NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - BeyondTrust Password Safe 6.2 (a BeyondInsight component)

Certificate Date:  2018.06.26

Validation Report Number:  CCEVS-VR-VID10913-2018

Product Type:    Enterprise Security Management

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Enterprise Security Management - Identity and Credential Management Version 2.1

CC Testing Lab:  Leidos Common Criteria Testing Laboratory


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The Target of Evaluation (TOE) is BeyondTrust Password Safe 6.2 (a BeyondInsight component).

Password Safe v6.2 is an automated password and session management solution for any privileged account, such as shared administrative accounts and local administrative accounts. TOE users request permission from the TOE to access managed systems. A managed system is a computer where one or more account passwords are maintained by the TOE. Managed systems can be Windows machines, Unix/Linux machines, and Active Directory domains.  

The BeyondTrust Password Safe 6.2 contains functionality that is not covered by Standard Protection Profile for Enterprise Security Management Identity and Credential Management. As with all evaluations claiming conformance to a NIAP-approved protection profile, only the functionality specified in the profile is evaluated.  The BeyondTrust Password Safe 6.2 TOE consists of the following BeyondInsight platform components:

·         Password Safe

·         BeyondInsight Management GUI

·         Proxy Service

·         Session Monitoring

The TOE components identified above collectively provide functionality defined in the Standard Protection Profile for Enterprise Security Management Identity and Credential Management.  Specifically, the functionality included in the evaluation is:

·         Provision subjects (enroll new subjects to an organizational repository, associate and disassociate subjects with organizationally-defined attributes) 

  • Issue and maintain credentials associated with user identities
  • Enforce password strength rules for enterprise users
  • Establish appropriate trusted channels between itself and Authentication Server ESM products
  • Generate an audit trail of configuration changes and subject identification and authentication activities
  • Write audit trail data to a trusted repository

Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme.  The criteria against which the BeyondTrust Password Safe 6.2 was judged are described in Standard Protection Profile for Enterprise Security Management Identity and Credential Management (Version 2.1, 24 October 2013) and the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 revision 4 as refined by the assurance activities in the protection profile. The product satisfies all of the security functional requirements stated in the BeyondTrust Password Safe 6.2 (a BeyondInsight component) Security Target, version 1.0, June 13, 2018, when delivered and configured as identified in the following documents:

·         BeyondInsight Authentication Guide, Version 6.2 – February 2017 (BeyondTrust proprietary)

·         BeyondInsight Installation Guide, Version 6.2 – November 2016 (BeyondTrust proprietary)

·         BeyondInsight User Guide User Guide, Version 6.2 – November 2016 (BeyondTrust proprietary)

·         PowerBroker Password Safe Administration Guide, Version 6.2 – November 30, 2016 (BeyondTrust proprietary)

·         BeyondTrust UVM Appliance Getting Started Guide, Software Version: UVM Appliance 2.1, Revision Number: 0, January 2017 (BeyondTrust proprietary)

·         PowerBroker Password Safe v6.2.0 Common Criteria – Supplementary Guide, March 22, 2018

Note: The proprietary guidance documents are provided only to registered customers.

The project underwent CCEVS Validator review.  The evaluation was completed in June 2018.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

Enterprise Security Management

The TOE enrolls enterprise users and assigns uniquely identifying data.  The TOE provides the capability to define and securely transmit identity and credential data for automated password and session management solutions.    The TOE provides a password restriction policy mechanism to ensure secure passwords are defined for enterprise users

The TOE authenticates the BeyondInsight Administrator and relies on Microsoft Active Directory in the operational environment to authenticate Password Safe users.

Security Audit

The TOE generates logs for security relevant events including the events specified in Standard Protection Profile for Enterprise Security Management Identity and Credential Management. The audit records identify the date/time, event type, outcome of the event, and the responsible subject/user.  The TOE stores the audit records locally in the Microsoft SQL Server 2014 Database and the Front-End Logs on the Microsoft Windows Server 2012 R2.   The operational environment protects the stored audit records from unauthorized deletion and modification.  Reliable timestamps are provided by the operational environment.

Identification and Authentication

The BeyondInsight administrator accesses the TOE using the BeyondInsight local password authentication.    TOE users assigned a Password Safe role access the TOE using Microsoft Active Directory external authentication.  The TOE provides authentication failure handling and associates identity, roles, and groups with users.

Security Management

The TOE provides the management functions identified in the Standard Protection Profile for Enterprise Security Management Identity and Credential Management.  The TOE restricts all management functions to users that belong to the BeyondInsight administrator role.

Protection of the TSF

Credentials/keys used by the TOE are stored in the operational environment.  The TOE does not offer any functions that will disclose to any users a stored cryptographic key; and all keys are stored encrypted using AES-256.

TOE Access

The TOE can be configured to display an informative banner that will appear prior to authentication when accessing the BeyondInsight Management GUI and the Password Safe Web Portal GUI.  The administrator can terminate their own interactive session.

Trusted Path/Channels

The TOE protects interactive communication with users and administrators using HTTPS.   The TOE protects communication with external IT entities, including authentication servers, using TLS connections, which prevent unintended disclosure or modification of data.   The TOE uses cryptographic means to protect communication with remote administrators. When the TOE is configured to use the services of an authentication server in the operational environment, the communication between the TOE and the operational environment component is protected using TLS encryption.   The communication between the TOE and managed systems, and PowerBroker for Windows is protected using TLS or SSH.

The TOE itself does not implement any cryptographic functions. Consequently, the Cryptographic Support (class FCS) requirements from the Architectural Variations section of the ESM ICM PP do not apply to the TOE. The security target does not claim any requirements from the FCS class and so the FCS requirements were outside the scope of evaluation and were not evaluated.


Vendor Information

Logo
BeyondTrust Software, Inc.
Rod Simmons
1-480-405-9131
1-602-385-7177
rsimmons@beyondtrust,com

www.beyondtrust.com
Site Map              Contact Us              Home