Marimba Client Management from BMC Software and Marimba Server Management from BMC Software are a family of software change and configuration management products produced by BMC Software, Inc., herein called simply Client and Server Management. The Server Management software is designed for use with groups of servers, while the Client Management software is designed for use with groups of desktop machines. For the evaluated configuration, all these products must be installed and configured.
\r\nThe following security-relevant applications comprise the TOE: Marimba® Control Center by BMC Software 6.0.3 SP2, with SSL enabled, and Publisher and Channel Copier versions 4.6.2, Logging Service 5.0.1 and Policy Service 5.1; Marimba® Patch Management by BMC Software 6.5; Marimba® Content Management by BMC Software with Content Replicator 6.5; Marimba® Desktop/Mobile Application Management by BMC Software with Application Packager 6.5; Marimba® Server Application Management by BMC Software with Application Packager 6.5; Marimba® Desktop OS Management by BMC Software 6.0.3; and, Marimba® Server OS Management for Unix and Linux by BMC Software 6.0.3.
\r\nThe Client and Server Management products allow IT administrators to perform enterprise level change management for both packaged applications and file content, to distribute operating system patches, provision operating systems on ‘bare-metal’ systems (computer systems that have no operating system installed), track software usage characteristics and gather asset and inventory information for both software and hardware systems deployed in an enterprise. These product functions can be performed on both server and desktop systems, and on a variety of operating systems.
\r\nMarimba Client Management from BMC Software and Marimba Server Management from BMC Software operate on the Java Runtime Environment (JRE) version 1.3.1.10 or later.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the Marimba Client and Server Management TOE meets the security requirements contained in the Security Target - Marimba Client and Server Management from BMC Software Release 6.0.3 Security Target, version 2.3.0, 4 June 2007.
\r\nThe criteria against which the Marimba TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the Marimba Client and Server Management TOE is EAL 3. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target.
\r\nValidators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in May 2007. Results of the evaluation and associated validation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report.
","environmental_strengths":"The Marimba Client and Server Management TOE provides security audit, user data protection, identification and authentication, security management, and secure communication features as they relate to the distribution and management of enterprise applications.
\r\nSecurity Audit - Marimba Client and Server Management audits the actions that occur on the Transmitter. The log files contain information about events such as starting the Transmitter and modifying access control attributes associated to channels, as well as any problems associated with those events.
\r\nUser Data Protection - Marimba Client and Server Management access privileges for the user, hence, access to the various channels and other named objects are controlled by the combination of user and group identification and the access control attributes associated to the named objects.
\r\nIdentification and Authentication - The Marimba Client and Server Management requires users to be identified and authenticated before they can access the TOE and the TOE security-relevant data.
\r\nSecurity Management - The TOE provides a number of interfaces to manage the configuration and implementation of the policy enforced by the TOE. Security management includes managing the following items: access control of channels and configuring termination of inactive sessions.
\r\nSecure Communication - The TOE utilizes SSL to protect communications among its components and with users across otherwise insecure networks.
","features":[]}