Assurance Continuity - RSA Certificate Manager Version 6.7 Build 417CCDate of Maintenance Completion: 11 February 2008 Product Type: Certificate Management Conformance Claim: EAL4 Augmented with ALC_FLR.2 PP Identifier: Certificate Issuing and Management Components Security Level 3 Protection Profile, Version 1.0 (Archived) Original Evaluated TOE: 11 December 2006 - RSA Certificate Manager Version 6.7 Please note: These are for the Original Evaluated TOE; consequently, they do not refer to this maintained version, although they apply to the maintained version. Please note: This serves as an addendum to the VR for the Original Evaluated TOE Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product. Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate. Such assurance can only be gained through re-evaluation. Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary. A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target. Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents. PRODUCT DESCRIPTION
The Target of Evaluation for this evaluation is comprised of several components functioning together to provide certificate issuing and management services: a Web Front End, a PKI Server, a set of Command Line Tools, and a Log Server. The components that comprise this TOE are referred to collectively as the RSA Certificate Manager. The TOE is a digital certificate management system. The TOE provides: strong authentication, data confidentiality, integrity and non-repudiation. The RSA Certificate Manager offers services to publish to lightweight directory access protocol (LDAP)-compliant directories. The RSA Certificate Manager comes equipped to handle cryptographic hardware tokens.
The RSA Certificate Manager is a signing authority solution for large enterprises and public CAs. RSA Certificate Manager is responsible for creating and issuing both authority and end-entity public-key certificates and creating and issuing Certification Revocation Lists (CRLs). In addition to the basic CA functionality, RSA Certificate Manager provides:
The RSA Certificate Manager is designed to meet the CIMC Security Level 3 requirements, which are appropriate where the risks and consequences of data disclosure and loss of data integrity are moderate. A CIMC meeting Security Level 3 includes mechanisms to protect against attacks by parties with physical access to the components and includes additional assurance requirements to ensure the CIMC is functioning securely.
Vendor Information
RSA Security Inc. George I Lotridge 650.295.7513 650.295.2511 (Fax) GLotridge@rsasecurity.com |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}