NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Venafi Trust Protection Platform v17.1

Certificate Date:  2017.09.15

Validation Report Number:  CCEVS-VR-VID10800-2017

Product Type:    Application Software

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Application Software Version 1.2
  Extended Package for Secure Shell (SSH)

CC Testing Lab:  Acumen Security

Maintenance Release:
CC Certificate [PDF] Security Target [PDF] * Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Product Description

The TOE is installed on Windows Server 2012 R2 Standard Edition.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Venafi Trust Protection Platform was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the Venafi Trust Protection Platform Common Criteria Guidance Document, satisfies all of the security functional requirements stated in the Venafi Trust Protection Platform Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in August 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

The TOE boundary is the application software which runs on the host platform. For this evaluation the TOE runs on Windows Server 2012 R2. The Universal C Runtime must be installed. In addition to this the following Microsoft Internet Information (IIS) web server roles must be installed:

• Common HTTP Features\Static Content
• Common HTTP Features\Default Document
• Health and Diagnostics\HTTP Logging
• Health and Diagnostics\Logging Tools
• Health and Diagnostics\Request Monitor
• Health and Diagnostics\Tracing
• Security\Request Filtering
• Performance\Static Content Compression

It should be noted that this operating system is outside the TOE boundary.

The TOE also uses an external database to store credentials, certificates, keys and log data. Microsoft SQL Server 2012 is used in the evaluated configuration. This database is outside the boundary of the TOE and is only used for the storage of data. All data that is sent to the database is encrypted by the TOE and is stored in the database as cipherstrings. Decryption of data happens on the TOE after the data is retrieved from the database.

Security Functions provided by the TOE

The TOE provides the security functionality required by [SWAPP].

Cryptographic Support

The TOE relies on underlying cryptographic functionality provided by the platform for all of its cryptographic operations.

Secure Software Update

The TOE is distributed as a .MSI installer package.

Security Management

The TOE does not come with any default credentials. Upon installation it will randomly generate a self-signed certificate, and AES 256 symmetric key and a GUID for the base configuration of the system. No data is stored by the application on the platform file system.

User Data Protection

The TOE does not store or transmit anything that could be considered Personally Identifiable Information (PII).

Protection of the TSF

The TOE employs several mechanisms to ensure that it is secure on the host platform. The TOE never allocates memory with both write and execute permission. The TOE is designed to operate in an environment in which the following security techniques are in effect, Data execution prevention, Mandatory address space layout randomization (no memory map to an explicit address), Structured exception handler overwrite protection, Export address table access filtering, and Anti-Return Oriented Programming. This allows the TOE to operate in an environment in which the Enhanced Mitigation Experience Toolkit is also running. During compilation, the TOE is built with several flags enabled that check for engineering flaws. The TOE is built with the /GS flag enabled. This reduces the possibilities of stack-based buffer overflows in the product.

Trusted Path/Channels

TLS and SSH are used to protect all data transmitted to and from the TOE.

Vendor Information

Jason Brothers
Site Map              Contact Us              Home