Compliant Product - VMware Horizon Client 8 2209 (Horizon 8.7)
Certificate Date: 2023.06.16CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11357-2023
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Functional Package for TLS Version 1.1
Protection Profile for Application Software Version 1.4
CC Testing Lab: Leidos Common Criteria Testing Laboratory
Administrative Guide: Common Criteria (CC) Evaluated Configuration Guidance VMware Horizon Client 8 2209 (Horizon 8.7)
Administrative Guide: Horizon Overview and Deployment Planning
Administrative Guide: Horizon Client for Android Guide
Administrative Guide: Horizon Client for Windows Guide
Administrative Guide: Horizon Administration
Administrative Guide: Horizon Installation and Upgrade
Administrative Guide: Horizon Security
The Target of Evaluation (TOE) is VMware Horizon Client 8 2209 (Horizon 8.7). The specific evaluated version of the VMware Horizon Client 8 application is version 2209 or 8.7; these are synonymous. The TOE is an application that resides on the end user device that is used to access enterprise resources. A user accesses their virtual desktop through the Horizon Client. The virtual desktop consolidates the users authorized enterprise computing environments and applications into a single view that is presented to them through a client application. In the evaluated configuration, users interact with resources on their virtual desktop using the VMware Blast Extreme protocol (“Blast protocol”), which is a VMware proprietary encoding protocol for real-time streaming of video data from a remote device.
VMware Horizon Client is part of the VMware Horizon suite of appliances that work together to deliver centralized enterprise resources to end users. This is done by providing users with a “virtual desktop” that consolidates their authorized enterprise computing environments and applications into a single view that is presented to them through a client application. The TOE is the Client portion of this distribution.
The Horizon Client TOE consists of the Horizon Client application. The TOE includes the Windows and Android platform versions of this application. The user-facing functionality for both platform versions is fundamentally the same. Both platform versions consist of C and C++ code; the Android platform version also has Java components, and the Windows platform version also has C++/CLI and C# components. Third-party components used by the TOE are linked into the TOE binaries.
VMware Horizon as a suite consists of several components:
· Horizon Clients are applications that are installed on end user devices. A user accesses their virtual desktop through the Horizon Client.
· Horizon Agents are applications that run on virtual servers in the enterprise environment. These agents facilitate remote access to the desktop of a virtual server or to specific applications running on that server that may be served directly to the virtual desktop.
· The Horizon Connection Server is responsible for brokering connections between Horizon Clients and Horizon Agents to authenticate users and serve appropriate resources to a particular user based on enterprise permissions.
A VMware Horizon deployment typically includes one or more instances of the VMware Unified Access Gateway (UAG) as well. The purpose of the UAG is to enforce separation of internal and external networks. This allows the Horizon Client to act as a TLS VPN to access services within the protected network when the end user device is in an external setting such as an untrusted mobile Wi-Fi network.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the VMware Horizon Client 8 2209 (Horizon 8.7) Common Criteria (CC) Evaluated Configuration Guidance, version 1.0, April 4, 2023, satisfies all of the security functional requirements stated in the VMware Horizon Client 8 2209 (Horizon 8.7) Security Target, Version 1.0, 04 April 2023. The evaluation was completed in June 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11357-2023) prepared by CCEVS.
The TOE implements cryptography to protect data in transit. For data in transit, the TOE implements TLS/HTTPS as a client. The TOE supports mutual authentication for its TLS connections.
The TOE implements all cryptography used for these functions using its own implementations of OpenSSL with NIST-approved algorithms. The TOE’s DRBG is seeded using entropy from the underlying OS platform.
For data at rest, the TOE relies on its operational environment to control access to stored credential data.
User Data Protection
The TOE relies on platform storage mechanisms to protect sensitive credential data at rest.
The TOE relies on the network connectivity of its host OS platform. The TOE can also access the system clipboard (depending on administrative configuration), audio/video capture devices, and attached USB storage devices and file system resources.
Identification and Authentication
The TOE supports X.509 certificate validation as part of establishing TLS/HTTPS connections. The TOE relies on platform-provided functionality to support various certificate validity checking methods, including the checking of certificate revocation status using CRL. If the validity status of a certificate cannot be determined, the certificate will be accepted or rejected based on administrative configuration. All other cases where a certificate is found to be invalid will result in rejection without an administrative override.
The TOE itself and the configuration settings it uses are stored in locations recommended by the platform vendor. The TOE is launched by an authenticated OS user and runs in the session context of that user; there is no interface for a non-administrator to act as an administrator through separate authentication. When in its evaluated configuration, the TOE does not have any security-relevant management functions as all security-relevant configuration is done as part of the initial setup of the TOE.
The TOE does not have an interface to request or transmit requested PII from a user; PII is only transmitted over the network if initiated by the user.
Protection of the TSF
The TOE enforces various mechanisms to prevent itself from being used as an attack vector to its host OS platform. The TOE implements address space layout randomization (ASLR), does not allocate any memory with both write and execute permissions, does not write user-modifiable files to directories that contain executable files, is compiled using stack overflow protection, and is compatible with the security features of its host OS platform.
The TOE contains libraries and invokes system APIs that are well-known and explicitly identified.
The TOE has a mechanism to determine its current software version. Software updates to the TOE can be acquired through the application itself or by leveraging its OS platform, depending on the platform version of the TOE. All updates are digitally signed to guarantee their authenticity and integrity.
The TOE encrypts sensitive data in transit between itself and its operational environment using TLS/HTTPS. These interfaces are used to secure all data in transit between the TOE and its operational environment.
email@example.com (triple N's)