The TOE is Micro Focus Data Protector Premium Edition, release 2020.05, software version A.10.70. Data Protector provides backup and restore functionality tailored for enterprise-wide and distributed environments. Data Protector is an enterprise-level software application for Windows. It includes cryptographic modules providing NIST-validated implementations of cryptographic functionality to support secure storage of credentials and secure communications with external IT entities. Data Protector restricts network connections to those required for it to perform its intended functions. Data Protector supports the use of X.509 certificates for authentication of TLS connections. Data Protector is implemented to utilize anti-exploitation capabilities provided by its execution environment. The application installation package and application updates are digitally signed by an authorized source.
","evaluation_configuration":"The TOE is Micro Focus Data Protector Premium Edition, release 2020.05, software version A.10.70.
","security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the Protection Profile for Application Software, Version 1.3 and Functional Package for Transport Layer Security (TLS), Version 1.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered configured as identified in the guidance document, satisfies all of the security functional requirements stated in the Micro Focus Data Protector Security Target. The evaluation was completed in May 2020. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
\r\n","environmental_strengths":"
Cryptographic Support
\r\nData Protector incorporates OpenSSL to provide its cryptographic functionality.
\r\nData Protector provides cryptographic mechanisms for symmetric encryption and decryption, cryptographic signature services, cryptographic hashing services, keyed-hash message authentication services, deterministic random bit generation seeded from a suitable entropy source, key establishment, and secure credential storage. The cryptographic mechanisms support TLS used for secure communication, both as client and server.
\r\nUser Data Protection
\r\nData Protector leverages the BitLocker functionality of its Windows platform to protect backed-up data written to disk on a Media Agent instance.
\r\nData Protector does not access sensitive information repositories as defined and intended by the Protection Profile for Application Software, Version 1.3.
\r\nData Protector restricts network communications to application-initiated network communication for scheduled backup and restore operations.
\r\nIdentification and Authentication
\r\nThe TOE supports the use of X.509 certificates for authentication of TLS connections.
\r\nThe TOE will not accept a certificate if it is unable to determine the revocation status of the certificate.
\r\nSecurity Management
\r\nData Protector does not create credentials by default. The user logged into the underlying Windows system with admin privileges performs the installation and the TOE subsequently ensures only that user is able to run the TOE.
\r\nPrivacy
\r\nData Protector does not collect Personally Identifiable Information (PII) from administrators or users.
\r\nProtection of the TSF
\r\nData Protector uses only documented platform APIs.
\r\nData Protector does not perform memory mapping to explicit addresses.
\r\nData Protector does not make any memory mapping requests with both write and execute permissions.
\r\nData Protector runs successfully with process exploit mitigations enabled on the underlying Windows Server platform
\r\nData Protector documentation describes the procedure for users to check for the availability of updates. Data Protector is packaged in the standard Windows Installer (.MSI) format and signed by a code-signing certificate.
\r\nData Protector provides the ability to query the current version of the application software.
\r\nTrusted Path/Channels
\r\nAll data transmitted by Data Protector is assumed to be sensitive data.
\r\nA Data Protector instance uses TLS to protect all data it transmits to other Data Protector instances.
","features":[]}