Compliant Product - Mobile Armor PolicyServer 3.1 and FileArmor 3.0
Certificate Date: 29 November 2010
Validation Report Number: CCEVS-VR-10298-2010
Product Type: Sensitive Data Protection
Conformance Claim: EAL4 Augmented with ALC_FLR.3
PP Identifiers: None
CC Testing Lab: SAIC Common Criteria Testing Laboratory
The Target of Evaluation (TOE) includes one or more Mobile Armor FileArmor 3.0 SP7 clients and a PolicyServer 3.1 (Version 22.214.171.1245) management server.
FileArmor is an application that is used to encrypt specific files and folders. Some of these can be configured for minimal user input (such as encrypting a folder) while others are designed for user choice (such as encrypting an individual file). FileArmor requires users to authenticate to it before access to the any encrypted data is granted, and before any data can be encrypted. The client can be installed on computers running Microsoft Windows operating systems.
The PolicyServer is a server application that can be used to manage one or more instances of Mobile Armor applications such as FileArmor or DataArmor from a centralized location in the TOE environment. The PolicyServer provides policy, user and key management of the FileArmor clients as well as centralized audit storage. Additionally, email alerts can be triggered based on incoming client audit records, notifying administrators of potential violations, such as multiple failed logins
The overall purpose of the TOE is to provide encryption of specific data files within a Windows file system. The protection offered is to ensure data within specific files is not accessible to unauthorized users after an authorized user has logged out of FileArmor or turned off the host, despite the potential for physical access to the containing media (e.g., hard disk).
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, revision 2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, version 3.1, revision 2. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the TOE is EAL 4 augmented with ALC_FLR.3. The TOE, configured as specified in the evaluated configuration guide, satisfies all of the security functional requirements stated in the Security Target. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in August 2010. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Mobile Armor FileArmor v3.0 & PolicyServer v3.1 prepared by the CCEVS.
The TOE is a set of software applications that collectively represent a complete client/server-based file encryption solution for Microsoft Windows-based hosts. The primary TOE components include client applications that are incorporated into Windows-based personal computers and a server component that facilitates centralized management of the distributed client applications. The TOE includes a number of security functions including, but not limited to, security audit, cryptographic protections of user data and network communications, user identification and authentication, and secure management.
The TOE provides its own FIPS-validated cryptographic module which performs symmetric encryption and decryption operations on cryptographic keys, storage media, and data or commands sent over a network. The AES algorithm is used for this encryption and additional algorithms are also supported for random number generation and various hashing functions. All cryptographic algorithms are FIPS-validated.