NIAP: Assurance Continuity
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Product Entry  »»  Assurance Continuity  
Assurance Continuity - McAfee Network Security Platform (NSM Linux Appliance v10.1.19.17 and NS Sensor Appliances v10.1.17.15) Update to (NSM Linux Appliance v10.1.19.47 and NS Sensor Appliances v10.1.17.63)

Date of Maintenance Completion:  2022.07.20

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.1
  Extended Package for Intrusion Prevention Systems Version 2.11

Original Evaluated TOE:  2020.11.09 - McAfee Network Security Platform (NSM Linux Appliance v10.1.19.17 and NS Sensor Appliances v10.1.17.15)

CC Certificate [PDF] Validation Report [PDF] Assurance Activity [PDF]

Administrative Guide [PDF]

Please note:  The above files are for the Original Evaluated TOE.  Consequently, they do not refer to this maintained version, although they apply to the maintained version. 

Security Target [PDF] * Assurance Continuity Maintenance Report [PDF] Administrative Guide [PDF]

Please note:  This serves as an addendum to the VR for the Original Evaluated TOE. 

* This is the Security Target (ST) associated with this latest Maintenance Release.  To view previous STs for this TOE, click here.

Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product.  Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate.  Such assurance can only be gained through re-evaluation. 

Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary.  A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target.  Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents. 

Product Description

For this Assurance Continuity, the change consists of making the following software version updates:

·       From: McAfee Network Security Platform (NSM Linux Appliance v10.1.19.17 and NS Sensor Appliances v10.1.17.15)

·       To: McAfee Network Security Platform (NSM Linux appliance v10.1.19.47 and NS Sensor appliances v10.1.17.63)

The following table lists the TOE software changes:

Change/Update

Analysis

Impact

Support for the 2-port 100/40 Gigabit SR MTP/MPO PFO interface module

The interface modules were not explicitly identified during the original validation. Changes to these do not affect the claimed security.

No impact to certified TOE.

Dual NIC Support in Linux based Manager

The number of supported NICs was not explicitly identified during the original validation. Changes to

these will not affect the claimed security.

No impact to certified TOE.

Configuring Private Cloud for Global Threat Intelligence integration

Threat Intelligence integration was not part of the original validation and does not change any of the security claims.

No impact to certified TOE.

Jumbo frame parsing for malware analysis

Enhancing frame parsing does not invalidate the original IPS testing and does not change the security

claims.

No impact to certified TOE.

Packet capture through Sensor CLI in NS5x00, NS3500, and

NS3x00 series Sensors

Packet capturing was not part of the original validation and does not change any of the security

claims.

No impact to certified TOE.

Assignment of GUID for the MDR Pair

Redundancy was not part of the original validation and does not change any of the security claims.

No impact to certified TOE.

Synchronization of GUI certificate in an MDR pair

Redundancy was not part of the original validation

and does not change any of the security claims.

No impact to certified TOE.

Account lockout enhancements

This new feature does provide another interface to a feature provided by the product previously. The original testing can still be accomplished in the same manner as previously tested.

Impact to ST. This applies to a new interface. However, the new interface is not allowed to be used

in the evaluated configuration.

Users with Account Locked enabled

This is a usability feature (adding an “X”) that does

not affect the security claimed as part of the original

validation.

No impact to certified TOE.

Generate CSR enhancements

This enhancement adds to the allowed CSR fields. None of the fields available for CSR generation were removed as part of the update. This does not affect

the original security claims.

No impact to certified TOE.

Support to view McAfee Endpoint Security events

Endpoint security was not included in the original validation. This does not affect the original security

claims.

No impact to certified TOE.

View outbound SSL traffic statistics for specific NS-series Sensor models

SSL analysis was not included as part of the original validation. This does not affect the original security claims.

No impact to certified TOE.

Offline utility for signature set download

This feature does not affect the evaluated method for obtaining IPS signatures and does not affect the

original security claims.

No impact to certified TOE.

Subscription based capacity license

Licensing is not part of the original validation.

No impact to certified TOE.

Upgrade an already upgraded capacity license

Licensing is not part of the original validation.

No impact to certified TOE.

Support automatic import of Solr data

Solr indexing was not part of the original validation.

No impact to certified TOE.

Display CVE ID in Attack Log grid

This is a usability feature that does not affect the security claimed as part of the original validation.

No impact to certified TOE.

Configuration of E-mail Server listening port

Email notifications were not part of the original

validation.

No impact to certified TOE.

Email notifications for expiring passwords

Email notifications were not part of the original validation.

No impact to certified TOE.

Allow for longer domain names when setting up notifications

This is a usability feature that does not affect the security claimed as part of the original validation.

No impact to certified TOE.

Show power supply status

This is a usability feature that does not affect the

security claimed as part of the original validation.

No impact to certified TOE.

Display serial number

This is a usability feature that does not affect the security claimed as part of the original validation.

No impact to certified TOE.

Layer 2 Assert and Deassert modes

The is additional configuration for modes not

evaluated as part of the original validation.

No impact to certified TOE.

Layer 2 mode on drops at Switch/NIC ports

This is an availability feature that does not affect the security claimed as part of the original validation.

No impact to certified TOE.

Malware inspection on HTTP Upload requests

Anti-virus is not part of the original validation.

No impact to certified TOE.

Migration from MaxMind to Digital Envoy for IP address to

Geolocation Mapping

Geolocation is not part of the original validation.

No impact to certified TOE.

Display of SHA1 and SHA256 file hashes in the Attack Log

This is a usability feature that does not affect the

security claimed as part of the original validation.

No impact to certified TOE.

Network security posture score through MVISION Insights

integration

This analysis was not included in the original validation.

No impact to certified TOE.

Provision of 30 days grace period to expired System licenses

Licensing is not part of the original validation.

No impact to certified TOE.

Manager GUI accessibility improvement

This is a usability feature that does not affect the

security claimed as part of the original validation.

No impact to certified TOE.

Upgrade of Baseboard Management Controller (BMC)

Anti-virus was not part of the original validation.

No impact to certified TOE.

Update of avvdat signatures:

Anti-virus was not part of the original validation.

No impact to certified TOE.

Exclusion of directories from system anti-virus scan

Anti-virus was not part of the original validation.

No impact to certified TOE.

Default value of Layer 7 data collection

This analysis was not included in the original validation.

No impact to certified TOE.

Show malwaredcapstats

This is a usability feature that does not affect the security claimed as part of the original validation.

No impact to certified TOE.

Bug related updates

Bug related updates do not affect the security claims of the original validation (This includes OpenSSL 1.0.2za and earlier patch to address multiple CVEs).

All CVEs have been addressed.

 

In summary, with one exception, the TOE version updates include changes/updates to the TOE software related to performance and other product features that are either not relevant to the original evaluation or otherwise do not affect original security claims.  The single exception is an updated feature that adds an interface, which is now listed as an excluded functionality in the updated ST.  Bug related updates were performed to address identified CVEs, including those related to OpenSSL, and all have been patched in the updated TOE software.  There are no listed hardware changes. 

Vendor Information


Trellix
Mark Hanson
1-800-937-2237
Mark.Hanson@Trellix.com

https://www.trellix.com
Site Map              Contact Us              Home