Compliant Product - Xacta® IA Manager: Assessment Engine and Xacta® IA Manager: Continuous Assessment, Version 4.0 Service Pack 8
Certificate Date: 16 September 2010
Validation Report Number: CCEVS-VR-VID10318-2010
Product Type: Security Management
Conformance Claim: EAL2
PP Identifiers: None
CC Testing Lab: CygnaCom Solutions, Inc
Xacta IA Manager is a continuous risk management framework that manages and supports IT security risk and compliance assessment activities for an organization. The TOE includes project templates, which are based on known assessment methods such as DCID, DIACAP, DITSCAP, NIST, COBIT, or ISO 27001, and that contain workflow tasks and process steps to perform a certification assessment. The TOE provides the mechanisms to help customers through the steps of collecting data from an enterprise’s assets (which may include physical security, organizational procedures and processes, personnel, physical IT assets, etc.), evaluating risk and compliance to a set of controls/requirements, and publishing pre-formatted document(s) that would then be submitted to the appropriate AO/DAA (Authorizing Official/Designated Approving Authority).
Note: The correctness and conformance of the templates to any government or commercial standard is by Vendor assertion. Verifying the correctness and conformance of the templates to any standard, the correctness of the assessment scripts for the assessment task, or that the process steps defined by the templates are complete and sufficient, was not part of this evaluation.
The main TOE components are the Assessment Engine product and the Continuous Assessment product, which is made up of the Asset Manager and Detect sever subsystems and the HostInfo Agents. Each of the Assessment Engine, Asset Manager, and Detect Server components has a web interface for its operational functions. HostInfo Agents collect information about the network asset it resides on via assessment scripts. The scripts are cryptographically signed and assigned (tasked) at the Asset Manager. The Asset Manger then transmits the task to the Detect Server which is responsible to transfer the signed scripts to the HostInfo Agents. The HostInfo Agent then executes the signed scripts and securely transmits the results to the Detect Server. The Detect Server then syncs this information with the Asset Manger. The Assessment Engine uses the continuously updated information from the Asset Manger to conduct the risk and compliance assessments.
The TOE provides the following security functionality: auditing of security relevant events, TOE user account administration, ability to add a signature to published reports and assessment scripts as proof of origin, TOE user identification and authentication, security role based access to management functions, trusted channel communication between components, and risk and compliance assessment support functions.
The product may be purchased by contacting the vendor directly or using one of the contract vehicles listed on their website contracts page: http://www.telos.com/contracts/buy/. The end user will need to indicate that the NIAP Certified version is required when purchasing. The customer will be given instructions on how to download the NIAP certified version which is packaged with the vendor documentation and the CC supplement. Upon special request, Telos will create a DVD and send to the customer.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Xacta® IA Manager: Assessment Engine and Xacta® IA Manager: Continuous Assessment, Version 4.0 Service Pack 8 (Commercial and Government Distribution Packages) was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 R2. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL2 augmented with ALC_FLR.2. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in August 2010.
The following security functions are in the scope of the evaluation:
· Security Audit
The TOE provides a de-centralized auditing functionality. The TOE provides its own auditing capabilities separate from those of the host operating systems. The TOE provides the ability to search, sort, order, and view its own audit records.
Security Audit relies on functionality in the Operational Environment (OE) to provide: protection of the audit information stored in the TOE components’ databases and in files on the TOE platforms’ operating system; access to the audit information stored in an external or local Syslog; and reliable timestamps for the audit records.
· Proof of Origin
The TOE provides the ability for administrators to digitally sign documents, reports and scripts to verify the origin of the information contained within them.
Proof of Origin relies on functionality in the OE to provide: PKI Infrastructure functionality; Adobe Acrobat digital signing functionality; and use of an optional Browser Crypto Module or CAC as a security provider for generation of digital signatures.
Note: For this evaluation, it was appropriate for the Security Target to claim cryptographic functionality related to digitally signing documents and scripts. There are many ways of determining compliance with a standard. This TOE has chosen to make a developer claim of compliance. This means that there has been no independent verification (by either the evaluators or a third party standards body, such as a FIPS laboratory) that the implementation of the cryptographic algorithms actually meets the claimed standards. Potential users of this product should confirm that the cryptographic capabilities are suitable to meet the user's requirements.
