NIAP: Assurance Continuity
  NIAP  »»  Product Compliant List  »»  Product Entry  »»  Assurance Continuity  
Assurance Continuity - BeyondTrust PowerBroker UNIX® + Linux® Edition V10.0

Date of Maintenance Completion:  2018.07.27

Product Type:    Network Access Control
   Network Management
   Enterprise Security Management

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Enterprise Security Management-Access Control Version 2.1
  Protection Profile for Enterprise Security Management - Policy Management Version 2.1

Original Evaluated TOE:  2016.08.30 - BeyondTrust PowerBroker ® UNIX® + Linux® Edition V9.1

CC Certificate [PDF] Validation Report [PDF] Assurance Activity [PDF]

Administrative Guide [PDF]

Please note:  The above files are for the Original Evaluated TOE.  Consequently, they do not refer to this maintained version, although they apply to the maintained version. 

Security Target [PDF] * Assurance Continuity Maintenance Report [PDF] Administrative Guide [PDF]

Please note:  This serves as an addendum to the VR for the Original Evaluated TOE. 

* This is the Security Target (ST) associated with this latest Maintenance Release.  To view previous STs for this TOE, click here.

Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product.  Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate.  Such assurance can only be gained through re-evaluation. 

Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary.  A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target.  Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents. 

Product Description

The BeyondTrust PowerBroker ® UNIX® + Linux® Edition software was updated from version v9.1 to version v10.0. The software updates included new non-security relevant features and bug fixes. The software updates include:

·         Advanced Control & Audit (ACA) – optional policy configuration

·         Solr Host - optional component used for IOlog Indexing

·         PowerBroker Management Console - A free utility provided by BeyondTrust

·         File Integrity Monitoring -  an optional component

·         Registry Name Services - an optional component for people not want to use DNS

·         Sudo Client - Separately sold and licensed product

·         Advanced Keystroke Actions - Separately sold and licensed product

None of these software components are required for the evaluated configuration, and none were included in the original evaluation or the IAR.

Three updates have been identified as affecting the TOE from the previous evaluation. These are minor changes that do not affect any of the SFRs or claimed security functionality. The Security Target and the CC Guidance have been updated to reflect these changes as appropriate. These updates were changes to:

·         Centralized Licensing - this update resulted in the TOE version changing from v9.x to v10.0 

·         Installation default file location - on a new install, the default policy directory is changed from /etc to /opt/pbul/policies

·         PowerBroker for Unix & Linux GUI - the GUI is now available as a separate download from the BeyondTrust customer portal.  The PowerBroker for Unix & Linux GUI (pbguid) provides all the functionality identified in the ST; the only difference is the download method 

The table below summarizes the product updates by version. These changes are not considered to be security relevant and do not affect any of the claimed security functionality or affect any of the SFRs identified in the ST.

Product Updates by Version

Significant Example Updates


·   Splunk Integration


·   Centralized licensing database with component based licensing options

·   Integration with PowerBroker Management Console (PBSMC) V6


·   File Integrity Monitoring Updates


·   Client-based REST Services


·   Advanced Keystroke Action

·   Role-based policy improvements


·   PowerBroker for Unix & Linux GUI is now available as a separate download from the BeyondTrust customer portal

·   Advanced Control & Audit (ACA) enhancements

·   File Integrity Monitoring (FIM) enhancements

9.4.1-03 (replacing 9.4.0-18)

·   ACA enhancement


·   File Integrity Monitoring (FIM)

·   Registry Name Service is a service

·   Database Synchronization


·   New keyword (randomizelogservers) added


·   Support for DNS names longer than 63 characters

Bug fixes are identified in the IAR for all the version listed in the table above. The assessment of the all the bug fixes has been classified as “minor”. The assessment specifies that either 1) the bug fixes do not affect any of the SFRs or claimed security functionality, 2) none of the audit records identified in the ST are affected by the enhancement, or 3) the software component was not included in the evaluated configuration.

Vendor Information

BeyondTrust Software, Inc.
Rod Simmons
Site Map              Contact Us              Home