Compliant Product - Varonis Data Security Platform 8.6
Certificate Date: 2020.12.09CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11100-2020
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Application Software Version 1.3
CC Testing Lab: Acumen Security
The TOE is an application running on a general-purpose operating system. The TOE consists of a set of application binaries (executable runtimes, DLLs, etc.), web-based UIs, configuration files, and data that correspond with the application components discussed in the ST. The TOE leverages the Windows platform to secure connectivity with third party products using TLS/HTTPS. In addition, the Windows platform provides the secure HTTPS/TLS functionality as necessary to protect the trusted path to TOE administrators.
The TOE is evaluated on the Microsoft Windows Server version 2019 build 1809 platform, which has been evaluated against the Protection Profile for General Purpose Operating Systems, Version 4.2.1, and the Extended Package for Wireless LAN Client, Version 1.0.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Varonis Data Security Platform was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. The product, when delivered configured as identified in the Varonis Data Security Platform 8.6 Common Criteria Configuration Guide, satisfies all of the security functional requirements stated in the Varonis Data Security Platform v8.6 Security Target. The project underwent CCEVS Validator review. The evaluation was completed in December 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Logical Scope of the TOE
The TOE provides the security functionality required by [SWAPP].
The Microsoft Windows Server 2019 platform provides TLS/HTTPS functionality for users communicating with the TOE via its remote web interfaces, as well as TLS/HTTPS connections from the TOE to third party devices including Microsoft Active Directory, Microsoft Exchange Server, Microsoft SharePoint, and NetApp filers.
The TOE invokes the platform cryptography for secure credential storage including database connection strings, credentials for third party applications, and X.509 certificates and keypairs.
There are no cryptographic algorithms implemented within the TOE.
User Data Protection
Access to TOE platform resources is restricted to network communications and application logs. The TOE initiates communications to third party applications and allows initiation to the TOE from remote users for management.
The TOE leverages the Windows platform to securely store sensitive data.
The TOE stores configuration data using the recommended platform configuration storage mechanisms.
The TOE provides no access to any TSF functionality by default. No credentials are provided with the application on a default install and must be configured during the TOE installation process.
The TOE’s binary and data files are protected with file permissions that prevent modification from unprivileged users.
The TOE is managed by the DatAdvantage Management Console, DatAdvantage UI, DatAdvantage Web, and DataPrivilege Web.
The TOE does not transmit PII.
The TOE uses only documented platform APIs and third-party libraries as specified in Appendix A of the ST.
The TOE does not request memory mapping at any explicit addresses, does not allocate any memory regions with both write and execute permissions, and does not write user-modifiable files to directories containing executable files. The TOE is built with stack-based buffer overflow protection enabled and is compatible with the platform security features.
Application Note: This requirement applies only to PII that is specifically requested by the application; it does not apply if the user volunteers PII without prompting from the application into a general (or inappropriate) data field. A dialog box that declares intent to send PII presented to the user at the time the application is started is sufficient to meet this requirement.
The evaluator shall inspect the TSS documentation to identify functionality in the application where PII can be transmitted.
If require user approval before executing is selected, the evaluator shall run the application and exercise the functionality responsibly for transmitting PII and verify that user approval is required before transmission of the PII.
Updates to the TOE are performed manually by the TOE administrator. The TOE provides the ability to check for updates and verify the currently installed version. All TOE installation and update files are distributed in an executable format supported by Windows and binaries are signed to provide integrity of the update file.
Application Note: The definition of documented may vary depending upon whether the application is provided by a third party (who relies upon documented platform APIs) or by a platform vendor who may be able to guarantee support for platform APIs.
The evaluator shall verify that the TSS lists the platform APIs used in the application.
The evaluator shall then compare the list with the supported APIs (available through e.g. developer accounts, platform developer groups) and ensure that all APIs listed in the TSS are supported.
The evaluator will inspect every native executable included in the TOE to ensure that stack-based buffer overflow protection is present.
Application Note: This requirement is about the ability to "check" for updates. The actual installation of any updates should be done by the platform. This requirement is intended to ensure that the application can check for updates provided by the vendor, as updates provided by another source may contain malicious code.
The evaluator shall check to ensure the guidance includes a description of how updates are performed.
The evaluator shall check for an update using procedures described in either the application documentation or the platform documentation and verify that the application does not issue an error. If it is updated or if it reports that no update is available this requirement is considered to be met.
SWID tags are used to uniquely identify the TOE binaries.
Application Note: The intention of this requirement is for the evaluator to discover and document whether the application is including unnecessary or unexpected third-party libraries. This includes adware libraries which could present a privacy threat, as well as ensuring documentation of such libraries in case vulnerabilities are later discovered.
The evaluator shall install the application and survey its installation directory for dynamic libraries. The evaluator shall verify that libraries found to be packaged with or employed by the application are limited to those in the assignment.
Application Note: The use of SWID tag to identify application software is a requirement for DOD IT based on DoD Instruction 8500.01 which requires the use of SCAP which includes SWID tags per the NIST standard. The PP selection of "other version information" will be removed in the next major release of this protection profile. Vendors should begin to version software with valid SWID tags.
Valid SWID tags must contain a SoftwareIdentity element and an Entity element as defined in the ISO/IEC 19770-2:2015 standard. SWID tags must be stored with a .swidtag file extensions as defined in the ISO/IEC 19770-2:2015.
If "other version information" is selected the evaluator shall verify that the TSS contains an explaination of the versioning methodology.
The evaluator shall install the application, then check for the / existence of version information. If SWID tags is selected the evaluator shall check for a .swidtag file. The evaluator shall open the file and verify that is contains at least a SoftwareIdentity element and an Entity element.
The TOE invokes the Windows platform to encrypt transmitted data between itself and third-party systems using TLS/HTTPS.