Validated Product - Marimba Desktop/Mobile Management and Server Change ManagementCertificate Date: 30 June 2004 Validation Report Number: CCEVS-VR-04-0066 Product Type: Security Management Conformance Claim: EAL3 PP Identifiers: None CC Testing Lab: SAIC Common Criteria Testing Laboratory
PRODUCT DESCRIPTIONThe Desktop/Mobile Management (DMM) and Server Change Management (SCM) products are software change management packages produced by Marimba, Inc., 440 Clyde Ave., Mt. View, CA 94043, herein called simply DMM/SCM. The SCM software is designed for use with groups of servers, while the DMM software is designed for use with groups of desktop machines. Both products rely primarily on a pair of applications called the Tuner and the Transmitter, which serves channels (applications or files) over a network. The majority of software components are identical between the DMM and SCM products and include the following security-relevant applications that comprise the TOE: Deployment Manager 2.0.3.0e, Tuner 4.6.2.2, Transmitter Administrator 4.7.1, Transmitter 4.7.1.3, Report Center 5.0.3.1, Deployment Manager Command-Line 2.0.3.0e, and Content Replicator 2.0.3. The DMM/SCM allows administrators to perform change management of software packages across an enterprise. For example, they can package applications and application updates to automate their distribution. DMM/SCM also allows administrators to perform OS migration and perform hardware and software inventories of connected machines. DMM/SCM products are capable of managing these packages from a single location in a heterogeneous environment, including Windows and Solaris platforms. SECURITY EVALUATION SUMMARYThe evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the Marimba TOE meets the security requirements contained in the Security Target - Marimba Desktop/Mobile Management and Server Change Management Security Target, Version 1.0, 9 June 2004. The criteria against which the Marimba TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the Marimba TOE is EAL 3. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. A Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in June 2004. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report. ENVIRONMENTAL STRENGTHSThe Marimba TOE provides security audit, user data protection, identification and authentication, and security management features as they relate to the distribution and management of enterprise applications. Security Audit: DMM/SCM audits the actions that occur on the Transmitter. The log files contain information about events such as starting the Transmitter and modifying access control attributes associated to channels, as well as any problems associated with those events. User Data Protection: DMM/SCM access privileges for the user, hence, access to the various channels and other named objects, are controlled by the combination of user and group identification and the access control attributes associated with the named objects. |
![[X]](/assets/images/button_close.gif){kind=small}
![[PDF]](http://www.niap-ccevs.org:80/assets/images/icon_pdf.gif){kind=icon}
