Compliant Product - IBM QRadar Security Intelligence Platform, version 7.3.2
Certificate Date: 2020.01.21CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11027-2020
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.1
CC Testing Lab: Gossamer Security Solutions
The Target of Evaluation (TOE) is QRadar Security Intelligence Platform version 7.3.2.
IBM Security QRadar Security Intelligence Platform is also known as the IBM QRadar Security Information and Event Management (SIEM). The QRadar SIEM is a network device intended to detect potential threats through the review of audit and event data collected from network sources. The TOE is the QRadar SIEM. The TOE is administered either locally or remotely. The QRadar product consolidates log source event data from thousands of devices endpoints and applications distributed throughout a network.
The evaluated product is a single All-in-one device running QRadar SIEM 7.3.2 w/ QFlow enabled. The All-in-One device is a self-contained appliance running the QRadar SIEM in a Red Hat RHEL 7.5 environment. The appliance makes only those interfaces offered by QRadar available.
The IBM All-In-One: Dell 3128C, model utilizes an x86 64-bit CPU architecture, with 4 network interface cards, and varying amounts of memory.
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in IBM QRadar Common Criteria for NIAP, Version 7.3.2, Revision 1.4 document, satisfies all of the security functional requirements stated in the QRadar Security Intelligence Platform (NDcPP21) Security Target, Version 0.7, 01/15/2020. The project underwent CCEVS Validator review. The evaluation was completed in January 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The logical boundaries of the TOE are realized in the security functions that it implements. Each of these security functions is summarized below.