NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Enveil ZeroRevealâ„¢ Compute Fabric v1.1.1

Certificate Date:  2018.08.28

Validation Report Number:  CCEVS-VR-VID10904-2018

Product Type:    Application Software

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Application Software Version 1.2

CC Testing Lab:  Leidos Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Target of Evaluation (TOE) is Enveil ZeroReveal™ Compute Fabric v1.1.1; an application consisting of the ZeroReveal Client Component and the ZeroReveal Server Component. The ZeroReveal Client Component resides within the enterprise and is responsible for encrypting ZeroReveal Compute Fabric operations and decrypting results. The ZeroReveal Server Component resides within the environment of a data repository and is responsible for processing encrypted operations over the data.  Enveil ZeroReveal Compute Fabric enables data to remain encrypted even while being processed, thereby eliminating the risk of exposure.    The Enveil ZeroReveal™ Compute Fabric also secures operations over unencrypted data by encrypting operations such as searches or analytics, and processing these encrypted operations over unencrypted data (without ever decrypting the operation), and produces encrypted results. Thus, a user is able to secure operations in untrusted environments such as data aggregators and data lakes in which they do not control the data or its encryption. The ZeroReveal Compute Fabric is evaluated as a software application only.  Enveil ZeroReveal™ Compute Fabric contains functionality that is not covered by Protection Profile for Application Software.  As with all evaluations claiming conformance to a NIAP-approved protection profile, only the functionality specified in the profile is evaluated.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme.  The criteria against which the Enveil TOE was judged are described in Protection Profile for Application Software, Version 1.2, 22 April 2016 and the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 revision 4 as refined by the assurance activities in the protection profile. The product satisfies all of the security functional requirements stated in the Enveil ZeroReveal™ Compute Fabric Security Target, version 1.0, August 13, 2018, when delivered and configured as identified in the following documents:

·         ZeroReveal Compute Fabric Configuration Guide for Common Criteria v3.1, Version 1.1.1, 2018

·         ZeroReveal Compute Fabric Manual, Version 1.1.1, 2018

The project underwent CCEVS Validator review.  The evaluation was completed in July 2018.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

Cryptographic support

The ZeroReveal Compute Fabric uses cryptographic services provided by the platform.  Users communicate with ZeroReveal Client Component through REST interfaces protected by HTTPS/TLS.  In the networked communication scenario, the ZeroReveal Client Component and ZeroReveal Server Component communicate via REST over mutually authenticated TLS.   The ZeroReveal Client Component communicates with a LDAP Server using TLS and supports mutual authentication of the user connections at its REST interfaces; and with connections to the LDAP directory.

Credentials are stored in platform provided GNOME keyrings.

User data protection

The Enveil ZeroReveal Compute Fabric provides user data protection services by restricting access to only those platform-based resources (network communications) that are needed in order to provide the needed functionality.

The ZeroReveal Client initiates network communication to connect to the ZeroReveal Server and to the LDAP Server.  The Client allows users to initiate a network connection through REST APIs.

Identification and Authentication

The ZeroReveal Compute Fabric relies on certificate validation functions provided by the platform to authenticate the X.509 certificate as part of establishing a TLS connection.  

Security Management

An enterprise manages the ZeroReveal Compute Fabric via configuration files on each platform stores these files in /etc as recommended by Linux.


The ZeroReveal Client Component and ZeroReveal Server Component do not collect or transmit PII over a network.

Protection of the TSF

The ZeroReveal Compute Fabric uses Java APIs provided by the platform. The ZeroReveal Compute Fabric leverages platform provided package management for secure installation and updates. The TOE package includes only those third-party libraries necessary for its intended operation.   The TOE uses compiler provided anti-exploitation capabilities.

Trusted Path/Channels

The ZeroReveal Client and Server components are connected via mutually authenticated TLS over REST. The ZeroReveal Client Component communicates with an authentication server using Lightweight Directory Access Protocol (LDAP) secured with TLS.  Users communicate with ZeroReveal Client Component through REST. ZeroReveal Client Component requires HTTPS/TLS for connections to the REST interface.

Vendor Information

Ellison Anne Williams
Site Map              Contact Us              Home