NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Privileged Access Security-Digital Vault Server (EPV) version 10.4

Certificate Date:  2019.09.30

Validation Report Number:  CCEVS-VR-VID11004-2019

Product Type:    Application Software

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Application Software Version 1.2

CC Testing Lab:  DXC.technology


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]

Administrative Guide [PDF]


Product Description

CyberArk Privilege Access Security – Digital Vault Server Including Enterprise Password Vault (EPV)v10.4 is a core component of the CyberArk Privilege Access Security Solution (PAS) which comprises the Digital Vault Server (EPV), the Windows Components (CPM, PVWA and PSM) and the Linux Components (OPM and PSMP). The TOE manages storage and access to the privileged accounts files created by the other PAS components.


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the CyberArk Privilege Access Digital Vault Server TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 4. DXC determined that the product is conformant to requirements for Protection Profile for Application Software, version 1.2, 04-22-2016. The product satisfies all of the security functional requirements stated in the Security Target. Two validators, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by DXC. The evaluation was completed in September 25, 2019 Results of the evaluation can be found in Assurance Activity Report for CyberArk Privilege Access Security – Digital Vault Server Including Enterprise Password Vault (EPV)v10.4 prepared by DXC.


Environmental Strengths

ENVIRONMENTAL STRENGTHS:

The CyberArk Privileged Access Security – Digital Vault Server Including Enterprise Password Security (EPV) v10.4 TOE implements the following security functions:  

Cryptographic SupportThe TOE implements the OpenSSL FIPS Object Module v2.0.14 with the CyberArk libraries to provide the following cryptographic services: encryption and decryption, hashing, digital signature generation and verification, key generation, and random number generation.  The TOE uses TLS to protect communication between itself and an LDAP server as well other PAS components in the operational environment.  The TOE uses AES encryption and decryption to protect sensitive data at rest.

User Data ProtectionThe TOE encrypts all sensitive data stored in non-volatile memory. The TOE will limit its access to network connectivity when accessing the platform’s hardware resources. The network connection is used for communications between the TOE and its OE components. The connection is user-initiated from a PAS component. The TOE initiates the communication to the LDAP server.

Identification and AuthenticationThe TOE uses X.509v3 certificates for TLS communications mutual authentication between the itself and other PAS components in the operational environment. The TOE uses a certificate revocation list (CRL) to check certificate revocation status.

Security ManagementThe TOE provides the capability to manage its functions; it is not configured with default credentials; and invokes mechanisms recommended by the platform vendor for storing and setting configuration options.

Protection of the TSFThe TOE implements anti-exploitation capabilities.  It provides the capability to check for update and protect the integrity of the installation and update processes.  The TOE protects data in-transit between itself and other trusted entities using encryption.

Trusted Path/ChannelsThe TOE uses TLS to provide a trusted channel to protect communication between itself and the LDAP server as well communication with the PAS Windows Components (PSM, CPM, PVWA) and Linux Components (PSMP and OPM) in its operational environment. The TOE implements mutual authentication for trusted channel communication.


Vendor Information


CyberArk Software Ltd.
Yariv Oren
972.3.918.0000
972.3.924.0111
yariv.oren@cyberark.com

www.cyberark.com
Site Map              Contact Us              Home