Validated Product - Netscape Certificate Management System 6.1 Service Pack 1

PRODUCT DESCRIPTION

Netscape Certificate Management System (CMS) provides a powerful security framework to guarantee the identity of users and ensure privacy of communications. Certificate Management System issues and manages X.509v3 certificates needed to handle strong authentication, single sign-on and secure communications. Certificate Management System handles all the major functions around the certificate lifecycle simplifying enterprise-wide deployment and adoption. Customizable registration allows Netscape Certificate Management System to adapt to virtually any enterprise security policy.

The Netscape Certificate Management System 6.1 Service Pack 1 Target of Evaluation (TOE) is a Java application. The CMS TOE is designed to integrate with a directory server such as Netscape Directory Server and a HTTP engine such as Netscape Enterprise server to provide an internal data store and a network interface, respectively. The CMS TOE utilizes NSS (Netscape Network Security Services) and JSS (Netscape Java Security Services) libraries to support the use of hardware devices that perform standards-oriented cryptographic operations. All of the components represent a CMS system. A CMS system is designed to be hosted within a secure operating system (Solaris 8.0 was used for evaluation) and to be connected to networks, including the Internet, and to offer these services using standard HTTP/SSL protocols.

CMS is designed to be installed in one of four configurations: Certification Authority (CA), Registration Authority (RA), Online Certificate Status Protocol (OCSP) Responder, or Data Recovery Manager (DRM or KRA). The primary difference between these configurations is the set of services offered to users.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Netscape Certificate Management System 6.1 Service Pack 1 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1 and National and International Interpretations effective on May 10, 2002. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 with the additional augmentation of the CC Flaw Remediation (ALC_FLR.2) family of assurance requirements. The product, when configured as specified in the Netscape Certificate Management System Guidance Documentation, dated March 6, 2003, satisfies all of the security functional requirements stated in the Netscape Certificate Management System 6.1 Service Pack 1 Security Target (Version 1.0). One validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in March 2003. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-03-0036, dated 17 March 2003) prepared by CCEVS.

ENVIRONMENTAL STRENGTHS

CMS 6.1 is a certificate issuing and management product that offers such services as Certificate Enrollment, Certificate Renewal, Certificate Revocation, Certificate Retrieval, Request Queue Management, Certification and Certificate Revocation List (CRL) Management, Remote Server Request Handling, Configuration Management, Key Archival and Retrieval Service, and Online Certificate Status Protocol (OCSP) Response Service. CMS supports eight security functions:

1. Identification & Authentication: CMS ensures that are identified and authenticated before they can access any other security relevant services.
   
   
2. Access Control: CMS provides the ability to define an access control list for each service it provides. These access control lists are used to ensure that users can only access services they have been authorized to use.
   
   
3. Security Management: CMS uses the access control functions to control the actions of administrative personnel. In order to accomplish this, predefined access control lists are assigned to the applicable services.
   
   
4. Security Audit: CMS has the capability to audit security relevant events. Audit records are generated when audit events occur, including the responsible user, date, time, and other details. Audit records are collected into audit buffers that are signed, to protect against possible tampering of the audit records, and then copied into non-volatile audit logs.
   
   
5. Backup & Recovery: CMS has a backup/restore utility that can be used to save a snapshot of a CMS configuration and then restore that configuration at a later date. The backup data is protected using encryption and digital signatures.
   
   
6. Remote Data Entry & Export: CMS protects data import and export operations using SSL sessions.
   
   
7. Key Management: CMS includes a number of key management functions. In particular, CMS protects security critical keys and other information by either encrypting it or storing it within a hardware cryptographic module. CMS also uses digital signatures when appropriate to ensure the integrity of key management related information.
   
   
8. Certificate Management: CMS includes a number of certificate management functions. In particular, CMS allows administrators to control, limit, or mandate values in certificates, certificate revocation lists (CRLs), and online certificate status protocol (OCSP) responses that are generated.