NIAP: Assurance Continuity
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Product Entry  »»  Assurance Continuity  
Assurance Continuity - CertAgent v7.0 patch level 8

Date of Maintenance Completion:  2020.08.13

Product Type:    Certificate Authority

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Certification Authorities Version 2.1

Original Evaluated TOE:  2018.06.01 - CertAgent v7.0

CC Certificate [PDF] Validation Report [PDF] Assurance Activity [PDF]

Administrative Guide [PDF]

Please note:  The above files are for the Original Evaluated TOE.  Consequently, they do not refer to this maintained version, although they apply to the maintained version. 

Security Target [PDF] * Assurance Continuity Maintenance Report [PDF] Administrative Guide [PDF]

Please note:  This serves as an addendum to the VR for the Original Evaluated TOE. 

* This is the Security Target (ST) associated with this latest Maintenance Release.  To view previous STs for this TOE, click here.

Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product.  Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate.  Such assurance can only be gained through re-evaluation. 

Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary.  A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target.  Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents. 

Product Description

The vendor made software changes that addressed three areas: new features, changes to existing functionality and defect fixes. None of the changes were to any of the security functions, TSF interfaces or security objectives. The documentation has been updated to reflect the software version, the Security Target and Common Criteria Configuration Guide.

TOE new features:

Feature

Description

Added support for partially unattended installation and a post-install script

ISC rates the impact on assurance to be minor because we have simply automated existing installation procedures.

These changes do not affect any TSF interfaces, SFRs, or security functions and there are no assurance activities associated with this change.

 


TOE changes to existing functionality:

Feature

Description

Changed the Certificates and Certificate Requests pages to allow multiple profile selection

 

ISC rates the impact on assurance to be minor because we have only changed the filtering of displayed requests and simplified the issuance process for the CA Operations Staff role.

These changes do not affect any TSF interfaces, SFRs, or security functions and there are no assurance activities associated with this change.

Changed dNSName validation to allow comma and underscore characters

 

ISC rates the impact on assurance as minor because we simply allowed new characters in the extension values for which no PP guidance exists

Changed the RA Management Interface (RAMI) certificate enrollment response

 

ISC rates the impact on assurance as minor because the change simply provided an additional way to obtain the issued certificate through RAMI.

This change does not affect any TSF interfaces, SFRs, or security functions.

Added hyperlinks to display certificates and certificate chains in base64 format

 

ISC rates the impact on assurance as minor because the change simplified the process to obtain the certificate in base64-encoded format.

This change does not affect any TSF interfaces, SFRs, or security functions and there are no assurance activities associated with this change.

Automated update of CRLs used for path validation and enhanced status checking

 

ISC rates the impact on assurance to be minor because we have automated the CRL update process for the administrators and the TOE always checks the CRL when doing status checking as part of the authentication process.

These changes do not affect any TSF interfaces, SFRs, or security functions.

Increased the maximum number of characters allowed in an account ID and display name

 

ISC rates the impact on assurance as minor because using a longer account/profile ID and display name are only cosmetic changes.

These changes do not affect any TSF interfaces, SFRs, or security functions and there are no assurance activities associated with this change.

Added an option to the CACLI export function to control the filenames of output files

ISC rates the impact on assurance as minor because the change only affects the output filename.

This change does not affect any TSF interfaces, SFRs, or security functions and there are no assurance activities associated with this change.

Updated the Admin and CA Account sites user interface

ISC rates the impact on assurance as minor because they are cosmetic changes.

These changes do not affect any TSF interfaces, SFRs, or security functions and there are no assurance activities associated with them.

Simplified the process to reconfigure the TOE after a Java update

 

ISC rates the impact on assurance as minor because Java is not part of the TOE and the change simplified the manual update process required after a Java update.

This change does not affect any TSF interfaces, SFRs, or security functions and there are no assurance activities associated with this change.

Removed the option to view the Tomcat logs from the admin site

 

ISC rates the impact on assurance as minor because we simply removed unnecessary option. The Tomcat logs were never part of the TOE’s official audit system nor were they used during validation testing to meet any requirements.

This change does not affect any TSF interfaces, SFRs, or security functions and there are no assurance activities associated with this change.

