of a procedure is one or more maps. Maps are diagrams or process model logical constructs that depict business processes such as a manager approving a staff member’s form for a travel request form, for example. Metastorm e-Work 6.6.1 TOE supports the following five security functions: User data protection Identification and authentication Security management Protection of the TSF TOE access |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}
