{"product_id":10507,"v_id":10507,"product_name":"MarkLogic Server Enterprise Edition 6.0-4","certification_status":"Not Certified","certification_date":"2013-12-19T00:12:00Z","tech_type":"DBMS","vendor_id":{"name":"MarkLogic Corporation","website":"http://www.marklogic.com"},"vendor_poc":"Danny Sokolsky","vendor_phone":"650-655-2352","vendor_email":"danny.sokolsky@marklogic.com","assigned_lab":{"cctl_name":"Leidos Common Criteria Testing Laboratory"},"product_description":"<p class=\"Body\">MarkLogic Server TOE is built with a blend of search engine and database architecture approaches specifically designed to index and retrieve XML content.&nbsp; The TOE&rsquo;s native data format is XML and XML is accepted in an &lsquo;as is&rsquo; form, while content in other formats can be converted to an XML representation or stored as is (in binary or text formats) when loaded into MarkLogic Server.&nbsp; As an XML database, MarkLogic Server manages its own content repository and is accessed using the W3C standard XQuery language, just as a relational database is a specialized server that manages its own repository and is accessed through Structured Query Language (SQL).</p>\r\n<p class=\"Body\">The TOE is fully transactional, runs in a distributed environment and can scale to terabytes of indexed content.&nbsp; It is schema independent and all loaded documents can be immediately queried without normalizing the data in advance.&nbsp; MarkLogic Server provides developers with the functionality and programmability, using XQuery as its query language, to build content-centric applications.&nbsp; Developers build applications using XQuery both to search the content and as a programming language in which to develop applications.&nbsp; It is possible to create entire applications using only MarkLogic Server, and programmed entirely in XQuery. Application can also be created using Java or other programming languages that access MarkLogic Server.</p>\r\n<p class=\"Body\">The security management functions of the TOE are performed via the Admin Interface, which is a web based browser GUI implemented as a MarkLogic Server web application.&nbsp; This interface allows authorized administrators to manage audit events, user accounts, access control and TOE sessions.&nbsp;</p>\r\n<p class=\"Body\">Authorized administrators can also perform security management functions programmatically using the XQuery functions included in&nbsp;&nbsp; XQuery library modules that are included with MarkLogic Server. The programmatic libraries that support security management are the Admin API, the Security API, and the PKI API.&nbsp; The Admin API enables the scripting of administrative tasks that would otherwise need the Admin Interface to perform, including TOE security management tasks (for example, management of TOE sessions, configuration of auditing, and so on).&nbsp; For example, you can write a program using the Admin API to create and configure App Servers, including setting the type of authentication that the App Servers use. Most functions in this library perform administrative tasks and therefore require the user who runs an XQuery program executing these functions to be an authorized administrator.&nbsp; The Security API provide functions for managing objects stored in the security database (users, roles, amps, and privileges). For example, you can use the Security API to create and modify users (including passwords), roles, amps, and privileges. The PKI API provides functions that manage private keys and other cryptographic management functions used with SSL/TLS (HTTPS) in FIPS mode.</p>\r\n<p class=\"Body\">Security management functions include the ability to control the creation, management, and configuration of databases, forests, servers, and hosts. Documents are stored in forests.&nbsp; The name forests comes from the fact that XML documents are tree structures and a collection of trees is a forest.&nbsp; One or more forests are gathered together to form a database.&nbsp; Databases are logical units against which you can assign HTTP and XDBC servers and set various runtime configuration options. A host is a single instance of MarkLogic Server running on a single machine.&nbsp; Databases exist as a logical abstraction because in a distributed environment it can be useful to have the same logical database spread across different hosts, perhaps one host with two forests and another with three.</p>","evaluation_configuration":null,"security_evaluation_summary":"<p class=\"Body\">The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the MarkLogic Server Enterprise Edition 6.0-4 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012.&nbsp; The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012.&nbsp; Leidos determined that the evaluation assurance level (EAL) for the product is EAL2 augmented with ALC_FLR.3 family of assurance requirements.&nbsp; The product, when configured as specified in the MarkLogic Server Installation Guide for All Platforms, MarkLogic Server Administrator&rsquo;s Guide, and MarkLogic Common Criteria Evaluated Configuration Guide satisfies all of the security functional requirements stated in the MarkLogic Server Enterprise Edition 6.0 Security Target, Version 1.0, December XX, 2013.&nbsp; Two Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by LEIDOS.&nbsp; The evaluation was completed in December 2013.&nbsp; Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID10507-2013, dated 16 December 2013.</p>","environmental_strengths":"<p class=\"Body\">Mark Logic Server Enterprise Edition, Version 6.0-4 provides a low to moderate level of independently assured security in a conventional TOE and is suitable for a relatively benign environment with good physical access security and competent administrators. Within such environments it is assumed that attackers will have little attack potential. &nbsp;&nbsp;MarkLogic Server Enterprise Edition, Version 6.0-4 supports the following security functions:</p>\r\n<p class=\"Body\">&nbsp;</p>\r\n<p class=\"Body\"><strong>Security Audit: </strong>The TOE audit records that include date and time of the event, subject identity and outcome for security events.&nbsp; The TOE provides authorized administrators with the ability to include and exclude auditable events based on user identity, role, event type, object identity and success and failure of auditable security events.&nbsp; When appropriate, the TOE also associates audit events with the identity of the user that caused the event.