{"product_id":10070,"v_id":10070,"product_name":"webMethods Fabric 6.5 ","certification_status":"Not Certified","certification_date":"2005-12-23T00:12:00Z","tech_type":"Miscellaneous","vendor_id":{"name":"WebMethods, Inc.","website":"http://www.webmethods.com"},"vendor_poc":"Jeremy Epstein","vendor_phone":"703.460.5852","vendor_email":"jeremy.epstein@webmethods.com","assigned_lab":{"cctl_name":"CygnaCom Solutions, Inc"},"product_description":"<p>The TOE is webMethods Fabric 6.5, a software product that facilitates the secure exchange of data and logic among resources and supports the development and management of complex business processes through browser or web-enabled interfaces.</p>\r\n<p>The TOE consists of two primary components:</p>\r\n<ul type=\"disc\">\r\n    <li>&ldquo;Integration Server&rdquo; &ndash; enables access control over the integration logic through the integrated applications; </li>\r\n    <li>&ldquo;Broker&rdquo; &ndash; a high-speed message router which enables access control over asynchronous messaging. </li>\r\n</ul>\r\n<p>And two secondary components:</p>\r\n<ul type=\"disc\">\r\n    <li>&ldquo;Host Adapters&rdquo; &ndash; zero or more special modules that link back-end resources with the Integration Server; </li>\r\n    <li>&ldquo;Developer&rdquo; &ndash; a graphical Integrated Development Environment (IDE) tool used by administrators to build, edit and test integration logic. </li>\r\n</ul>","evaluation_configuration":null,"security_evaluation_summary":"<p>The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. webMethods Fabric 6.5 was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL2. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in December 2005.</p>","environmental_strengths":"<p>The TOE provides the following security services: <br />\r\n</p>\r\n<ul>\r\n    <li><strong>Access Control </strong>Policy &ndash; the TOE enforces a discretionary information flow control policy to control access to services and documents based on users and groups. </li>\r\n    <li><strong>Identification and Authentication</strong> &ndash; the TOE allows only users who have been successfully identified and authenticated (authorized administrators) to access security-relevant functionality, including viewing audit records. </li>\r\n    <li><strong>Security Management</strong> &ndash; the TOE supports an administrative role to perform security management, including the management of interaction between TOE components and control of service configuration and development. </li>\r\n    <li><strong>Self Protection &ndash; </strong>the TOE ensures that all information must flow through policy enforcement mechanisms and protects its programs and data from unauthorized access through its own interfaces. </li>\r\n    <li><strong>Security Audit</strong> &ndash; the TOE generates audit information for security-relevant events and enables authorized administrators to view the audit records. </li>\r\n</ul>","features":[]}