Compliant Product - Forescout v8.3
Certificate Date: 2022.08.05CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11279-2022
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: Booz Allen Hamilton Common Criteria Testing Laboratory
The Forescout platform is used to dynamically identify and evaluate network infrastructure, devices and applications connected to the network, and provide enforcement of Network Access Policy (NAC) and Enterprise Conformance Policies.
The Target of Evaluation (TOE) is the Forescout hardware that runs the Forescout software version 8.3. The TOE is a family of products, which includes the following appliance models: CT-R, CT-100, CT-1000, CT-2000, CT-4000, CT-10000, CEM-5, CEM-10, CEM-25, CEM-50, CEM-100, CEM-150, CEM-200, 4130, 5110, 5120, 5140, and 5160.
In its evaluated configuration, the TOE is configured to directly communicate with the following environment components:
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Forescout was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the Forescout v8.3 Security Target Version 2.0. The evaluation underwent CCEVS Validator review. The evaluation was completed in August 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID11279-2022 prepared by CCEVS.
The TOE contains mechanisms to generate audit data to record predefined events on the TOE. The audit logs are stored in an internal database on the TOE’s local hard drive. An authorized administrator has the ability to enable/disable the forwarding of events to an audit server. In the evaluated configuration, the audit data is also securely transmitted to the audit server using a TLS v1.2 communication channel.
The TOE provides cryptography in support of SSH and TLS (v1.2) trusted communications. Two different cryptography software packages are included with the TOE: Bouncy Castle and OpenSSL. Bouncy Castle is used specifically for communications with the management workstation running the Console. OpenSSL is used for all other TLS and SSH communications. The TOE immediately destroys keys when no longer used. The following table identifies the cryptographic services per cryptographic library.
The cryptographic implementation has been validated to ensure that the algorithms are appropriately strong for use in trusted communications: OpenSSL: C1887 and A1941 and Bouncy Castle: C944 and A1959.
Identification and Authentication
The TSF provides a configurable number of maximum consecutive authentication failures that are permitted by a user. Once this number has been met, the account is locked for a configurable time interval or until a Security Administrator manually unlocks the account.
The TOE provides local password authentication for CLI and Console users as well as providing the ability to securely connect to an Active Directory server for the authentication of Console users. Communications over this interface is secured using TLS in which the TOE is acting as a client. The TOE enforces the use of X.509 certificates to support authentication for TLS connections. The only function available to an unauthenticated user is the ability to acknowledge a warning banner. Passwords that are maintained by the TSF can be composed of upper case, lower case, numbers and special characters. A Security Administrator can define the minimum password length between 15 and 30 characters.
The TOE can be administered locally and remotely and uses role-based access control to prevent unauthorized management and access to TSF data. The TOE maintains the role of Security Administrator which is fulfilled by users with the “cliadmin” role for the CLI interfaces and by users with the Administrator role (default account “admin”) for the Console interface.
Protection of the TSF
The TOE is expected to ensure the security and integrity of all data that is stored locally and accessed remotely. Passwords are not stored in plaintext. The TOE does not support automatic updates. An administrator has the ability to query the TOE for the currently executing version the TOE software and is required to manually initiate the update process from the Console. The TOE automatically verifies the digital signature of the software update prior to installation. If the digital signature is found to be invalid for any reason the update is not installed. If the signature is deemed invalid, the administrator will be provided a warning banner. There is no means for an administrative override to continue the installation if the signature is completely missing. The TOE implements a self-testing mechanism that is automatically executed during the initial start-up and can be manually initiated by an administrator after authentication, to verify the correct operation of product and cryptographic modules. The TOE provides its own time via its internal clock.
The TOE displays a configurable warning banner prior to its use. Inactive sessions will be terminated after an administrator-configurable time period. Users are allowed to terminate their own interactive session. Once a remote session has been terminated the TOE requires the user to re-authenticate to establish a new session. Local and remote sessions are terminated after the administrator configured inactivity time limit is reached.
Users can access a CLI for administration functions remotely via SSH (remote console) or a local physical connection (local console) to the TOE. The TOE provides the SSH server functionality. The Console is the main administrator interface, which is running on a separate Windows PC and requires the use of TLS to communicate with the TOE.
The TOE acts as a TLS client to initiate the following secure paths to
The TOE acts as a TLS server and receives requests to establish the following secure paths from:
Forescout Technologies, Inc.