&nbsp; The environment stores the audit records and also provides the system clock information that is used by the TOE to timestamp each audit record.</p>\r\n<p class=\"Body\"><strong>Cryptographic Support: </strong>The Secure Sockets Layer protocol or Transport Layer Security (TLS 1.0) protocol (referred to in this document as SSL/TLS in FIPS mode) is used to provide protection of the communications surrounding the remote administrative sessions from disclosure and from modification (referred to as SSL/TLS in FIPS mode in this security target).&nbsp; For communication between a customer application on a network and the HTTP server, XDBC server, or ODBC server of the TOE, the TOE offers the use of a SSL/TLS session in FIPS mode to protect these communications.&nbsp; Finally, the TOE uses an SSL/TLS in FIPS mode protected channel to distribute TSF data when it is transmitted between distributed parts of the TOE (that is, hosts within a cluster).</p>\r\n<p class=\"Body\">The TOE uses OpenSSL object module version 2.0 which has undergone a FIPS 140-2 certification (certificate #1747).&nbsp; The TOE includes an OpenSSL object module built without modification from the source code of the OpenSSL FIPS certification.&nbsp; All references to &ldquo;the TOE&rdquo; performing cryptographic operations in this security target are indicating that the TOE is performing the operation through its use of the OpenSSL object module.</p>\r\n<p class=\"Body\"><strong>User Data Protection: </strong>The TOE enforces a Discretionary Access Control (DAC) policy which restricts access to TOE-controlled object(s).&nbsp; Users of the TOE are identified and authenticated by the TOE before any access to the system is granted.&nbsp; Once access to the system is granted, authorization provides the mechanism to control what functions a user is allowed to perform based on the user&rsquo;s role membership.&nbsp; Access to all TOE-controlled objects is denied unless access, based on role membership, is explicitly allowed.&nbsp; The authorized administrator role shall be able to access any object regardless of the object&rsquo;s permissions. The TOE also provides amplifications or &ldquo;amps&rdquo; which temporarily grant roles to a user only for the execution of a specific function. Therefore, the DAC policy can also be extended by a user who is temporarily granted the privileged&nbsp; role in order to perform a specific &ldquo;amped&rdquo; function. The TOE also ensures that any previous information content of a resource is made unavailable upon the allocation of the resource to an object.&nbsp; Memory or disk space is only allocated when the size of the new data is first known, so that all previous data is overwritten by the new data.</p>\r\n<p class=\"Body\"><strong>Identification and Authentication:</strong> The TOE requires users to provide unique identification and authentication data before any access to the system is granted and further restricts access to DBMS-controlled objects based on role membership.&nbsp;&nbsp; The TOE maintains the following security attributes belonging to individual users:&nbsp; role membership, and password.&nbsp; The TOE uses these attributes to determine access.</p>\r\n<p class=\"Body\">The TOE provides a password plug-in functionality that allows administrators to write custom code to require passwords to conform to specific rules (e.g., the number of characters, special characters, last change date).</p>\r\n<p class=\"Body\"><strong>Security Management:</strong> The security functions of the TOE are managed by authorized administrators via the web-based Admin Interface, or application written using the Admin API, Security API, PKI API, and built-in admin functions.&nbsp; The ST defines the security role of &lsquo;authorized administrator&rsquo;.&nbsp; Authorized administrators perform all security functions of the TOE including managing audit events, user accounts, access control and TOE sessions.</p>\r\n<p class=\"Body\"><strong>Protection of the TSF: </strong>The provides protection mechanisms for its security functions.&nbsp; One of the protection mechanisms is that users must authenticate and have the appropriate permissions before any administrative operations or access to TOE data and resources can be performed on the system.&nbsp; The TOE also maintains a security domain that protects it from interference and tampering by untrusted subjects within the TOE scope of control.&nbsp;</p>\r\n<p class=\"Body\">Communication with remote administrators is protected by SSL/TLS in FIPS mode, protecting against the disclosure and undetected modification of data exchanged between the TOE and the administrator.&nbsp; Communication with remote customer applications can also utilize SSL/TLS in FIPS mode to protect against the disclosure and undetected modification of data exchanged between the TOE and the customer application.&nbsp; Customer applications must determine whether the use of SSL/TLS in FIPS mode is necessary for that specific customer application&rsquo;s data.&nbsp;</p>\r\n<p class=\"Body\">The TOE ensures that TSF data is encrypted and remains consistent when transmitted between parts of the TOE.&nbsp; The TOE provides consistency of TSF data between distributed parts of the TOE by regularly monitoring the configuration file and security database for changes and distributing the updated configuration file or security database to all parts of the cluster.&nbsp; The TOE utilizes a TLS protected channel to distribute TSF data among a cluster.</p>\r\n<p class=\"Body\"><strong>TOE Access: </strong>The TOE restricts the maximum number of concurrent sessions that belong to the same user by enforcing an administrator configurable number of sessions per user.&nbsp; The TOE also denies session establishment based on attributes that can be set explicitly by authorized administrators including role identity, time of day and day of week.&nbsp;</p>\r\n<p>Upon successful session establishment, the TOE stores and retrieves the date and time of the last successful session establishment to the user.&nbsp; It also stores and retrieves the date and time of the last unsuccessful session establishment and the number of unsuccessful attempts since the last successful session establishment.&nbsp; This information is collected by the TOE Access security function, because the information pertains to user's attempts to access the TOE.&nbsp; The information gathered by the TOE pertains to historical session establishment actions by a user.</p>","features":[]}