Validated Product - IronMail Secure Email Gateway Version 4.0.0Certificate Date: 01 May 2006 Validation Report Number: CCEVS-VR-06-0017 Product Type: Secure Messaging Conformance Claim: EAL2 PP Identifiers: None CC Testing Lab: COACT Inc. CAFE Laboratory
PRODUCT DESCRIPTIONThe IronMail Secure Email Gateway Software Version 4.0.0 is a set of software modules that reside within a hardware appliance and execute on top of a hardened operating system. IronMail Secure Email Gateway Software is proprietary application code developed by Secure Computing. The TOE is composed on the following modules within IronMail Secure Email Gateway Software: SMTP Proxy, Spam Queue, Content Filtering, Mail Policy Queue, SMTP Out, GUI Manager, CLI, Alert Manager, Watchdog Daemon, and Logging. The remainder of the IronMail Secure Email Gateway Software modules, along with the operating system, DBMS and hardware, were treated as part of the IT Environment for this evaluated TOE. The software is preinstalled in the distribution of the appliance. The IronMail Secure Email Gateway Software Version 4.0.0 acts as an email proxy to filter the exchange of email between servers and clients. The TOE examines email for spam and inappropriate content (as defined by the administrator) and filters email that violates the policies. Mail clients can fetch mail from the mail servers via POP3 (Post Office Protocol version 3), IMAP4 (Internet Message Access Protocol Version 4) and their secure variants (POP3S and IMAP4S) by proxying these connections through the IronMail appliance. For the TOE to provide the security functionality specified in the ST, the IT Environment must be correctly configured to ensure that all email traffic is proxied through the IronMail appliance. SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the IronMail Secure Email Gateway Software Version 4.0.0 TOE meets the security requirements contained in the Security Target. The criteria against which the IronMail Secure Email Gateway Software Version 4.0.0 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2 and all applicable NIAP CCEVS and International Interpretations in effect on October 30, 2003. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2 and all applicable NIAP CCEVS and International Interpretation in effect on October 30, 2003. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the IronMail Secure Email Gateway Software Version 4.0.0 is EAL 2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. A Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed May 1, 2006. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report. Vendor Information
McAfee, Inc. (Formerly CipherTrust, Inc.) Dwight Colby 651-628-1571 651-628-2701 (Fax) dwight_colby@mcafee.com |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}