CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

The Target of Evaluation (TOE) is One Identity Safeguard for Privileged Sessions 6.9. The TOE is a network device offering CAVP certified cryptographic functions, security auditing, secure administration, trusted updates, self-tests, and secure connections with other IT entities using SSH and TLS.

Safeguard for Privileged Sessions is a network appliance that is able to enforce access control, authorization, and accounting methods on application-layer protocols that are commonly associated with management activities. In the evaluated configuration, the TOE is responsible for secure proxying of SSH connections that carry application-layer protocols; the access control functionality for application-layer protocols is out of scope. Specifically, the TOE is responsible for ensuring the security of its own use and for the proper implementation of the secure communications protocols used for communication to, from, and through it.

SPS generates security relevant audit records, stores them locally, and can be configured to forward them to a syslog server over TLS. The locally stored audit records are protected from unauthorized access.

Security Audit

The TOE generates security relevant audit records, stores them locally, and can be configured to forward them to a syslog server over TLS. The locally stored audit records are protected from unauthorized access.

Cryptographic Support

The TOE uses OpenSSL with NIST-validated algorithm implementations in support of its cryptographic functions. The TOE uses these algorithms to implement TLS, HTTPS, and SSH in accordance with defined standards.

Identification and Authentication

The TOE provides identification and authentication and password management functions for its administrative interface. It also supports X.509 certificate services in support of authentication for cryptographic channels, including certificate revocation checking using CRL.

Security Management

The TOE provides security management functions and defines roles that can be associated with users in order to manage the TOE locally or remotely. The management functions are provided through a Web UI, REST API, and local Console.

Protection of the TSF

The TOE implements features designed to protect itself to ensure the reliability and integrity of its security features to include protecting sensitive data and providing its own timing mechanism to ensure that reliable time information is available (e.g., for log accountability).

The TOE includes functions to perform self-tests so that it can detect when it is failing and transition to a secure, maintenance state. It also includes a mechanism to verify TOE updates to prevent malicious or other unexpected changes in the TOE.

TOE Access

The TOE displays a Security Administrator-specified advisory notice and consent warning message prior to establishing an administrative user session. The TOE terminates local and remote administrator interactive sessions after a Security Administrator-specified time period of inactivity. The TOE allows administrator-initiated termination of the administrator’s own interactive session.

Trusted Path/Channels

The TOE provides trusted paths and channels for remote administrators and trusted IT entities. The TOE can be configured to send audit records to external syslog server(s) using TLS in real-time.

Vendor Information