Compliant Product - Microsoft Windows Server, Microsoft Windows 10 version 1909 (November 2019 Update), Microsoft Windows Server 2019 (version 1809) Hyper-V
Certificate Date: 2021.02.11CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11087-2021
Product Type: Virtualization
Conformance Claim: Protection Profile Compliant
PP Identifier: Extended Package for Server Virtualization Version 1.0
Protection Profile for Virtualization Version 1.0
CC Testing Lab: Leidos Common Criteria Testing Laboratory
The TOE includes the hypervisor and virtualization subsystem, known as “Hyper-V” in the Windows Server operating system, Windows Server 2019 operating system, the Windows 10 operating system, and those applications necessary to manage, support and configure the operating system.
The TOE includes five product variants of Windows:
· Microsoft Windows Server Standard edition, version 1909
· Microsoft Windows Server Datacenter edition, version 1909
· Microsoft Windows Server 2019 Standard edition
· Microsoft Windows Server 2019 Datacenter edition
· Microsoft Windows 10 Enterprise edition, version 1909 (64-bit version)
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the Protection Profile for Virtualization and Extended Package for Server Virtualization. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered configured as identified in the guidance document, satisfies all of the security functional requirements stated in the Hyper-V Security Target. The evaluation was completed in February 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE has the ability to collect audit data, review audit logs, protect audit logs from overflow, and restrict access to audit logs. Audit information generated by the system includes the date and time of the event, the user identity that caused the event to be generated, and other event specific data. Authorized administrators can review audit logs and have the ability to search and sort audit records. In the context of this evaluation, the protection profile requirements cover generating audit events, authorized review of stored audit records, and providing secure storage for audit event entries both on the TOE and in its operational environment.
The TOE provides validated cryptographic functions that support encryption/decryption, cryptographic signatures, cryptographic hashing, and random number generation. The TOE implements these functions in support of IPsec, TLS, and HTTPS protocol implementation. The TOE also ensures that its Guest VMs have access to entropy data so that virtualized operating systems can ensure the implementation of strong cryptography.
User Data Protection
The TOE makes certain computing services available to Guest VMs but implements measures to ensure that access to these is granted on an appropriate basis and that these interfaces do not result in unauthorized data leakage between Guest VMs and the TOE or between multiple Guest VMs.
Identification and Authentication
The TOE offers several methods of user authentication, which includes X.509 certificates needed for trusted protocols. The TOE implements password strength mechanisms and ensures that excessive failed authentication attempts using methods subject to brute force guessing (password, PIN) results in lockout behavior.
The TOE includes several functions to manage security policies. Access to administrative functions is enforced through administrative roles. The TOE also has the ability to support the separation of management and operational networks and to prohibit data sharing between Guest VMs.
Protection of the TSF
The TOE implements various self-protection mechanisms to ensure that it cannot be used as a platform to gain unauthorized access to data stored on a Guest VM, that the integrity of both the TSF and its Guest VMs is maintained, and that Guest VMs are accessed solely through well-documented interfaces.
In the context of this evaluation, the TOE allows an authorized administrator to configure the system to display a logon banner before the logon dialog.
The TOE implements IPsec, TLS, and HTTPS trusted channels and paths for the purpose of remote administration, transfer of audit data to the operational environment, and separation of management and operational networks.