The Desktop/Mobile Management (DMM) and Server Change Management (SCM) products are software change management packages produced by BMC Software, Inc., 440 Clyde Ave., Mt. View, CA 94043, herein called simply DMM/SCM. The SCM software is designed for use with groups of servers, while the DMM software is designed for use with groups of desktop machines. Both products rely primarily on a pair of applications called the Tuner and the Transmitter, which serves channels (applications or files) over a network.
\r\nThe majority of software components are identical between the DMM and SCM products and include the following security-relevant applications that comprise the TOE: Marimba Infrastructure 6.0.2.1, Marimba Policy Manager 6.0.2, and Marimba Deployment Manager 6.0.2.
\r\nThe DMM/SCM allows administrators to perform change management of software packages across an enterprise. For example, they can package applications and application updates to automate their distribution. DMM/SCM also allows administrators to perform OS migration and perform hardware and software inventories of connected machines.
\r\nDMM/SCM products are capable of managing these packages from a single location in a heterogeneous environment, including Windows and Solaris platforms.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the Marimba TOE meets the security requirements contained in the Security Target - Marimba Desktop/Mobile Management and Server Change Management Security Target, Version 2.0, 26 May 2005.
\r\nThe criteria against which the Marimba TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the Marimba TOE is EAL 3. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.
\r\nA Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in March 2005. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.
","environmental_strengths":"The Marimba TOE provides security audit, user data protection, identification and authentication, and security management features as they relate to the distribution and management of enterprise applications.
\r\nSecurity Audit: DMM/SCM audits the actions that occur on the Transmitter. The log files contain information about events such as starting the Transmitter and modifying access control attributes associated to channels, as well as any problems associated with those events.
\r\nUser Data Protection: DMM/SCM access privileges for the user, hence, access to the various channels and other named objects are controlled by the combination of user and group identification and the access control attributes associated to the named objects.
\r\nIdentification and Authentication: The DMM/SCM requires users to be identified and authenticated before they can access the TOE and the TOE security-relevant data.
\r\nSecurity Management: The TOE provides a number of interfaces to manage the configuration and implementation of the policy enforced by the TOE. Security management includes managing the following items: access control of channels and configuring termination of inactive sessions. ","features":[]}