Compliant Product - CertAgent v7.0
Certificate Date: 2018.06.01CC Certificate Security Target * Validation Report
Validation Report Number: CCEVS-VR-VID10815-2018
Product Type: Certificate Authority
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Certification Authorities Version 2.1
CC Testing Lab: DXC.technology
* This is the Security Target (ST) associated with the latest Maintenance Release. To view previous STs for this TOE, click here.
The Target of Evaluation (TOE) is an X.509-compliant web-based certificate authority (CA) intended to be used as the core component of an enterprise public key infrastructure (PKI). The TOE offers enhanced enrollment services via Enrollment over Secure Transport (EST), remote administration, integrated certificate and certificate revocation list (CRL) databases, and an online certificate status protocol (OCSP) responder. It supports an unlimited number of root and intermediate CAs, providing support for complex certificate hierarchies.
The following tables list the software components required by the TOE in the evaluated configurations. The Operational Environment components should be maintained such that the latest security fixes for each component are installed in a timely manner.
Operational Environment Software Requirements (Windows)
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which ISC CertAgent v7.0 was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 5. DXC determined that the product is conformant to requirements for Protection Profile for Certification Authorities, version 2.1, December 1, 2017. The product satisfies all of the security functional requirements stated in the Security Target. Four validators, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by DXC. The evaluation was completed in July 2018. Results of the evaluation can be found in Assurance Activity Report for ISC CertAgent v7.0 prepared by DXC.
The ISC CertAgent v7.0 TOE implements the following security functions:
The TOE generates audit records for its certificate generation and validation functions and for all use of its management functions. The TOE stores its audit trail locally in a database on its host platform.
The TOE uses TLS/HTTPS when transmitting sensitive data to and from applicable endpoints. Certificate requests, certificates, CRLs and OCSP responses are formed and verified by the TOE. TOE sensitive data that needs to be recovered such as PINs and other passwords are encrypted using CMS before they are stored in the database; sensitive data that does not need to be recovered such as EST passwords are not stored, but a check value is created using PBKDF2/SHA-256 and stored.
The TOE uses a PKCS#11 cryptographic module as well as its included ISC CDK cryptographic module to perform cryptographic operations. During installation, the TOE generates the TLS server key, the system key, an issuer key, and an initial set of authentication credentials. The TLS, system and issuer keys are stored in the USB HSM in the TOE Operational Environment. The TOE uses the ISC CDK to encrypt sensitive data using the CMS format, to hash the ‘to be signed’ message bodies of certificates, CRL and OCSP responses, to validate signatures on certificates, CRLs, and requests, and to provide TLS/HTTPS secure communication for client access to its interfaces.
User Data Protection
The TOE supports the creation of multiple certificate profiles by CA Administrators. These profiles are customized using certificate-based ACLs to control the users allowed to issue or revoke certificates using the profiles. Certificate requests are assigned a unique identifier upon submission that links them to the issued certificate. The TOE supports two methods for certificate status checking: X.509v2 CRLs and OCSP. CRLs can be issued manually, on a schedule, or when a certificate is revoked.
Identification and Authentication
Most CA activities are completed by using a web browser or other tool that connects to the CertAgent web interface. The CA supports seven web-based interfaces using different ports or URLs (Admin Site, CA Account Site, Public Site, RAMI (Registration Authority Management Interface), DBAccess, EST, and OCSP).
The TOE provides a web user interface to manage its functions and data and it restricts access to this interface based on user role. The TOE also depends on the OS platform to provide the local console where the admin user can manage a subset of the TOE functions.
Protection of the TSF
The TOE encrypts any sensitive information before it is sent to the Operational Environment’s database. The TOE maintains the PKCS#11 cryptographic module password for the ‘system’ credential in memory until it exits. The TOE does not store any private keys (they are stored and protected by the PKCS#11 cryptographic module). When the TOE shuts down, all sensitive data in memory is cleared.
The TOE displays a warning banner prior to login at its user interfaces. The TOE will terminate user sessions after a configured interval of inactivity or when the user logs out.
Trusted Channel/Trusted Path
The TOE uses TLS/HTTPS to ensure secure communication between itself and its remote users as well as other trusted IT entities accessing its functions and data.
Information Security Corporation