Compliant Product - Privileged Access Security - Windows Components including PSM v10.4, CPM v10.4 and PVWA v10.4
Certificate Date: 2019.09.30CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11005-2019
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Application Software Version 1.2
CC Testing Lab: DXC.technology
The Windows Components of the CyberArk Privileged Access Security software suite components Password Vault Web Access (PVWA), Privileged Session Manager (PSM), and Central Policy Manager (CPM) provide the following functionality: PVWA provides web-based administrator access to manage and configure PAS as well as a UI for all PAS end users, PSM is used to establish an isolated, monitored and recorded session to a remote target, and CPM enforces password policy by automatically rotating privileged account credentials.
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the CyberArk Privilege Access Digital Vault Server TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 4. DXC determined that the product is conformant to requirements for Protection Profile for Application Software, version 1.2, 04-22-2016. The product satisfies all of the security functional requirements stated in the Security Target. Two validators, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by DXC. The evaluation was completed in September 27, 2019 Results of the evaluation can be found in the Assurance Activity Report for CyberArk Privileged Access Security – Windows Components including PSM v10.04, CPM v10.04, and PVWA v10.04 , v0.3 September 2019 prepared by DXC.
The CyberArk Privileged Access Security – Windows Components including PSM v10.04, CPM v10.04, and PVWA v10.04 v10.4 TOE implements the following security functions:
Cryptographic Support — The TOE uses CAVP-validated cryptographic algorithm provided by its OpenSSL FIPS Object Module v2.0.14 with CyberArk libraries. The libraries are used to support the establishment of trusted channels and paths to protect data in transit. In the evaluated configuration, the TOE’s cryptographic libraries are used by the TLS client connection to the EPV server from PSM, CPM, and PVWA.
User Data Protection — The TOE stores sensitive information in the form of encrypted passwords in non-volatile memory. The TOE will limit its access to only network connectivity when accessing the platform’s hardware resources. The network connection is used for communications between the TOE to the EPV server, the TOE to the target devices, and the user/administrator to the TOE.
Identification and Authentication — To validate the EPV server’s certificate during the TLS handshake, the TOE implements functionality to validate X.509 certificates. The TOE uses a CRL to check certificate revocation status and will not establish a connection to the EPV server when the CRL is unavailable. The same functionality is used by CPM when it connects to the EPV server to manage passwords.
Security Management— The TOE is configured with default file permissions already in place and does not provide default credentials for authentication. The TOE relies on PVWA for storing and setting configuration options for PSM and CPM. Administrators can manage various parts of the TOE’s functionality using the PVWA interfaces.
Protection of the TSF — The TOE protects against exploitation by implementing address space layout randomization (ASLR) and not allocating memory with both writing and execution. The TOE is also compatible with a hardened Windows environment and is compiled with stack-based buffer overflow protection. It also stores user-modifiable files to directories that do not contain executable files.
The TOE uses standard platform APIs and includes only the third-party libraries it needs to perform its functionality.
The version of each TOE component can be checked using the platform’s Programs and Features manager. PVWA also provides its version information in its help section. Checking for updates to the TOE is reliant on the platform’s functionally. Any update downloaded for the TOE must be installed using the platform’s package manager. The installation package for each TOE component is digitally signed using a public key from CyberArk that is used to verify the integrity of the TOE’s files.
Trusted Path/Channels — The TOE relies on the IIS service in the OE to provide a trusted path for communications to the TOE using TLS. The TOE also relies on the RDP Client in the OE to provide a trusted channel for communications from the TOE to a remote target using TLS. The TOE provides its own trusted channel between each TOE component to the EPV server over TLS.
CyberArk Software Ltd.