Compliant Product - One Identity Safeguard for Privileged Passwords v6.7
Certificate Date: 2021.06.08CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11137-2021
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: Leidos Common Criteria Testing Laboratory
The Target of Evaluation (TOE) is One Identity Safeguard for Privileged Passwords v6.7. The TOE is a network device offering CAVP certified cryptographic functions, security auditing, secure administration, trusted updates, self-tests, and secure connections with other servers (i.e. assets, and syslog), protected using TLS or HTTPS.
The TOE consists of a network appliance with pre-installed firmware that automates the issuance and management of privileged passwords for organizational assets. It communicates with managed systems (termed “assets” in the guidance documentation) of different types and ensures that password data is up-to-date, based on policies provisioned on the TOE. An asset is a computer, server, network device, or application managed by a Safeguard for Privileged Passwords appliance. Supported asset types include operating systems for servers and firewalls, database management systems, and access control products. The TOE supports secure communication channels with assets via HTTPS or TLS. Note, however, the evaluation did not cover the functionality related to the issuance and management of privileged passwords, other than the functions for securing the transmission channels.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, September 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the guidance documentation, satisfies all of the security functional requirements stated in the One Identity Safeguard for Privileged Passwords v6.7 Security Target. The evaluation was completed in June 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE generates security relevant audit records, stores them locally, and can be configured to forward them to a syslog server over TLS. The locally stored audit records are protected from unauthorized access.
The TOE includes FIPS-approved cryptographic libraries with CAVP certificates for their cryptographic algorithms. The TOE uses its Windows cryptographic libraries for all HTTPS, TLS and certificate functionality. Cryptographic services include key management, random bit generation, symmetric encryption and decryption, digital signature, and secure hashing.
Identification and Authentication
The TOE displays a configurable warning banner and allows automated generation of cryptographic keys prior to a user being successfully identified and authenticated. No other actions are permitted until the user is authenticated. The TOE provides: username/password and X.509 certificate-based identification and authentication methods; password management functions; and authentication failure management functions.
The TOE provides Web UI and REST API management interfaces that an administrator can access via a network port. The TOE’s REST API can be accessed from the desktop client application or may be invoked directly if desired. Local management of the TOE is possible by directly connecting a computer to the appliance’s XO port via Ethernet cable. The management interfaces are protected with HTTPS and are limited users assigned an authorized administrator role.
Protection of the TSF
The TOE implements features designed to protect itself to ensure the reliability and integrity of its security features, including protection of sensitive data and provision of timing mechanisms to ensure that reliable time information is available for the TOE’s own use (e.g., for log accountability).
The TOE includes functions to perform self-tests so that it can detect when it is failing and transition to a secure, maintenance state. It also includes a mechanism to verify TOE updates to prevent malicious or other unexpected changes in the TOE.
The TOE displays a Security Administrator-specified advisory notice and consent warning message prior to establishing an administrative user session. The TOE terminates local and remote administrator interactive sessions after a Security Administrator-specified time period of inactivity. The TOE allows administrator-initiated termination of the administrator’s own interactive session.
The TOE provides trusted paths and channels for remote administrators and trusted IT entities. The TOE can be configured to send audit records to external syslog server(s) using TLS in real-time.
One Identity LLC