Check Point Endpoint Security Media Encryption is a workstation security software product that provides centrally managed control of workstation device interfaces. The product can be configured to prevent use of unauthorized devices, and to block introduction of executable code via workstation device ports. A removable media device encryption capability complements device access control, ensuring that only authorized users can access media contents.
\r\nThe Target of Evaluation includes Endpoint Security Media Encryption Server software used to manage Endpoint Security Media Encryption endpoints. Administrators can publish flexible device access policies and review detailed audit logs of endpoint workstation device access events.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Check Point Endpoint Security Media Encryption TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 augmented with ALC_FLR.3 family of assurance requirements. The product, when configured as specified in the Check Point Endpoint Security Media Encryption CC Evaluated Configuration Administrator’s Guide, Check Point Endpoint Security Media Encryption Administration Guide, and Endpoint Security Media Encryption User’s Guide satisfies all of the security functional requirements stated in the Check Point Endpoint Security Media Encryption Security Target, Version 1.0, June 23, 2010. Two Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in June 2010. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID10231-2010, dated 16 July 2010.
","environmental_strengths":"Check Point Endpoint Security Media Encryption TOE is a commercial product whose users require a moderate to high level of independently assured security. The TOE is targeted at a relatively benign server environment with good physical access security and competent administrators and also at a client environment where the client users are willing subjects who benefit from the security offered by the TOE and would not actively attempt to circumvent or hamper the security functions provided by the TOE. Within such environments it is assumed that attackers will have little attack potential or motivation. Check Point Endpoint Security Media Encryption supports the following six security functions:
\r\n\r\n
Security Audit: The TOE generates audit events for security relevant events that occur relative to the ME client. The client can be configured to ignore auditable events, log auditable events, or immediately report auditable events. Events, other than ignored events, are recorded within an audit log stored in a database implemented within the TOE and delivered to the associated Endpoint Security Media Encryption Server at a configured internal. Immediate events are reported to the associated server as soon as possible. Email alerts can be generated by the server for administrator-defined event types.
\r\nCryptographic Support: The TOE, both the server and client, contains an instance of a FIPS 140-2 Level 1 evaluated cryptographic module, FIPS 140-2 certificate #784. The cryptographic module performs symmetric key encryption and decryption of removable media data and is used to digitally sign the contents of removable media. The cryptographic module is operated in FIPS mode according to its FIPS security policy.
\r\nIdentification and Authentication: The TOE identifies each TOE user and administrator, relying on the IT environment to perform user authentication. In addition, the TOE identifies the user’s client computer. The combination of user and computer identification is used to select the user’s device access control profile.
\r\nSecurity Management: The TOE provides interfaces that users can use to manage the configuration of the TOE security policies. Policies are configured on the TOE server and then distributed to the associated TOE clients for enforcement. Note that the TOE enforces management permission restrictions based on user identity and group associations established by the IT environment.
\r\nProtection of the TSF: The TOE client works with its host operating system to actively protect its own files and registry keys. It does this by filtering access to its own files and registry keys within the kernel of the operating system. Whenever an attempt is made to delete or modify any of the files or registry keys known to be associated with the TOE, the TOE will block that attempt. However, the TOE is dependent on the IT environment (operating system) to not provide unfiltered access to those files or registry keys.
","features":[]}