Compliant Product - Enveil ZeroReveal™ Compute Fabric Server v2.5.4
Certificate Date: 2021.05.28CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11151-2021
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Functional Package for TLS Version 1.1
Protection Profile for Application Software Version 1.3
CC Testing Lab: Acumen Security
The Target of Evaluation (TOE) is Enveil ZeroReveal™ Compute Fabric Server v2.5.4 and has been evaluated on the CentOS 8.1 on Intel Core i7-10710U host platform. The TOE is the application software only. The host platforms are not part of the evaluation. The TOE supports secure connectivity with several other IT environment devices as described in Table 1 IT Environment Components.
The TOE has been evaluated on the following host platforms:
- CentOS 8.1 on Intel Core i7-10710U
Note: The TOE is the application software only. The host platforms are not part of the evaluation.
The TOE supports secure connectivity with several other IT environment devices as described below:
Table 1 IT Environment Components
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Enveil ZeroReveal® Compute Fabric Server v2.5.4 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1. The product, when delivered configured as identified in the ZeroReveal Compute Fabric Configuration Guide for Common Criteria v3.1, satisfies all of the security functional requirements stated in the Enveil ZeroReveal® Compute Fabric Server Security Target. The project underwent CCEVS Validator review. The evaluation was completed in May 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE provides the security functionality required by [SWAPP] and [TLS-PKG].
3.1 Cryptographic Support
The cryptographic services provided by the TOE are described below:
Table 2 TOE Provided Cryptography
Each of these cryptographic algorithms have been validated for conformance to the requirements specified in their respective standards, as identified below:
Table 3 CAVP Algorithm Testing References
3.2 User Data Protection
The ZeroReveal Server network communication is restricted to user-initiated communication for responses to API requests from ZeroReveal Clients.
3.3 Identification and Authentication
The ZeroReveal server performs X.509v3 certificate validation functions to authenticate the certificate(s) during the establishment of the TLS trusted channel.
3.4 Security Management
An enterprise manages the TOE via configuration files on each installation platform. There is no management GUI, CLI, or interface to manage the TOE over the network.
The TOE does not include any predefined or default credentials and utilizes the platform recommended storage process for configuration files.
The TOE does not collect or transmit Personally Identifiable Information (PII) over the network.
3.6 Protection of the TSF
The TOE leverages platform provided package management for secure installation and updates. The TOE installation package includes only those third-party libraries necessary for its intended operation. The TOE is designed to utilize compiler-provided anti-exploitation capabilities.
3.7 Trusted Path/Channels
The TOE communicates to the ZeroReveal® Compute Fabric Client via REST API over mutually authenticated TLS. Administrators configure the TOE via local access only, making changes to configuration files.