NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - VMware Horizon Agent 8 2209 (Horizon 8.7)

Certificate Date:  2023.06.23

Validation Report Number:  CCEVS-VR-VID11358-2023

Product Type:    Network Encryption
   Application Software

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Functional Package for TLS Version 1.1
  Protection Profile for Application Software Version 1.4

CC Testing Lab:  Leidos Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide: Common Criteria (CC) Evaluated Configuration Guidance VMware Horizon Agent 8 2209 (Horizon 8.7) [PDF]

Administrative Guide: Horizon Overview and Deployment Planning [PDF]

Administrative Guide: Horizon Installation and Upgrade [PDF]

Administrative Guide: Horizon Security [PDF]

Administrative Guide: Linux Desktops and Applications in Horizon [PDF]

Administrative Guide: Virtual Machine Encryption [PDF]

Administrative Guide: Windows Desktops and Applications in Horizon [PDF]

Product Description

The Target of Evaluation (TOE) is VMware Horizon Agent 8 2209 (Horizon 8.7). The specific evaluated version of the VMware Horizon Agent 8 application is version 2209 or 8.7; these are synonymous. The TOE is a server application that is responsible for serving content on the system it runs on to an authorized Horizon Client accessing it through the virtual desktop. Depending on configuration, this may refer to the Horizon Client being able to launch specific applications on the Agent’s host OS platform or to run an interactive remote desktop session on the platform OS itself.

VMware Horizon Agent is part of the VMware Horizon suite of appliances that work together to deliver centralized enterprise resources to end users. This is done by providing users with a “virtual desktop” that consolidates their authorized enterprise computing environments and applications into a single view that is presented to them through a client application. The TOE is the Agent portion of this distribution.

The Horizon Agent TOE consists of the Horizon Agent application. The TOE has both Windows and Linux platform versions. The Windows application consists of C, C++, and Java code, and the Linux application consist of C, C++, Java, Python, JavaScript, and shell code. Third-party components used by the TOE are linked into the TOE binaries or run as a system service, depending on the component.

VMware Horizon as a suite consists of several components:

·       Horizon Clients are applications that are installed on end user devices. A user accesses their virtual desktop through the Horizon Client.

·       Horizon Agents are applications that run on virtual servers in the enterprise environment. These agents facilitate remote access to the desktop of a virtual server or to specific applications running on that server that may be served directly to the virtual desktop.

·       The Horizon Connection Server is responsible for brokering connections between Horizon Clients and Horizon Agents to authenticate users and serve appropriate resources to a particular user based on enterprise permissions.

A VMware Horizon deployment typically includes one or more instances of the VMware Unified Access Gateway (UAG) as well. The purpose of the UAG is to enforce separation of internal and external networks. This allows the Horizon Client to act as a TLS VPN to access services within the protected network when the end user device is in an external setting such as an untrusted mobile Wi-Fi network.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the Protection Profile for Application Software, Version 1.4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the VMware Horizon Agent 8 2209 (Horizon 8.7) Common Criteria (CC) Evaluated Configuration Guidance, version 1.0, May 17, 2023, satisfies all of the security functional requirements stated in the VMware Horizon Agent 8 2209 (Horizon 8.7) Security Target, Version 1.0, 17 May 2023. The evaluation was completed in June 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11358-2023) prepared by CCEVS.

Environmental Strengths

Cryptographic Support

The TOE makes use of cryptography to protect data at rest and in transit.

For data at rest, the Windows platform version of the TOE relies on its operational environment to control access to stored credential data stored as certificates. All other credential data for both the Windows and Linux platform versions are protected by TSF-provided cryptographic functions.

For protection of sensitive data in transit, the TOE implements TLS/HTTPS as a server. The TOE implements all cryptography used for these functions using its own implementation of OpenSSL with CAVP validated algorithms. The TOE also implements cryptography through its own implementation Bouncy Castle BC-FJA. This is used to decrypt and encrypt data that is transmitted between the environmental Connection Server and the TOE. The TOE’s DRBG is seeded using entropy from the underlying OS platform.

User Data Protection

The TOE relies on volume encryption via VMware VM Encryption to protect sensitive data at rest.

The TOE relies on the network connectivity of its host OS platform. The TOE can also access the system clipboard, audio/video capture devices, and file system resources.

Security Management

The TOE itself and the configuration settings it uses are stored in locations recommended by the platform vendor. The TOE is launched by an authenticated OS user and runs in the session context of that user; there is no interface to the TSF to act as an administrator through separate authentication. Changes to the product configuration are initiated from the Operational Environment.


The TOE does not have a mechanism to retrieve or transmit personally identifiable information (PII) of any individuals.

Protection of the TSF

The TOE enforces various mechanisms to prevent itself from being used as an attack vector to its host OS platform. The TOE implements address space layout randomization (ASLR), does not allocate any memory with both write and execute permissions, does not write user-modifiable files to directories that contain executable files, is compiled using stack overflow protection, and is compatible with the security features of its host OS platform.

The TOE contains libraries and invokes system APIs that are well-known and explicitly identified.

The TOE has a mechanism to determine its current software version. Software updates to the TOE can be acquired through the application itself or by leveraging its OS platform, depending on the platform version of the TOE. All updates are digitally signed to guarantee their authenticity and integrity.

Trusted Path/Channels

The TOE encrypts sensitive data in trans

Vendor Information

VMware, Inc.
Vann Nguyen
650-427-5001 (triple N's)
Site Map              Contact Us              Home