Validated Product - RSA Certificate Manager Version 6.7

PRODUCT DESCRIPTION

The RSA Certificate Manager is a digital certificate issuance and management solution for enterprises and public CAs. RSA Certificate Manager is responsible for creating and issuing both authority and end-entity public-key certificates, and creating and issuing Certification Revocation Lists (CRLs). In addition to the basic CA functionality, RSA Certificate Manager provides:

• Secure audit recording and backup capabilities
• Use of a FIPS 140-1 or FIPS 140-2 Level 3 cryptographic hardware to protect all private keys and additionally for key generation

The RSA Certificate Manager is composed of several components functioning together to provide certificate issuing and management services: a Web front-end, a PKI Server, Command-line Tools, and a Log Server. The RSA Certificate Manager provides: strong authentication, data confidentiality, integrity and non-repudiation. The RSA Certificate Manager offers services to publish to lightweight directory access protocol (LDAP)-compliant directories and comes equipped to handle cryptographic hardware tokens.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the RSA Certificate Manager TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 augmented with ALC_FLR.2. The product, when configured as specified in the RSA Certificate manager Version 6.7 Installation Guide, satisfies all of the security functional requirements stated in the RSA Certificate Manager Version 6.7 Security Target Version 1.6, November 16, 2006. Two validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC through three Validation Oversight Reviews. The evaluation was completed in December 2006. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-06-0055, dated 11 December 2006) prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

The RSA Certificate Manager supports seven security functions. Each is described below:

Secure Audit Log Server - The RSA Certificate Manager collects audit data for internal user actions, provides the ability to review audit logs, and restricts access to the audit logs. The RSA Certificate Manager tracks any actions taken to a certificate (creation, revocation, deletion), authentication attempts, changes to user‘s roles and access.

Access Control - The RSA Certificate Manager enforces user roles and access control whenever users access RSA Certificate Manager provided functions. To enforce its security policy, the RSA Certificate Manager relies on the roles set per user and the access control list set per function. The Administrator sets both roles and access control lists.  Access Control is primarily enforced by restricting the options presented to users on the Web management interface. The user‘s certificate is verified during the initial establishment of the TLS connection to the Web server from a browser. Accesses to RSA Certificate Manager resources are controlled by the access control list (ACL) for each directory structure and Web page.

Backup and Recovery — The RSA Certificate Manager provides configurable backup functionality, as well as system recovery features to allow the operators to restore the CA system and maintain the storage of logs and current certificates stored.

Import/Export of Data — The RSA Certificate Manager is responsible for importing and exporting certificates, public keys, and other data. The RSA Certificate Manager protects these data transfers through a trusted path using the TLS protocol.

Key Management — The RSA Certificate Manager provides access to the hardware security module (HSM). The RSA Certificate Manager relies on the HSM in the IT Environment for key generation, signing and encryption, and key destruction through zeroization. The HSM, the nCipher nShield or netHSM - is a FIPS 140-1 or 140-2 validated module as mandated by the CIMC PP requirements. No private or secret keys are stored in the RSA Certificate Manager; the RSA Certificate Manager accesses the HSM to perform operations with the keys stored on the HSM.

Certificate Management — The RSA Certificate Manager manages and securely stores all certificates that have been signed using the private key of any of the internal CAs. The RSA Certificate Manager provides functions to issue, suspend, reinstate, reissue, renew, revoke and delete certificates, and generate CRLs. All these certificate services are provided in a secure manner, protecting the integrity of the certificate administrative data. Additionally, the RSA Certificate Manager enforces proof of origin and verification of origin of certificate status information at all times.

Identification and Authentication — The RSA Certificate Manager requires identification and authentication before performing any security- relevant functions. The TOE maintains a secure database of authorized operators of the RSA Certificate Manager, including all certificate information and roles that can be assumed. Users of the RSA Certificate Manager are authenticated during the establishment of the mutually authenticated TLS connection.