The Target of Evaluation (TOE) is Imprivata OneSign Version 7.9 Hot Fix 9 (HF9) (build 7.9.009.58). OneSign is a policy management product developed by Imprivata, Inc. for managing endpoints in an enterprise. It manages access to endpoint features through the use of policies and provides single sign-on (SSO) capabilities for endpoints. The product consists of two main components:
\r\n1. Imprivata Appliance—A virtual appliance (a.k.a. appliance) containing software called OneSign that performs policy management (i.e., the TOE)
\r\n2. Imprivata Agent—Agent software (a.k.a. agent) for enforcing policies on endpoints
\r\nThe TOE is the Imprivata Appliance. The Imprivata Agents and endpoints reside in the operational environment.
\r\nThe TOE is a single virtual appliance instance running in a VMware ESXi virtual machine. The TOE contains the SUSE Linux Enterprise Server (SLES) OS as its base OS, an Apache HTTP Server, Apache SSHD using Apache Multipurpose Infrastructure for Network Applications (MINA), Java, OpenJDK, and syslog-ng.
\r\nIn ESM Protection Profile terms, the TOE is a Policy Manager. The Access Control products are the agents located on each endpoint. The TOE is used to create, manage, and provide policies to the enrolled endpoints. The agents enforce the policies on the endpoints.
","evaluation_configuration":"The evaluated configuration consists of Imprivata OneSign Version 7.9 Hot Fix 9 (HF9) (build 7.9.009.58) running as a virtual appliance in a VMware ESXi virtual machine. The following configuration specifics apply to the evaluated configuration of the TOE:
\r\n· The TOE is a single virtual appliance instance
\r\n· Offline Authentication mode is disabled in the Computer Policies and User Policies
\r\n· Only the internal password authentication mechanism is supported (i.e., external authentication servers were not tested)
\r\n· Only users in the Imprivata domain are supported
\r\n· Temporary codes for Windows Access are disallowed
\r\n· Apache HTTP Server TLS 1.3 support is disabled
\r\n· Network Time Protocol (NTP) is disabled
\r\n· File servers for backup functionality are disallowed
\r\n· Computer Policy Settings as specified in the Security Target
\r\n· User Policy settings as specified in the Security Target
\r\n","security_evaluation_summary":"
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the Imprivata OneSign Version 7.9 was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R5. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1, R5 supplemented by that found in the Protection Profile cited above. The product, when delivered and configured as identified in the Imprivata OneSign Version 7.9 Common Criteria Administration Guide, meets the requirements of the Standard Protection Profile for Enterprise Security Management Policy Management, Version 2.1.
\r\nImprivata OneSign Version 7.9
\r\nThe Imprivata OneSign Version 7.9 Common Criteria Administration Guide document satisfies all of the security functional requirements stated in the Imprivata OneSign Version 7.9 Security Target, version 1.3. The evaluation was subject to CCEVS Validator review. The evaluation was completed in October 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report number CCEVS-VR-VID11178-2023, prepared by CCEVS.
","environmental_strengths":"The TOE provides the security functions described below.
\r\nThe TOE supports policy definition and transmission. It allows administrators to define security policies and distribute the policies over a secure connection to the managed endpoints.
\r\nThe TOE supports the following policies:
\r\n· Computer Policy – Capabilities and restrictions placed on the endpoint
\r\n· User Policy – Capabilities and restrictions placed on the user
\r\nThe agent combines and enforces the two policies when a user authenticates an endpoint.
\r\nComputer Policy
\r\nIn general, Computer Policies apply to every user attempting to use the endpoint. These policies define the set of features accessible to any user on that endpoint.
\r\nThe TOE supports the creation (including modification and deletion) of multiple Computer Policies and the application of different Computer Policies to different endpoints.
\r\nUser Policy
\r\nUser Policies apply to a specific user attempting to use any endpoint. These policies define the set of endpoint features the user is allowed to use on any endpoint.
\r\nThe TOE supports the creation (including modification and deletion) of multiple User Policies and the application of different User Policies to different users.
\r\nThe TOE generates audit records for the PP-required events.
\r\nThe TOE supports two separate mechanisms for storing its audit records externally. Some audit records can be transmitted as individual audit records to an external audit server (a.k.a. syslog server) over a protected communications channel. The remaining audit records can be transmitted in log files to external audit log storage over a protected communications channel.
\r\nThe TOE employs the HTTPS protocol, SSH (a.k.a. SSHv2) protocol, and TLS protocol to protect communication channels.
\r\nThe HTTPS protocol is implemented by the Apache HTTP Server which uses Apache's Network Security Services (NSS) for both the TLS protocol and cryptographic algorithms.
\r\nThe SSH protocol is implemented using Apache SSHD which uses the Java Secure Socket Extension (JSSE) application programming interface (API) to perform its cryptographic operations in the SSH protocol.
\r\nThe syslog-ng client uses OpenSSL which implements both the TLS protocol and cryptographic algorithms.
\r\nAdmin Console
\r\nFor the Admin Console, the TOE contains an internal authentication server used to authenticate users. The authentication server uses an internal database to store user data and credentials. The TOE requires the Admin Console users to be identified and authenticated prior to accessing any management functions.
\r\nThe Admin Console supports multiple administrator roles.
\r\nAppliance Console
\r\nFor the Appliance Console, the TOE uses a separate password file to store and authenticate users. The TOE also enforces authentication failure handling on the Appliance Console.
\r\nThe Appliance Console supports two administrator accounts: Super Administrator and Administrator. These accounts are used to perform low-level configuration and maintenance.
\r\nThe TOE supports multiple security management functions including user account management and policy management functions.
\r\nThe TOE obscures authentication data before storing them in non-volatile memory. No interface is provided by the TOE to view the passwords in plaintext. Similarly, the TOE provides no interface to view pre-shared keys, symmetric keys, and private keys.
\r\nThe TOE also provides its own reliable time stamp capabilities.
\r\nThe TOE terminates the remote sessions of the Admin Console and Appliance Console after an administrator-configurable time interval of inactivity. It also allows administrators to terminate their own sessions on the Admin Console and Appliance Console (i.e., logout).
\r\nThe Admin Console and Appliance Console display configurable advisory messages prior to authentication. Depending on which console, administrators can deny session establishment based on day, time, duration, or username.
\r\nThe TOE acts as an HTTPS server supporting TLS 1.2 when communicating with the agents. Administrators externally manage the TOE using a web browser (i.e., Admin Console and Appliance Console) over HTTPS with TLS 1.2.
\r\nThe TOE uses the secure copy protocol (SCP) (i.e., SSHv2) to protect the communication channel when transferring audit data from the TOE to external audit log storage.
\r\nThe TOE uses TLS 1.2 to protect the communication channel when transferring audit data from the TOE to the external audit server (syslog).
","features":[]}