Removed the browser-based enrollment option from the Public Site when using Firefox

 

ISC rates the impact on assurance as minor because browser-based enrollment is not a requirement of the PP, the functionality is still supported when Internet Explorer is used, and guidance was added to provide an alternate way to generate enrollment requests where Firefox was previously specified.

This change does not affect any TSF interfaces, SFRs, or security functions and there are no assurance activities associated with this change.

Updated Apache Tomcat

 

ISC rates the impact on assurance as minor because after a review of the Apache Tomcat Changelog and source code we concluded that there were only minor changes in functionality used by the TOE.

This change does not affect any TSF interfaces, SFRs, or security functions.

Added support for Amazon Corretto 8 as a supported Java Implementation

 

ISC rates the impact on assurance as minor because Java is not part of the TOE.

This change does not affect any TSF interfaces, SFRs, or security functions and there are no assurance activities associated with this change.


TOE defect fixes:

Feature

Description

Corrected the Enrollment over Secure Transport (EST) URL

 

ISC rates the impact on assurance as minor because only the URL format and content-type changed. Neither change is covered by tests in the PP. The URL change doesn’t change how the TOE authenticates the clients or processes the requests. The content-type change now complies with the RFC and EST clients that expect the content-type: “application/pkcs7-mime; smime-type=cert-only” now function properly.

The above changes do not affect the TSF interface, SFRs, and security functions.

Restricted the “System” Credential to RSA only

 

ISC rates the impact on assurance as minor because the changes just ensure the sign and decrypt capabilities of the system credential and removed an optional feature (ECC key support for the system credential).

This change does not affect any TSF interfaces, SFRs, or security functions and there are no assurance activities associated with this change.

Updated the order of the user authentication checks

ISC rates the impact on assurance as minor because the change only modified the order of the checks.

These changes do not affect the TSF interface, SFRs, and security functions.

Corrected the error message displayed on the Admin site when an integrity check fails

ISC rates the impact on assurance as minor because the change only affects the error message displayed to the privileged user when integrity failure occurs.

This change does not affect the TSF interface, SFRs, and security functions.

Updated some audit events

 

ISC rates the impact on assurance as minor because the changes only removed redundant information from, or provided additional details to, the existing audit events. The updated guidance document (Guidance for Common Criteria Evaluation v2.54.0) contains the current audit events.

These changes do not affect the TSF interface, SFRs, and security functions.

Corrected the validity period calculations

 

ISC rates the impact on assurance as minor because the notAfter date is now calculated correctly regardless of the daylight-saving time status.

This change does not affect any TSF interfaces, SFRs, or security functions.

Added input validation on the NIAP Conformance: Client Certificate DN Filter setting

ISC rates the impact on assurance as minor because only a validation check was added.

This change does not affect any TSF interfaces, SFRs, or security functions.

Updated so that old CRLs are automatically removed when replaced

 

ISC rates the impact on assurance to be minor because we have simplified the administrator’s task and improved the path validation performance. Both validated and changed TOEs return the path validation result properly.

These changes do not affect any TSF interfaces, SFRs, or security functions.

Corrected issues with the user interfaces

 

ISC rates the impact on assurance to be minor because they corrected minor issues.

These changes do not affect any TSF interfaces, SFRs, or security functions and there are no assurance activities are associated with these changes.

Fixed CACLI bugs

 

ISC rates the impact on assurance to be minor because they corrected minor issues and added support for settings in the web interface that were missing in the CACLI.

These changes do not affect any TSF interfaces, SFRs, or security functions and there are no assurance activities associated with these changes.


Regression Testing
:

Regression testing and new feature testing was performed to ensure that the validated claims continued to be satisfied. For all product releases, ISC ran a full suite of tests that cover the functionality of the product, including testing of common criteria functions. All tests were satisfied and passed.

Vulnerability Analysis:

An updated search for vulnerabilities was performed, on the updated TOE, August 13, 2020. The results of the vulnerability assessment were included in the IAR. No new vulnerabilities were detected.

The following search terms were used in the updated vulnerability analysis:

- Acalashim

- Apache Tomcat 8.5.50

- CDK

- jquery 1.11.0

- log4j 1.2.16

- org.json.json-rpc

Vendor Information

Logo
Information Security Corporation
Jonathan Schulze-Hewett
847-405-0500
708-445-9705
schulze-hewett@infoseccorp.com

https://www.infoseccorp.com
Site Map              Contact Us              Home