NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Log Correlation Engine 6.0.6

Certificate Date:  2020.12.08

Validation Report Number:  CCEVS-VR-VID11065-2020

Product Type:    Application Software

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Functional Package for TLS Version 1.1
  Protection Profile for Application Software Version 1.3

CC Testing Lab:  Leidos Common Criteria Testing Laboratory


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

Tenable Log Correlation Engine (LCE) is a software product that is designed to collect log data from various environmental sources to detect potential security and compliance violations.

LCE also connects to an environmental instance of Tenable.sc (SecurityCenter) which serves as a single point to aggregate and analyze data collected from various Tenable applications, including LCE.

The evaluated version of LCE is supported on Red Hat Enterprise Linux 7.


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the Protection Profile for Application Software, Version 1.3 and Functional Package for Transport Layer Security (TLS), Version 1.1.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the guidance document, satisfies all of the security functional requirements stated in the Tenable Log Correlation Engine Security Target. The evaluation was completed in December 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

Timely Security Updates

The TOE developer has internal mechanisms for receiving reports of security flaws, tracking product vulnerabilities, and distributing software updates to customers in a timely manner

Cryptographic Support

The TOE implements cryptography to protect data at rest and in transit.

The TOE stores credential data and passphrase data encrypted using a password-based key derivation function (PBKDF).

For data in transit, the TOE implements TLS/HTTPS as a server. The TOE implements a TLS server for its administrative interface and to communicate with other Tenable products in its operational environment.

The TOE implements all cryptography used for these functions with NIST-approved algorithms. The TOE’s DRBG is seeded using entropy from the underlying OS platform.

Some product functionality requires the use of SSH; the TOE does not claim SSH functionality as it invokes its platform to implement this.

User Data Protection

The TOE uses cryptographic mechanisms to protect sensitive data at rest. Credential data is protected through the use of a PBKDF while all other sensitive data is protected by the TOE platform’s use of full disk encryption.

The TOE relies on the network connectivity and system log capabilities of its host OS platform. The TOE supports user-initiated, externally initiated, and application-initiated uses of the network.

Security Management

The TOE itself and the configuration settings it uses are stored in locations recommended by the platform vendor.

The TOE includes a web GUI. The web GUI enforces username/password authentication using locally stored credentials that are created using the TOE. The TOE does not provide a default user account to access its management interface.

The security-relevant management functions supported by the TOE relate to the configuration of transmission of system data (through collection of log data from external systems).

Privacy

The TOE does not handle Personally Identifiable Information (PII) of any individuals.

Protection of the TSF

The TOE enforces various mechanisms to prevent itself from being used as an attack vector to its host OS platform. The TOE: implements address space layout randomization (ASLR); does not allocate any memory with both write and execute permissions; does not write user-modifiable files to directories that contain executable files; is compiled using stack overflow protection; and is compatible with the security features of its host OS platform.

The TOE contains libraries and invokes system APIs that are well-known and explicitly identified.

The TOE has a mechanism to determine its current software version. Software updates to the TOE can be acquired by leveraging its OS platform. All updates are digitally signed to guarantee their authenticity and integrity.

Trusted Path/Channels

The TOE encrypts sensitive data in transit between itself and its operational environment using TLS and HTTPS. It facilitates the transmission of sensitive data from remote users over TLS and HTTPS.

The TOE may also invoke OS platform functionality to establish SSH communications with an instance of Tenable.sc in its operational environment.


Vendor Information


Tenable, Inc.
Brian Girardi
443-545-2102 ext 8315
bgirardi@tenable.com

www.tenable.com
Site Map              Contact Us              Home