Compliant Product - SailPoint IdentityIQ v8.0
Certificate Date: 2020.05.08CC Certificate Security Target * Validation Report
Validation Report Number: CCEVS-VR-VID11043-2020
Product Type: Enterprise Security Management
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Enterprise Security Management - Identity and Credential Management Version 2.1
CC Testing Lab: Booz Allen Hamilton Common Criteria Testing Laboratory
* This is the Security Target (ST) associated with the latest Maintenance Release. To view previous STs for this TOE, click here.
IdentityIQ is a governance-based Identity and Access Management (IAM) software solution. It integrates compliance management and provisioning in a unified solution that leverages a common identity governance framework. IdentityIQ provides a variety of IAM processes that include automated access certifications, policy management, access request and provisioning, password management and identity intelligence.
The TOE is a software product. The physical boundary of the TOE includes the IdentityIQ software that is installed on top of the Apache Tomcat application server. The TOE does not include the hardware or operating systems of the systems on which it is installed. It also does not include the third-party software which is required for the TOE to run. The following table lists the software components that are required for the TOE’s use in the evaluated configuration. These Operational Environment components are expected to be patched to include the latest security fixes for each component.
In addition to the server requirements, a web browser is required for any system used to administer the TOE. In the evaluated configuration, the TOE was tested using Chrome version 76 and the compatibility of other browsers was not assessed.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. SailPoint IdentityIQ version 8.0 was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the SailPoint IdentityIQ Security Target Version 1.0. The evaluation underwent CCEVS Validator review. The evaluation was completed in May 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-VID11043-2020, dated May 8, 2020) prepared by CCEVS.
Enterprise Security Management
The TOE performs enterprise user authentication using Active Directory as well as its own authentication mechanisms within the Operational Environment. IdentityIQ requires each user to enter valid identification in the form of a username and authentication in the form of a password to gain access to the TOE.
IdentityIQ uses connectors that are provided by the Operational Environment to communicate with third-party ESM products. In the evaluated configuration, IdentityIQ connects to Active Directory using the ADSI connector. The TOE will read and directly manage user data as well as configuration information, such as policy data, from any connected Active Directory. The TOE will also push user data to any instance of Active Directory to allow enterprise users to be centrally managed and address any conflicts of user data throughout the enterprise.
The TOE generates audit records of its behavior and administrator activities. Audit data includes date, time, event type, subject identity, and other data as required. Audit data is written to a remote Oracle 18c database. The communication between the TOE and the remote database is secured using TLS that is provided by the JRE’s JDBC that resides in the Operational Environment.
Identification and Authentication
When an administrator authenticates to the TOE, the TOE will associate the username with a principal. The principal, along with the capabilities, rights, and dynamic scopes determine the access that the administrator will have while logged into the TOE.
The TOE provides mechanisms to reduce the likelihood of unauthorized access. The TOE is able to lock out an administrative account after a specific number of unsuccessful authentication attempts. This setting is defaulted to lockout users after five failed authentication attempts but is configurable by an administrator. Password complexity, history, length, and lifetime can be configured by administrators. These security parameters are used to reduce the likelihood of a successful brute force attack to gain unauthorized access to the system.
The TOE is managed by authorized administrators using a web GUI. All administrative actions are performed via the web GUI. The TOE uses capabilities to control user access to functionality within the product. Users or a group of users can be assigned to one or more of the 27 out-of-the-box capabilities. The TOE also allows administrators to create or modify capabilities and assign them to users or groups of users.
Protection of the TSF
In the evaluated configuration, the TOE requests the JRE to encrypt administrator credentials before being sent to the Operational Environment’s Oracle database. The TOE does not store any cleartext password data in memory and there are no credentials stored locally on the TOE. Similarly, the answers to user security questions (used if the user has forgotten their password) are stored in an encrypted format in the Oracle database. In the evaluated configuration, the TOE does not store any secret or private keys and thus, there is no mechanism to disclose this information.
The TOE can display a warning banner prior to allowing any administrative actions to be performed. In the event that the maximum timeout value for inactivity has been reached, the TOE will terminate the remote session. A user can also terminate their own session by selecting the logout button.
The TOE’s evaluated configuration enforces secure communication between the TOE and IT entities in the operational environment by using the Operational Environment’s JNDI, ADSI, and JDBC installed on the local system. These trusted channels transfer TOE data, enterprise user data, and IdentityIQ administrator data to and from IT entities within the Operational Environment. When users log on to the TOE via a web GUI, a trusted path is established, and it is secured using HTTPS that is provided by Apache Tomcat using its OpenSSL module.
SailPoint Technologies, Inc.