Cisco Info Center (CIC) is an enterprise network and service level management (NMS-SLM) system that collects enterprise-wide event information from many different network data sources and presents a simplified view of this information to operators and administrators. Cisco Info Center tracks alert information in a database and presents information of interest to specifically identified and authenticated users through individually configurable filters and views. User activity can be accounted for and audited using the administration facilities provided by Cisco Info Center. Users can access the event information assigned to them from a client application or via a Java-enabled browser connecting to Cisco Webtop (an applet is available for greater functionality). Cisco Webtop is a web server application that processes network alert information and presents the data output to users so that they can monitor events in their CIC environment. The server publishes alert data from one or more Cisco Info Center datasources in real-time so that operatives can view pages that display this information in a web browser.
\r\nCaution: It should be noted that the evaluated configuration of the product only tested the use of Syslog, SNMPv1, SNMPv2c, & SNMPv3 for collecting raw data from monitored devices. The protocols that transmit data unencrypted are Syslog, SNMPv1, & SNMPv2c. The customer assumes the risk of using unencrypted protocols in an operational environment.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Arca Common Criteria Test Laboratory processes and procedures that are compliant with the Common Criteria Evaluation and Validation Scheme (CCEVS). The evaluation demonstrated that the Security Functionality of the evaluated CIC configuration (Identification and Authentication, Discretionary Access Control, Audit, Communication, Management, Replication, and Protection of TOE Function) met the security requirements contained in the Security Target. The criteria against which CIC was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3 Part II and Part III. The evaluation team conducted the evaluation using the Common Methodology for Information Technology Security Evaluation, Version 2.3.
\r\nArca CCTL concluded that the Common Criteria requirements for Evaluation Assurance Level (EAL) 2 have been met. The product, configured as outlined in the Secure Installation Guidance (Installation, Generation, and Start-Up Documentation), satisfies all of the security functional requirements stated in the Security Target. A Validation Team, on behalf of CCEVS, monitored the evaluation, which completed in July 2008. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP) CCEVS Validation Team.
","environmental_strengths":"The communication channels established between components of the product (ObjectServer and User Client, ObjectServer and Probes, and between ObjectServer and ObjectServer via use of Gateways), and channels established between Webtop and a remote web browser, are all protected using encryption. The encryption between all TOE components takes place entirely within the TOE software.
\r\nNote: The cryptography used in this product has not been FIPS certified nor has it been analyzed or tested to conform to cryptographic standards during this evaluation. All cryptography has only been asserted as tested by the vendor.
","features":[]}