The Target of Evaluation (TOE) is the Secutor Systems Inc. Data Vault X4 v1.0 (hereafter Data Vault X4). The Data Vault X4 provides a dual secure computer with multi-domain, multi-network and multi-tasking capabilities for processing data having different sensitivities simultaneously. As such, the TOE provides two completely isolated security domains where no information is shared or crossed between the domains.
\r\nThe Data Vault X4 provides hardware-based access control mechanisms and smart card access control. When describing two-domain configurations, one is called the UNSECURE domain and the other is called the SECURE domain. The domains share no common components with the exception of the keyboard; mouse; case with power supply; and keyboard and mouse (K&M) switch. All information, such as user data, applications, and operating system that resides on the hard drive in one domain is separate from the other domain. Thus, each domain could have a different operating system. This configuration assures that no data can flow from one domain to the other.
\r\nThe Data Vault X4 relies upon the IT Environment to authenticate users via a smart card before access to the SECURE domain is allowed.
\r\nThree roles are associated with the TOE: Key Administrator; Trusted User; and User. Central to each role is the control/possession of one or more of three physical keys labeled #1, #2, and #3. The keys are unique to each Data Vault X4.
\r\nTwo locked panels (front and back) protect the TOE from unauthorized access. Key #1 is used to unlock these panels. Inside of the front panel is an on/off switch that is used to activate the system. Key #2 is required for the on/off switch. Key #2 can also be used for a lock inside of the back panel used to activate or deactivate a case-open alarm that, when activated, will sound when the top of the Data Vault X4 case is removed. Key #3 can be used for a lock inside of the front panel that is used to remove the hard drive in the SECURE domain.
\r\nThe Key Administrator is a person who controls key #1, key #2, and key #3. In addition, the Key Administrator controls a smart card (not a TOE component) that plays a role when a person attempts to access the SECURE domain. The Key Administrator retains key #1 at all times, but might provide another person with key #2, key #3, or the smart card. If only key #2 is provided to another person, that person attains the User role. If key #2 and the smart card are provided to another person, that person attains the Trusted User role. Key #3 would only be provided to a Trusted User.
\r\nThe Key Administrator could retain all of the keys and the smart card and have access to all of the functionality of the Data Vault X4.
\r\nBefore anyone can use the Data Vault X4, the Key Administrator must open the front locked panel using key #1. Key #2 can then be used by a User or Trusted User to turn on the system (both domains boot at the same time), with access to the UNSECURE domain resulting. Since a User would not possess a smart card, a User can only access the UNSECURE domain.
\r\nTo access the SECURE domain, a Trusted User (while in the UNSECURE domain) inserts the smart card into the smart card reader located on the front of the TOE and switches to the SECURE domain (e.g., by using the domain selector switch mounted the front of the TOE). The SECURE domain monitor is inactive except for a GUI that requests the PIN associated with the smart card. After PIN entry, if the smart card identification and authentication is correct, access to the SECURE domain is granted. The Trusted User can then switch between domains (e.g., using the domain selector switch), both of which remain active but separate from each other.
\r\nThe following security functions are provided by the Data Vault X4:
\r\nUser Data Protection is enforced via complete information flow control between security domains, where each domain (SECURE and UNSECURE) provides separate isolated hardware and software. The TOE allows data to be copied from the UNSECURE domain (floppy or CD-ROM), then transferred to the SECURE domain, but not vice versa, since the “Write” function feature of the floppy disk and CD-ROM is disabled on the SECURE domain.
\r\nMandatory Access Control and Identification and Authentication is enforced by requiring users to be successfully identified prior to gaining access to the TOE and its functions (e.g., possession of key #2 to power on the Data Vault X4 in order to access the UNSECURE domain). To further access the SECURE domain, the Trusted User or Key Administrator needs a smart card for identification and authentication.
\r\nSecurity management is enforced by requiring roles (Key Administrator; Trusted User; User) before access to the TOE is granted.
\r\nProtection of the TSF is enforced since access to the domains is via the keys and smart card the user possess. The TSF also controls the information that can flow between domains.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with established practices of the Common Criteria Evaluation and Validation Scheme (CCEVS).
\r\nThe Common Criteria for Information Technology Security Evaluation Version 2.2 [CCV2.2] and the Common Methodology for Information Technology Security Evaluation Version 2.2 Revision 256 [CEMV2.2], were used for the evaluation of the Data Vault X4. The Science Application International Corporation (SAIC) evaluation team determined that (a) the Security Target is [CCV2.2] conformant; (b) the TOE is [CCV2.2] Part 2 and Part 3 conformant; and (c) recommended that an EAL4 certificate be issued for the Data Vault X4 v1.0.
\r\n\r\nA CCEVS Validator monitored the evaluation carried out by SAIC. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, Secutor Systems, Inc. Data Vault X4 V1.0, EAL4, Version 1.0, CCEVS-VR-05-0118, September 23, 2005.","environmental_strengths":"
The Data Vault X4 is a commercial network product that provides User Data Protection; Mandatory Access Control and Identification and Authentication; Security Management; and Protection of the TSF. The product provides a level of protection that is appropriate for IT environments that require controlled access to the TOE, and where the TOE is appropriately protected from physical attacks.
","features":[]}