CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

The Target of Evaluation (TOE) is Enveil ZeroReveal™ Compute Fabric Server v2.5.4 and has been evaluated on the CentOS 8.1 on Intel Core i7-10710U host platform. The TOE is the application software only. The host platforms are not part of the evaluation. The TOE supports secure connectivity with several other IT environment devices as described in Table 1 IT Environment Components.

The TOE has been evaluated on the following host platforms:

- CentOS 8.1 on Intel Core i7-10710U

Note: The TOE is the application software only. The host platforms are not part of the evaluation.

The TOE supports secure connectivity with several other IT environment devices as described below:

Table 1 IT Environment Components

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Enveil ZeroReveal® Compute Fabric Server v2.5.4 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the ZeroReveal Compute Fabric Configuration Guide for Common Criteria v3.1, satisfies all of the security functional requirements stated in the Enveil ZeroReveal® Compute Fabric Server Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in May 2021.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

The TOE provides the security functionality required by [SWAPP] and [TLS-PKG].

3.1  Cryptographic Support

The cryptographic services provided by the TOE are described below:

Table 2 TOE Provided Cryptography

Each of these cryptographic algorithms have been validated for conformance to the requirements specified in their respective standards, as identified below:

Table 3 CAVP Algorithm Testing References

3.2 User Data Protection

The ZeroReveal Server network communication is restricted to user-initiated communication for responses to API requests from ZeroReveal Clients.

3.3  Identification and Authentication

The ZeroReveal server performs X.509v3 certificate validation functions to authenticate the certificate(s) during the establishment of the TLS trusted channel.

3.4  Security Management

An enterprise manages the TOE via configuration files on each installation platform.  There is no management GUI, CLI, or interface to manage the TOE over the network.

The TOE does not include any predefined or default credentials and utilizes the platform recommended storage process for configuration files.

3.5  Privacy

The TOE does not collect or transmit Personally Identifiable Information (PII) over the network.

3.6  Protection of the TSF

The TOE leverages platform provided package management for secure installation and updates.  The TOE installation package includes only those third-party libraries necessary for its intended operation.  The TOE is designed to utilize compiler-provided anti-exploitation capabilities.

3.7  Trusted Path/Channels

The TOE communicates to the ZeroReveal® Compute Fabric Client via REST API over mutually authenticated TLS.  Administrators configure the TOE via local access only, making changes to configuration files.

Vendor Information