MetaMatrix Enterprise Release 5.5.3 (MetaMatrix) is an enterprise information integration (EII) system. EII is based on the premise that enterprises have a variety of information sources and information types, distributed geographically, and owned by different parts of the enterprise. A basic tenet of EII is that information should be capable of integration regardless of its native physical storage characteristics.
\r\nMetaMatrix manages and describes information that is spread across disparate enterprise information systems. Using MetaMatrix these enterprise information systems can be integrated into a single, complete data access solution. It provides a way to define the characteristics of information and how information is related, and manage this “data about data”, or “Metadata”. MetaMatrix users can issue queries to any data source, process and integrate the results derived from multiple sources.
\r\nMetaMatrix protects the distributed data and Metadata through an access control policy, user identification and authentication, role-based management functions and auditing of security relevant events.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. MetaMatrix Enterprise Release 5.5.3 software was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 R2. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL2 extended. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in July 2009.
","environmental_strengths":"The following security functions are in the scope of the evaluation:
\r\n\r\n
· Security audit
\r\nMetaMatrix’s auditing capabilities include recording information about system processing and users’ access to the TOE. Subject identity (user login name) and outcome are recorded for each event audited. The audit records generated by MetaMatrix are protected by the TSF working in conjunction with the protection mechanisms of the IT Environment.
\r\n\r\n
· User data protection
\r\nMetaMatrix provides its own access control separate from the IT Environment between subjects and objects covered by the MetaMatrix Access Control SFP. MetaMatrix provides facilities to define and manage permissions to control a user’s access to both Data from the EISs and Metadata stored in the MMR.
\r\n\r\n
· Identification and authentication
\r\nEach user must be successfully identified and authenticated with a username and password by the TSF or by an authentication service invoked by the TSF before access is allowed to MetaMatrix. There are two ways that users can be authenticated to the MetaMatrix system in the evaluated configuration. The first is through username and password. The second is through authentication by a third-party Membership Domain Provider. The TSF maintains security attributes for each individual TOE user for the duration of the user’s login session.
\r\n\r\n
· Security management
\r\nMetaMatrix provides role-based security management functions through the use of the Console. Through the enforcement of the MetaMatrix Access Control SFP, the ability to manage various security attributes, system parameters and all TSF data is controlled and limited to those users who have been assigned the appropriate administrative role.
","features":[]}