NIAP: Assurance Continuity
  NIAP  »»  Product Compliant List  »»  Product Entry  »»  Assurance Continuity  
Assurance Continuity - SailPoint IdentityIQ Version 7.2p2

Date of Maintenance Completion:  2018.10.02

Product Type:    Enterprise Security Management

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Enterprise Security Management - Identity and Credential Management Version 2.1

Original Evaluated TOE:  2015.10.02 - SailPoint IdentityIQ version 6.4

CC Certificate [PDF] Validation Report [PDF] Assurance Activity [PDF]

Administrative Guide [PDF]

Please note:  The above files are for the Original Evaluated TOE.  Consequently, they do not refer to this maintained version, although they apply to the maintained version. 

Security Target [PDF] * Assurance Continuity Maintenance Report [PDF] Administrative Guide [PDF]

Please note:  This serves as an addendum to the VR for the Original Evaluated TOE. 

* This is the Security Target (ST) associated with this latest Maintenance Release.  To view previous STs for this TOE, click here.

Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product.  Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate.  Such assurance can only be gained through re-evaluation. 

Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary.  A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target.  Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents. 

Product Description

Changes to TOE:

  • Software changes to the TOE involve updating the SailPoint IdentityIQ from version 7.1 to version 7.2p2 to accommodate new features and bug fixes outlined below.
  • 36 new features were added to the TOE including features related to the TOE’s use on mobile devices which is not part of the evaluated configuration, graphical interface, developer interface, efficiency, performance, plugin support, and optional configurations and features not installed or required in the evaluated configuration, and therefore, not relevant to the security functionality of the evaluated TOE.  Overall, it has been determined that the new features added have “no impact” to the evaluation.
  • Several bugs were fixed to resolve issues with performance, diagnostics, and stability.  Overall, it has been determined that the bug fixes have “no impact” to the evaluation.
  • Vulnerability keyword searches either did not return any results or results were not applicable to the TOE.

Changes to the Operational Environment:

  • IdentityIQ no longer supports the use of Microsoft Windows Server 2012, but now supports Microsoft Windows Server 2012 R2
  • IdentityIQ no longer supports the use of Apache Tomcat version 7 application server, but now supports Apache Tomcat v8.5.32
  • IdentityIQ no longer supports the use of Oracle database 11g, but now supports Oracle Database 12c
  • IdentityIQ no longer supports the use of Oracle JDK 6, but now supports Oracle JDK 8

Because these changes were not significant, it was determined that they imposed “minor impact” to the overall evaluation.  Regression testing, outlined below, was conducted by the vendor using these updated versions of the software in the Operational Environment, and it was determined that the results were consistent with the previously validated TOE.


Regression Testing:

Regression testing was performed on SailPoint IdentityIQ version 7.2p2 (Changed TOE) and determined that the behavior of the TSF remained consistent with the testing during the original evaluation. This consistency confirms that the new features and bug fixes had no effect on any security-related functionality of the TOE.

Vendor Information

SailPoint Technologies, Inc.
Rick Weinberg
Site Map              Contact Us              Home