Compliant Product - SailPoint IdentityIQ File Access Manager Version 8.1
Certificate Date: 2020.12.08CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11116-2020
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Application Software Version 1.3
CC Testing Lab: Booz Allen Hamilton Common Criteria Testing Laboratory
The SailPoint IdentityIQ File Access Manager (FAM) version 8.1 (“IdentityIQ FAM”) application’s primary functionality is to allow its users to review and manage the governed data created by IdentityIQ FAM for the monitoring of enterprise data stored on one or more managed resources. The governed data allows IdentityIQ FAM users to identify and classify data, understand on which managed resources within the network the data is stored, and understand which enterprise users have access to the data.
In the evaluated configuration, the Target of Evaluation (TOE) is the SailPoint IdentityIQ File Access Manager (FAM) 8.1 (“IdentityIQ FAM”) application is installed on a Windows Server 2019 and through APIs the TOE utilizes several functions of the operating system to perform its operations. The TOE relies on .NET Framework to function and Internet Information Services (IIS) to host its GUI web pages. The administrative interfaces include a local Fat Client for local access and a web GUI for remote access. The TOE is configured to securely communicate with the following external IT entities: LDAP Server, SQL Database, and Windows File Server(s).
SailPoint IdentityIQ FAM 8.1 is a software-only TOE and therefore its physical boundary is its software. The TOE does not include the hardware or operating system of the system on which it is installed. It also does not include the third party software which is required for the TOE to run. The following table lists the components that are required for the TOE’s use in the evaluated configuration. These Operational Environment components are expected to be patched to include the latest security fixes for each component.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. SailPoint IdentityIQ File Access Manager 8.1 was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the SailPoint IdentityIQ File Access Manager 8.1 Security Target Version 1.10, November 30, 2020. The evaluation underwent CCEVS Validator review. The evaluation was completed in December 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID11116 -2020 prepared by CCEVS.
The TOE invokes the Windows platform’s cryptographic services to secure data in transit communication. Due to this, the TOE does not directly invoke any DRBG functionality nor does the TOE perform generation of asymmetric cryptographic keys. The TOE also uses the Windows platform’s Data Protection API to store the credentials for accessing the SQL database.
User Data Protection
The administrator that installs the TOE will set the initial credentials for accessing the TOE and will also be assigned the owner permissions for the TOE’s software by the Windows platform. Due to the Windows platform’s access permissions and the TOE’s install directory being C:\Program Files, the TOE’s binaries and data files are protected from unprivileged modification. The TOE’s administrators are able to configure the TOE and perform tasks via the TOE’s GUI and fat client. All TOE configuration options are stored in the remote SQL database.
The TOE ensures the privacy of its administrators and users by not providing any ability to collect or transmit personally identifiable information (PII) over the network.
Protection of the TSF
The TOE relies on the Windows platform to request memory and will not request an explicit memory address. The TOE does not allocate any memory region with both write and execute permissions. As a .NET framework application, the TOE has stack-based buffer overflow protections. The TOE uses a number of Windows platform APIs and third party libraries as part of its operation.
Administrators can verify the TOE’s version by checking any of the TOE’s binary files or by authenticating to the fat client. The TOE automatically checks its software version against the latest available software version provided by SailPoint. TOE software, including patch updates, is signed with a DigiCert certificate. Administrators can initiate the software update process through the fat client. The TOE’s uninstallation process results in the deletion of all traces of the application, with the exception of configuration settings, output files, and audit/log events.
The TOE invokes the Windows platform to encrypt all data-in-transit communications between itself and another trusted IT product. The trusted IT products, encryption protocols used, and the purpose of the connection have been described under the “User Data Protection” section above.