NIAP: Assurance Continuity

NIAP

»»

Product Compliant List

»»

Product Entry

»»

Assurance Continuity

Assurance Continuity - McAfee Network Security Platform (NSM Linux Appliance v10.1.19.17 and NS Sensor Appliances v10.1.17.15) Update to (NSM Linux Appliance v10.1.19.47 and NS Sensor Appliances v10.1.17.63)

Date of Maintenance Completion: 2022.07.20

Product Type: Network Device

Conformance Claim: Protection Profile Compliant

PP Identifier: collaborative Protection Profile for Network Devices Version 2.1
Extended Package for Intrusion Prevention Systems Version 2.11

Original Evaluated TOE: 2020.11.09 - McAfee Network Security Platform (NSM Linux Appliance v10.1.19.17 and NS Sensor Appliances v10.1.17.15)

CC Certificate [PDF]

Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Please note: The above files are for the Original Evaluated TOE. Consequently, they do not refer to this maintained version, although they apply to the maintained version.

Security Target [PDF]

* Assurance Continuity Maintenance Report [PDF]

Administrative Guide [PDF]

Please note: This serves as an addendum to the VR for the Original Evaluated TOE.

* This is the Security Target (ST) associated with this latest Maintenance Release. To view previous STs for this TOE, click here.

Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product. Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate. Such assurance can only be gained through re-evaluation.

Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary. A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target. Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents.

Product Description

For this Assurance Continuity, the change consists of making the following software version updates:

· From: McAfee Network Security Platform (NSM Linux Appliance v10.1.19.17 and NS Sensor Appliances v10.1.17.15)

· To: McAfee Network Security Platform (NSM Linux appliance v10.1.19.47 and NS Sensor appliances v10.1.17.63)

The following table lists the TOE software changes:

Change/Update	Analysis	Impact
Support for the 2-port 100/40 Gigabit SR MTP/MPO PFO interface module	The interface modules were not explicitly identified during the original validation. Changes to these do not affect the claimed security.	No impact to certified TOE.
Dual NIC Support in Linux based Manager	The number of supported NICs was not explicitly identified during the original validation. Changes to these will not affect the claimed security.	No impact to certified TOE.
Configuring Private Cloud for Global Threat Intelligence integration	Threat Intelligence integration was not part of the original validation and does not change any of the security claims.	No impact to certified TOE.
Jumbo frame parsing for malware analysis	Enhancing frame parsing does not invalidate the original IPS testing and does not change the security claims.	No impact to certified TOE.
Packet capture through Sensor CLI in NS5x00, NS3500, and NS3x00 series Sensors	Packet capturing was not part of the original validation and does not change any of the security claims.	No impact to certified TOE.
Assignment of GUID for the MDR Pair	Redundancy was not part of the original validation and does not change any of the security claims.	No impact to certified TOE.
Synchronization of GUI certificate in an MDR pair	Redundancy was not part of the original validation and does not change any of the security claims.	No impact to certified TOE.
Account lockout enhancements	This new feature does provide another interface to a feature provided by the product previously. The original testing can still be accomplished in the same manner as previously tested.	Impact to ST. This applies to a new interface. However, the new interface is not allowed to be used in the evaluated configuration.
Users with Account Locked enabled	This is a usability feature (adding an “X”) that does not affect the security claimed as part of the original validation.	No impact to certified TOE.
Generate CSR enhancements	This enhancement adds to the allowed CSR fields. None of the fields available for CSR generation were removed as part of the update. This does not affect the original security claims.	No impact to certified TOE.
Support to view McAfee Endpoint Security events	Endpoint security was not included in the original validation. This does not affect the original security claims.	No impact to certified TOE.
View outbound SSL traffic statistics for specific NS-series Sensor models	SSL analysis was not included as part of the original validation. This does not affect the original security claims.	No impact to certified TOE.
Offline utility for signature set download	This feature does not affect the evaluated method for obtaining IPS signatures and does not affect the original security claims.	No impact to certified TOE.
Subscription based capacity license	Licensing is not part of the original validation.	No impact to certified TOE.
Upgrade an already upgraded capacity license	Licensing is not part of the original validation.	No impact to certified TOE.
Support automatic import of Solr data	Solr indexing was not part of the original validation.	No impact to certified TOE.
Display CVE ID in Attack Log grid	This is a usability feature that does not affect the security claimed as part of the original validation.	No impact to certified TOE.
Configuration of E-mail Server listening port	Email notifications were not part of the original validation.	No impact to certified TOE.
Email notifications for expiring passwords	Email notifications were not part of the original validation.	No impact to certified TOE.
Allow for longer domain names when setting up notifications	This is a usability feature that does not affect the security claimed as part of the original validation.	No impact to certified TOE.
Show power supply status	This is a usability feature that does not affect the security claimed as part of the original validation.	No impact to certified TOE.
Display serial number	This is a usability feature that does not affect the security claimed as part of the original validation.	No impact to certified TOE.
Layer 2 Assert and Deassert modes	The is additional configuration for modes not evaluated as part of the original validation.	No impact to certified TOE.
Layer 2 mode on drops at Switch/NIC ports	This is an availability feature that does not affect the security claimed as part of the original validation.	No impact to certified TOE.
Malware inspection on HTTP Upload requests	Anti-virus is not part of the original validation.	No impact to certified TOE.
Migration from MaxMind to Digital Envoy for IP address to Geolocation Mapping	Geolocation is not part of the original validation.	No impact to certified TOE.
Display of SHA1 and SHA256 file hashes in the Attack Log	This is a usability feature that does not affect the security claimed as part of the original validation.	No impact to certified TOE.
Network security posture score through MVISION Insights integration	This analysis was not included in the original validation.	No impact to certified TOE.
Provision of 30 days grace period to expired System licenses	Licensing is not part of the original validation.	No impact to certified TOE.
Manager GUI accessibility improvement	This is a usability feature that does not affect the security claimed as part of the original validation.	No impact to certified TOE.
Upgrade of Baseboard Management Controller (BMC)	Anti-virus was not part of the original validation.	No impact to certified TOE.
Update of avvdat signatures:	Anti-virus was not part of the original validation.	No impact to certified TOE.
Exclusion of directories from system anti-virus scan	Anti-virus was not part of the original validation.	No impact to certified TOE.
Default value of Layer 7 data collection	This analysis was not included in the original validation.	No impact to certified TOE.
Show malwaredcapstats	This is a usability feature that does not affect the security claimed as part of the original validation.	No impact to certified TOE.
Bug related updates	Bug related updates do not affect the security claims of the original validation (This includes OpenSSL 1.0.2za and earlier patch to address multiple CVEs).	All CVEs have been addressed.

In summary, with one exception, the TOE version updates include changes/updates to the TOE software related to performance and other product features that are either not relevant to the original evaluation or otherwise do not affect original security claims. The single exception is an updated feature that adds an interface, which is now listed as an excluded functionality in the updated ST. Bug related updates were performed to address identified CVEs, including those related to OpenSSL, and all have been patched in the updated TOE software. There are no listed hardware changes.

Vendor Information

Trellix
Mark Hanson
1-800-937-2237
Mark.Hanson@Trellix.com

https://www.trellix.com

Site Map Contact Us Home