· Identification and Authentication
The TOE provides user identification and authentication for the Dashboard, Asset Manager GUI, and Detect Server GUI through the use of user accounts. Each account holder must be successfully identified and authenticated with a username and password by the TSF or by an authentication service invoked by the TSF before access to the TOE is allowed. In addition the TSF enforces a password policy and requires users to be re-authenticated after a specified period of inactivity.
The TOE enhances the security of an individual’s TOE session by displaying a warning message (banner) when the session is initiated.
Identification and Authentication relies on functionality in the OE to provide: PKI Infrastructure functionality including keystore; protection of the user account information stored in the TOE components’ databases; encryption support; use of an optional external authentication server; and trusted communications between the TOE and any external authentication server. Maintenance and Installation Utilities require OS I&A for access.
Note: For this evaluation, it was appropriate for the Security Target to claim cryptographic functionality related to certificate authentication and revocation. There are many ways of determining compliance with a standard. This TOE has chosen to make a developer claim of compliance. This means that there has been no independent verification (by either the evaluators or a third party standards body, such as a FIPS laboratory) that the implementation of the cryptographic algorithms actually meets the claimed standards. Potential users of this product should confirm that the cryptographic capabilities are suitable to meet the user's requirements.
· Security Management
The TOE provides security management through the use of individual administrator graphical user interfaces for each of the three main components (Assessment Engine, Asset Manager, Detect Server). Through the enforcement of the individual component’s administrative access control policy, access to the management functionality and TSF data is controlled by security (administrative) role assignments.
Security Management relies on functionality in the OE to provide: protection of the maintenance and installation utilities; and trusted communications between the TOE and external servers, and external authentication servers (if configured to be used).
· Trusted Channel
The TOE provides for trusted communication channels among its distributed application components by invoking the secure communications functionality of the OE and by providing cryptographic functions using third-party algorithms.
Trusted Channel relies on functionality in the OE for TCP/IP protocols.
Note: The cryptographic functions used for secure communications between TOE components have been FIPS certified (RSA BSafe Crypto-J v3.6 JSafe Software Module (cert #812) and JCE Provider Module (cert #820)).
· Risk and Compliance Assessment
The TOE provides risk and compliance assessment of IT network assets including: collection of asset data, evaluation of the collected data, and sending notifications to appropriate personnel for significant events in the assessment process.
Note: The correctness and conformance of the templates to any government or commercial standard is by Vendor assertion. Verifying the correctness and conformance of the templates to any standard, the correctness of the assessment scripts for the assessment task, or that the process steps defined by the templates are complete and sufficient was not part of this evaluation.
Risk and Compliance Assessment relies on functionality in the OE to provide: proper configuration of the HostInfo Agent platforms for proper data collection; optional third-party asset discovery/vulnerability scanning; optional third-party enterprise management database functionality; PKI Infrastructure functionality; protection of data and script files on the host platforms; trusted communications between the TOE and the host platforms; and optional SMTP Server functionality for notifications.
The following functionality is not included in the Logical Scope of the TOE:
- Use of deprecated Xacta Automated Script Language (XASL).
- Correctness and modification of Velocity scripts to publish and customize reports.
- Publisher Component’s use of the Velocity scripts and the data provided by the AE to correctly and accurately publish the report(s) (i.e the functionality to generate a report is in scope just not the verification that the report is correct and/or accurate).
- Verification of the correctness and completeness of the following:
- Project templates to meet claimed standard
- Process steps assigned to the project templates
- Assigned assessment scripts to the process steps
- Published reports to meet selected C&A submittal requirements for claimed standards
- Correctness, modification, customization, or creation of the individual assessment scripts (TOE’s ability to assign, execute, and retrieve results from scripts is in scope).
- Verification of the Job Scheduler to correctly invoke scheduled jobs at the times configured
- WYSIWYG Editor
- System of Systems configuration (hierarchical deployment of AE servers)
- Project Control Implementation Inheritance application feature.
- Verification of the correctness and completeness of the imported SCAP or OVAL scripts.
- Use of security markings
Note: Xacta IA Manager is intended to be operated in a system high mode of operation. Security classification markings are only used to display a visual reminder of the highest classification level of data that should be stored in the application. The TOE is NOT a multi-level security (MLS) product. No enforcement of any kind is based off of this label.