Compliant Product - McAfee Vulnerability Manager 6.8
Certificate Date: 31 January 2011
Validation Report Number: CCEVS-VR-VID10332-2011
Product Type: IDS/IPS
Conformance Claim: EAL2 Augmented with ALC_FLR.2
PP Identifiers: None
CC Testing Lab: COACT Inc. CAFE Laboratory
The TOE is a Vulnerability Management System that scans specified targets for vulnerabilities and mis-configurations. It provides a management interface to configure the system and generate reports regarding the results of the scans.
The TOE consists of the following components:
- The Enterprise Manager provides authorized users with access to the TOE through their Web browsers. It allows them to manage and run the TOE from anywhere on the network. Access is protected by user identification and authentication.
- One or more Scan Engines scan the network environment. Depending on the logistics and size of your network, you may need more than one Scan Engine to scan the network. The Scan Engine performs identification, interrogation, and vulnerability assessment of remote computer systems.
- The API Service provides an interface for Enterprise Manager to store data into and retrieve data from the Foundstone Database. This interaction uses SOAP over SSL.
- The Data Sync Service enables Vulnerability Manager to import asset information from McAfee’s ePolicy Orchestrator (ePO) enterprise management system or an LDAP directory such as Microsoft Active Directory. This integration permits Vulnerability Manager to learn about assets through a mechanism other than discovery scans.
- The Foundstone Database is the data repository for the Vulnerability Manager system. It uses Microsoft SQL Server to store everything from scan settings and results to user accounts and Scan Engine settings. It contains all of the information needed to track organizations and workgroups, manage users and groups, run scans, and generate reports.
- The Report Server is responsible for generating reports requested by authorized users. It retrieves scan results from the Foundstone Database, prepares the report, and saves it for future review. All communication between distributed components uses a trusted channel to protect the integrity and confidentiality of the data during transit. The TOE depends on cryptographic and protocol functionality provided by the IT environment for these secure channels.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that McAfee Corporation’s Vulnerability Manager Version 6.8 Security Target, Version 2.4, January 11, 2011 meets the security requirements contained in the Security Target.
The criteria against which McAfee Corporation’s Vulnerability Manager Version 6.8 Security Target Version 2.4, January 11, 2011 was judged is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1. The COACT, Inc. CAFE Lab determined that the evaluation assurance level (EAL) for the McAfee Corporation’s Vulnerability Manager Version 6.8 Security Target Version 2.4, January 11, 2011 is EAL 2 augmented with ALC_FLR.2. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.
A Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by the COACT, Inc. CAFE Lab. The evaluation was completed in December 2010. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.
The TOE’s Security Functions are:
The TOE scans designated systems to detect known vulnerabilities on those systems. Results of the scans are stored in the database (the DBMS is in the IT Environment), and reports based upon completed scans may be retrieved via the GUI interface of the Enterprise Manager.
Identification and Authentication (I&A)
The TOE requires users to identify and authenticate themselves before accessing the TOE software or before viewing any TSF data or configuring any portion of the TOE. No action can be initiated before proper identification and authentication. Each TOE user has security attributes associated with their user account that defines the functionality the user is allowed to perform.
When interacting with the TOE via the Enterprise Manager GUI, I&A is performed by the TOE. On all three component systems, I&A for local login to the operating system (i.e., via a local console) is performed by Windows (IT Environment).
The TOE’s Management Security Function provides administrator support functionality that enables a human user to configure and manage TOE components. Management of the TOE may be performed via the Enterprise Manager. All user types may use the Enterprise Manager.
The TOE provides the following management functions:
- User management,
- Root organization management,
- Workgroup management,
- Scan Engine management,
- Asset management,
- Scan management,
- Report management,
- Known vulnerability management.
The TOE’s Audit Security Function provides auditing of management actions performed by administrators.
Asset Data Import
The TOE may be configured to import data about assets from LDAP servers or McAfee ePO. The value of this functionality is that the information about the assets may be more accurate or complete than the information obtained from scans.