NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - IBM BigFix Endpoint Manager Version 9.2

Certificate Date:  2016.02.26

Validation Report Number:  CCEVS-VR-VID10682-2016

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Network Devices Version 1.1

CC Testing Lab:  atsec information security corporation

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The IBM BigFix Endpoint Manager is a software-based endpoint management tool that provides real time visibility and control of large numbers of endpoints with respect to security configuration, compliance and lifecycle management. The TOE runs in a Red Hat Enterprise Linux (RHEL) 6.6 Server (x86-64) environment on IBM System x3500 M5 server along with a monitor, keyboard, and mouse. The other software components of the TOE are the IBEM1 Server software component and the IBEM Client software component.

The TOE is a content-driven messaging and management system that distributes the work of managing IT infrastructures out to managed devices (a.k.a. endpoints). The TOE utilizes a patented Fixlet® technology to identify vulnerable or misconfigured endpoints and allows authorized users to remediate identified issues across the network.

Evaluated Configuration

The TOE and a portion of its Operational Environment reside on an air-gapped network. The other portion of the Operational Environment resides on an Internet accessible network. The IBM BigFix Endpoint Manager can manage up to 200,000 endpoints from a single console and server.

Security Evaluation Summary

The evaluation was performed in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The configuration against which the IBM BigFix Endpoint Manager was evaluated is described in the IBM BigFix Common Criteria Guidance Document version 1.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4. The product, when configured according to the guidance in the IBM Endpoint Manager Version 9.2 Configuration Guide, fully satisfies all of the security functional requirements stated in the IBM BigFix Security Target Security Target as defined in the U.S. Government Approved Protection Profile - Protection Profile for Network Devices Version 1.1. The evaluation was completed in February 2016. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

The following major security features of the TOE were evaluated.

Security auditing

The TOE generates audit records for the audit events specified by the NDPP. The TOE stores its audit records in a local cache file on the TOE. When the cache file becomes full, the oldest records are overwritten by the newest records. The TOE also sends the audit records over a Transport Layer Security (TLS)-protected connection to an audit server located in the Operational Environment. This audit server serves as the external IT entity for storing audit records as required by the NDPP.

Cryptographic support

The TOE contains the Red Hat Enterprise Linux (RHEL) OpenSSL package for cryptography and TLS.

The TOE uses the RHEL OpenSSL package in the Federal Information Processing Standards (FIPS)-enabled mode for TLS and TLS/HTTPS communications between itself and other non-TOE systems (i.e., endpoints, relays, remote consoles, the database server, the audit server), except for User Datagram Protocol (UDP) communications.

The TOE uses Rivest-Shamir-Adleman (RSA) asymmetric key pairs for key establishment in the TLS and TLS/HTTPS protocols. The connections between the TOE and the database server and between the TOE and the audit server support TLS 1.0 in the evaluated configuration. All other TLS connections support TLS 1.0, TLS 1.1, and TLS 1.2 in the evaluated configuration

User data protection

The TOE ensures that packets sent through the TOE are made unavailable. The TOE does not provide pass-through capabilities for network packets.

Identification and authentication

The TOE's administrative interfaces are as follows.

·         IBEM Console (remote GUI)

·         Local OS console (RHEL)

All administrative interfaces require each user to be successfully identified and authenticated before allowing any other TSF-mediated actions on behalf of that user.

Security management

The TOE allows an authorized administrator to manage the TOE locally via the local OS console and remotely via the IBEM Console. Only authorized administrators are allowed to use these interfaces and manage the TSF data of the TOE.

The TOE provides security management of its trusted update feature via the IBEM Console.

The TOE can associate a user with a single role. Note though that the IBEM Server software component uses a separate user authentication database than the RHEL operating system for defining user accounts and associating roles. The guidance documentation describes how to properly manage user accounts and roles between the IBEM Server software component and the operating system.

Protection of the TSF (TOE security functionality)

The TOE conceals all symmetric keys and private keys from being viewed by administrators during normal usage.

The TOE hashes all administrator passwords before storing them so that no plaintext passwords are stored on the system.

The TOE includes a reliable time stamp mechanism for supporting the various security needs of the TOE (e.g., audit record time stamps).

For TSF testing, the TOE performs cryptographic module self-tests during its startup process.

For the trusted update process required by the NDPP, the updates for the TOE are controlled by the TOE. When an update is applied by the TOE, the TOE first validates the hash values of each update image from the list of signed hash values, and then applies the update images. If the hash values do not match, the update is not applied.

TOE access

The TOE provides an administrator-specified advisory notice and consent warning message on all interactive user interfaces prior to establishing an administrative user session. The TOE also allows administrators to terminate their own interactive sessions.

The TOE enforces session locking of all local interactive sessions after an administrator-specified period of inactivity.

The TOE enforces session termination of all remote interactive sessions after an administrator-specified period of inactivity.

Trusted path/channels

The TOE uses trusted communication channels between itself and other trusted IT products. The TOE initiates a connection to the database server which is protected using TLS. In addition, the TOE initiates a connection to the audit server (syslog server) which is protected using TLS.

The TOE uses trusted path communications between itself and the IBEM Console. The IBEM Console initiates and uses TLS/HTTPS to communicate to the TOE.

Full Residual Information Protection

IBM BigFix Endpoint Manager ensures that any previous information content of a resource is made unavailable upon the allocation of the resource to all objects.

Vendor Information

IBM Corporation
Doug Welch
Site Map              Contact Us              Home