Compliant Product - Venafi Trust Protection Platform v19.2
Certificate Date: 2020.02.21CC Certificate Security Target * Validation Report
Validation Report Number: CCEVS-VR-VID11024-2020
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Application Software Version 1.3
Extended Package for Secure Shell (SSH) Version 1.0
CC Testing Lab: Acumen Security
* This is the Security Target (ST) associated with the latest Maintenance Release. To view previous STs for this TOE, click here.
Venafi Trust Protection Platform secures and protects keys and certificates in the datacenter, on desktops, on mobile and IoT devices, and in the cloud. This protection improves security posture with increased visibility, threat intelligence, policy enforcement, and faster incident response for certificate-related outages and compromises leveraging misused keys and certificates.
The platform supports all Venafi products and provides native integration with thousands of applications and common APIs for the extensive security ecosystem. Shared and extensible services enable enterprises to gain complete visibility into their key and certificate inventory, identify certificate reputation, and establish a baseline. The entire issuance and renewal process can be automated with policy enforcement and workflows, enabling new encryption dependent applications to be scaled quickly. Trust Protection Platform keeps organizations secure, helping them comply with standards and remediate key and certificate misuse.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Venafi Trust Protection Platform v19.2 is evaluated as described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. Acumen Security determined that the evaluation is a Protection Profile for Application Software (SWAPP) version 1.3 and Extended Package for Secure Shell (SSHEP) version 1.0. The product, when delivered configured as identified in the Operational User Guidance and Preparative Procedures, satisfies all of the security functional requirements stated in the Security Target. The project underwent CCEVS Validator review. The evaluation was completed in February 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The logical boundary of the TOE includes those security functions implemented exclusively by the TOE.
The TOE relies on underlying cryptographic functionality provided by the platform for all of its cryptographic operations, as allowed by the [SWAPP].
The TOE is distributed as a .MSI installer package.
The TOE does not come with any default credentials. Upon installation it will randomly generate a self-signed certificate, and AES 256 symmetric key and a GUID for the base configuration of the system. No data is stored by the application on the platform file system.
The TOE does not store or transmit anything that could be considered Personally Identifiable Information (PII).
The TOE employs several mechanisms to ensure that it is secure on the host platform. The TOE never allocates memory with both write and execute permission. The TOE is designed to operate in an environment in which the following security techniques are in effect:
· Data execution prevention,
· Mandatory address space layout randomization (no memory map to an explicit address),
· Structured exception handler overwrite protection,
· Export address table access filtering, and
· Anti-Return Oriented Programming.
This allows the TOE to operate in an environment in which the Enhanced Mitigation Experience Toolkit is also running. During compilation, the TOE is built with several flags enabled that check for engineering flaws. The TOE is built with the /GS flag enabled. This reduces the possibilities of stack-based buffer overflows in the product.
TLS and SSH are used to protect all data transmitted to and from the TOE.