{"product_id":10081,"v_id":10081,"product_name":"StillSecure VAM V5.5","certification_status":"Not Certified","certification_date":"2007-01-26T00:01:00Z","tech_type":"Network Management","vendor_id":{"name":"StillSecure, Inc.","website":"http://www.stillsecure.com"},"vendor_poc":"Federal Sales","vendor_phone":"(303)-381-3830","vendor_email":"sales@stillsecure.com","assigned_lab":{"cctl_name":"CygnaCom Solutions, Inc"},"product_description":"<p>StillSecure VAM is a vulnerability management platform that identifies, tracks, and manages the remediation of network security vulnerabilities. StillSecure VAM systematically and regularly scans for network security vulnerabilities. Automated scans run on a regular, customizable schedule. The vulnerabilities found during scans are tracked and managed by VAM&lsquo;s exclusive Vulnerability Repair Workflow. VAM logs all scanning and repair activities and delivers a range of detailed reports targeted at auditors, managers, and IT staff members. </p>","evaluation_configuration":null,"security_evaluation_summary":"<p>The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. The TOE, StillSecure VAM V5.5, was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL2. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation.&nbsp;The evaluation was completed in January 2007. </p>","environmental_strengths":"<p>StillSecure VAM provides the following security features:</p>\r\n<ul>\r\n    <li><strong>Security audit</strong> &mdash; StillSecure VAM provides its own internal auditing capabilities separate from those of the Operating System. StillSecure VAM provides the ability to search and view its own audit records. </li>\r\n    <li><strong>Identification and authentication</strong> &mdash; StillSecure VAM provides user identification and authentication through the use of user accounts and the enforcement of password policies. </li>\r\n    <li><strong>Security management</strong> - StillSecure VAM provides security management through the use of the User Console. The TOE provides multiple administrative roles (FMT_SMR.1). </li>\r\n    <li><strong>Partial protection of the TSF</strong> &mdash; StillSecure VAM partially protects its programs and data from unauthorized access through its own interfaces. </li>\r\n    <li><strong>Vulnerability System</strong> &mdash; The TOE provides several features that map, scan, manage remediation, and report on vulnerabilities of the devices on the target network.\r\n    <ul>\r\n        <li><strong>Map and Scan </strong>&mdash; Autodiscovery uses onboard scanners to map the network.&nbsp; (VUL_SDC_EXP.1) The TOE is able to find all devices on the target network using ICMP pings with port and service scanners. Once the network is mapped, the onboard scanners scan for vulnerabilities of the devices on the target network. </li>\r\n        <li><strong>Repair</strong> &mdash; Once the vulnerabilities have been mapped, the TOE provides a workflow process through its User Console to aid authorized users (FMT_SMR.1) in managing the patches and software updates that are necessary in correcting the found vulnerabilities. (FMT_MTD.1) </li>\r\n        <li><strong>Report</strong> &mdash; The TOE provides reporting functionality to aid the authorized users in managing the found vulnerabilities and workflow process (VUL_DRS_EXP.1) </li>\r\n    </ul>\r\n    </li>\r\n</ul>\r\n<!-- InstanceEndEditable -->","features":[]}