NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Enveil ZeroRevealâ„¢ Compute Fabric Server v2.5.4

Certificate Date:  2021.05.28

Validation Report Number:  CCEVS-VR-VID11151-2021

Product Type:    Application Software

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Functional Package for TLS Version 1.1
  Protection Profile for Application Software Version 1.3

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The Target of Evaluation (TOE) is Enveil ZeroReveal™ Compute Fabric Server v2.5.4 and has been evaluated on the CentOS 8.1 on Intel Core i7-10710U host platform. The TOE is the application software only. The host platforms are not part of the evaluation. The TOE supports secure connectivity with several other IT environment devices as described in Table 1 IT Environment Components.


Evaluated Configuration

The TOE has been evaluated on the following host platforms:

- CentOS 8.1 on Intel Core i7-10710U

Note: The TOE is the application software only. The host platforms are not part of the evaluation.

The TOE supports secure connectivity with several other IT environment devices as described below:

Component

Required

Usage/Purpose Description

Enveil ZeroReveal® Compute Fabric Server platform

Yes

The TOE is a ZeroReveal® Compute Fabric Server, which communicates with an instance of the ZeroReveal Client to process data queries in a way that does not disclose the nature of the query to any observer.  The TOE does not serve a useful function without the ZeroReveal® Client.

The Server platform must include the Java Runtime as shown in Figure 1 and the CentOS 8.1 OS as defined above.

Enveil ZeroReveal® Compute Fabric Client workstation

Yes

This is the client application which communicates with the ZeroReveal server to process data queries in a way that does not disclose the nature of the query to any observer. The workstation on which the Client runs must support the REST APIs used to communicate with the TOE.

Data Repository

Yes

Locally installed and configured databases containing information against which ZeroReveal queries are executed.

Table 1 IT Environment Components


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Enveil ZeroReveal® Compute Fabric Server v2.5.4 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the ZeroReveal Compute Fabric Configuration Guide for Common Criteria v3.1, satisfies all of the security functional requirements stated in the Enveil ZeroReveal® Compute Fabric Server Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in May 2021.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

The TOE provides the security functionality required by [SWAPP] and [TLS-PKG].

3.1  Cryptographic Support

The cryptographic services provided by the TOE are described below:

Cryptographic Method

Use within the TOE

AES-GCM

TLS encryption

ECDSA

TLS key generation, signature generation and verification

RSA

TLS key generation, signature generation and verification

HMAC

Message integrity and authentication for TLS

AES-CCM

Storage of credentials

DRBG

Random bit generation for all cryptographic functions

Table 2 TOE Provided Cryptography

Each of these cryptographic algorithms have been validated for conformance to the requirements specified in their respective standards, as identified below:

Algorithm

Standard

Mode/Keysize

CAVP Cert. #

HMAC_DRBG

NIST SP 800-90A

HMAC-SHA2-512 with 256 bits of entropy seeded by the platform DRBG

C1874

ECDSA KeyGen

 

ECDH Key Establishment

 

ECDSA SigGen/SigVer

FIPS Pub 186-4, Appendix B.4

 

 

NIST SP 800-56Arev3

 

 

FIPS Pub 186-4, Section 5

Curves P-256 and P-384

C1874

RSA KeyGen

 

RSA SigGen/SigVer

FIPS Pub 186-4, Appendix B.3

 

 

FIPS Pub 186-4, Section 4

2048 bits

C1874

AES-GCM

NIST SP 800-38D

256 bits

C1874

AES-CCM

NIST SP 800-38C

256 bits

C1874

SHA2-256

 

SHA2-384

 

SHA2-512

FIPS Pub 180-4

Digest size 256 bits

 

Digest size 384 bits

 

Digest size 512 bits

C1874

HMAC-SHA2-256

 

HMAC-SHA2-384

 

HMAC-SHA-512

FIPS Pub 198-1

 

Key size 256 bits, block size 512 bits, digest size 256 bits

 

Key size 384 bits, block size 1024 bits, digest size 384 bits

 

Key size 512 bits, block size 1024 bits, digest size 512 bits

C1874

Table 3 CAVP Algorithm Testing References

3.2 User Data Protection

The ZeroReveal Server network communication is restricted to user-initiated communication for responses to API requests from ZeroReveal Clients.

3.3  Identification and Authentication

The ZeroReveal server performs X.509v3 certificate validation functions to authenticate the certificate(s) during the establishment of the TLS trusted channel.

3.4  Security Management

An enterprise manages the TOE via configuration files on each installation platform.  There is no management GUI, CLI, or interface to manage the TOE over the network.

The TOE does not include any predefined or default credentials and utilizes the platform recommended storage process for configuration files.

3.5  Privacy

The TOE does not collect or transmit Personally Identifiable Information (PII) over the network.

3.6  Protection of the TSF

The TOE leverages platform provided package management for secure installation and updates.  The TOE installation package includes only those third-party libraries necessary for its intended operation.  The TOE is designed to utilize compiler-provided anti-exploitation capabilities.

3.7  Trusted Path/Channels

The TOE communicates to the ZeroReveal® Compute Fabric Client via REST API over mutually authenticated TLS.  Administrators configure the TOE via local access only, making changes to configuration files.


Vendor Information


Enveil, Inc.
Jacob Wilder
(443) 741-1021
info@enveil.com

www.enveil.com
Site Map              Contact Us              Home