The Target of Evaluation (TOE) is ImageNow v5.42 SP3 and WebNow v3.42
\r\nThe TOE is a document imaging, management and workflow solution based on a client/server architecture that provides a user the ability to scan, file, retrieve, print, fax or distribute electronic objects. Because the TOE can support widespread imaging within an entire network, it provides security auditing, thorough security management functionality, and secure data transfer when accessing stored images via WebNow or the ImageNow Client.
\r\nThe TOE offers users the flexibility of deployment options and configurations that allow choices for distributed document capture, indexing, storage and management capabilities. ImageNow can simultaneously manage scanning along with the importing of object data from multiple sources, such as fax servers, mail servers, or a network location.
\r\nThe TOE allows images to be indexed and tracked by 20 different data elements and six user-defined index values. An unlimited number of keywords can be assigned to a document, enabling the user to retrieve specific information. ImageNow also has a LearnMode to ‘learn’ the host application screen. From the host application screen, a user retrieves the desired transaction. The user presses the ImageNow icon from the windows system tray and ImageNow retrieves all associated documents linked to the current displayed transaction. The toolbars in ImageNow provide the user with the ability to annotate key points on the document without altering original integrity, distribute the document via print, fax, or e-mail, and view multiple documents that are linked to the current displayed document.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the ImageNow v5.42 SP3 and WebNow v3.42 TOE was judged is described in the Common Criteria for Information Technology Security Evaluation, Version 2.3, August 2005 and International Interpretations effective on 5 January 2006. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 2.3, August 2005. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 2 augmented with ALC_FLR.2 and AVA_MSU.1 family of assurance requirements. The product, when configured as specified in the Perceptive Software, Inc., ImageNow Installation Guide for ImageNow 5.42x and Perceptive Software, Inc., WebNow Installation Guide for WebNow 3.4, satisfies all of the security functional requirements stated in the Perceptive Software, Inc., ImageNow v5.42 SP3 and WebNow v3.42 Security Target, Version 1.0. One Validator on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in October 2006. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-06-0056, dated 10 January 2007) prepared by CCEVS.
","environmental_strengths":"The TOE is a document imaging, management and workflow solution based on a client/server architecture that provides a user the ability to scan, file, retrieve, print, fax or distribute electronic objects. Because the TOE can support widespread imaging within an entire network, it provides security auditing, thorough security management functionality, and secure data transfer when accessing stored images via WebNow or the ImageNow Client. ImageNow v5.42 SP3 and WebNow v3.42 TOE supports the following four security functions:
\r\nSecurity audit — ImageNow generates an audit record for audit mechanism start-up and shutdown events, as well as viewing, deleting, and re-indexing images. Each audit record includes the date and time of the event, type of event, subject identity, the IP and MAC addresses where the event occurred, and the outcome of the event. An Owner can review the audited records and can select the auditable events. In addition, ImageNow provides audit selection capabilities for reviewing audit data. The audit events are stored on the underlying operating system. The Information Technology (IT) environment provides a reliable timestamp for audit use and the protection of the audit records.
\r\nUser data protection — ImageNow enforces rules-based access control on users and groups. The Owner or Manager has the ability to grant access on the drawer objects that contain document pages.
\r\nIdentification and authentication —ImageNow maintains a list of security attributes for users and requires users to be authorized prior to granted access to protected functions as security attributes are associated to users. The TOE relies on the IT environment to authenticate users using user and password mechanisms provided by directory services.
\r\nSecurity management — ImageNow restricts the ability to manage user security policy rules. ImageNow provides the functions necessary for effective management of the security functions and all actions are accomplished on the Client with the exception of auditing, as that is accomplished via the ISA console.
\r\n","features":[]}