{"product_id":10124,"v_id":10124,"product_name":"Tripwire Manager version 4.6.1 and Tripwire for Servers version 4.6.1","certification_status":"Not Certified","certification_date":"2009-06-29T00:06:00Z","tech_type":"Sensitive Data Protection","vendor_id":{"name":"Tripwire, Inc.","website":"http://www.tripwire.com"},"vendor_poc":"Harold Metzger, Creative Services Manager","vendor_phone":"503.276.7572","vendor_email":"hmetzger@tripwire.com","assigned_lab":{"cctl_name":"Leidos Common Criteria Testing Laboratory"},"product_description":"

The TOE is a change audit assessment product that can assure the integrity of critical data on system(s) by monitoring file system object attributes for unauthorized or unexpected modification. The TOE accomplishes this by detecting the corrupted or altered files and reporting the occurrence to the system administrators, so corrective actions can be taken. The TOE can monitor the attributes of UNIX files, Windows files, and Windows Registry keys for unauthorized or unexpected modification.

\r\n

The TOE is designed to monitor servers in general. It can monitor servers that run on either Windows or several types of UNIX operating systems. The TOE does not interact with the server as a server but as a program running on an operating system. The TOE administrator configures the server objects to be monitored but the TOE does not provide general user services. The TOE is configured into the evaluated configuration as specified in the installation and user guides and the release notes.

","evaluation_configuration":null,"security_evaluation_summary":"

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Tripwire TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3 and International Interpretations effective on 30, September 2005. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.2. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 3 augmented with ALC_FLR.2. The product, when configured as specified in the release notes, installation guides and user guides, satisfies all of the security functional requirements stated in the Tripwire, Inc. Tripwire Manager, version 4.6.1 with Tripwire for Servers, version 4.6.1 Security Target. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in May 2009. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Tripwire Manager, version 4.6.1 with Tripwire for Servers, version 4.6.1 prepared by CCEVS.

\r\n

For this evaluation, it was appropriate for the Security Target to claim compliance with the external standards for the definition of the encryption algorithm. There are many ways of determining compliance with a standard. Tripwire Manager, version 4.6.1 with Tripwire for Servers, version 4.6.1 has chosen to make a developer claim of compliance. This means that there has been no independent verification (by either the evaluators or a third party standards body, such as a FIPS laboratory) that the implementation of the cryptographic algorithms actually meets the claimed standards. Potential users of this product should confirm that the cryptographic capabilities are suitable to meet the user's requirements.

","environmental_strengths":"

The Tripwire Manager with Tripwire for Servers is a commercial IT change audit assessment product that provides change audit assessment, audit, cryptographic support, security management, authentication and identification, and protection of the security functions features.

\r\n","features":[]}