{"product_id":11216,"v_id":11216,"product_name":"Fortra’s GoAnywhere Managed File Transfer v6.8","certification_status":"Certified","certification_date":"2023-04-07T00:00:00Z","tech_type":"Application Software","vendor_id":{"name":"Fortra, LLC","website":"https://www.goanywhere.com"},"vendor_poc":"Mike Woessner","vendor_phone":"402-281-0815","vendor_email":"mike.woessner@fortra.com","assigned_lab":{"cctl_name":"Acumen Security"},"product_description":"<p class=\"MsoNormal\">The Target of Evaluation (TOE) is the Fortra&rsquo;s GoAnywhere Managed File Transfer v6.8 (MFT). The TOE is a software application that provides secure file transfer services over HTTPS, TLS, and SSH. GoAnywhere MFT is a secure managed file transfer solution that streamlines the exchange of data between systems, employees, customers, and trading partners. It provides centralized control with extensive security settings, detailed audit trails, and helps process information from files into XML, CSV, and JSON databases.</p>","evaluation_configuration":"<p>The TOE has been evaluated on the following host platforms:</p>\r\n<p style=\"padding-left: 40px;\"><!-- [if !supportLists]-->&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <!--[endif]-->CentOS 7 on ESXi 6.7 with Intel Xeon E5-4620v4 (Broadwell)</p>\r\n<p style=\"padding-left: 40px;\"><!-- [if !supportLists]-->&middot;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <!--[endif]-->Windows Server 2016 on ESXi 6.7 with Intel Xeon E5-4620v4 (Broadwell)</p>\r\n<p>Note: The TOE is the application software only. The host platforms are not part of the evaluation.</p>\r\n<p class=\"MsoNormal\">The TOE supports (sometimes optionally) secure connectivity with several other IT environment devices as described below.</p>\r\n<div align=\"center\">\r\n<table class=\"MsoNormalTable\" style=\"border-collapse: collapse; mso-table-layout-alt: fixed; border: none; mso-border-alt: solid windowtext .5pt; mso-yfti-tbllook: 1184; mso-padding-alt: 0in .05in 0in .05in; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext;\" border=\"1\" width=\"100%\" cellspacing=\"0\" cellpadding=\"0\">\r\n<thead>\r\n<tr style=\"mso-yfti-irow: 0; mso-yfti-firstrow: yes; height: 5.85pt;\">\r\n<td style=\"width: 85.25pt; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; background: #D9D9D9; padding: 0in .05in 0in .05in; height: 5.85pt;\" valign=\"bottom\" width=\"114\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><strong><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif; color: black; mso-color-alt: windowtext;\">Environment<br />Component</span></strong></p>\r\n</td>\r\n<td style=\"width: .75in; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; background: #D9D9D9; padding: 0in .05in 0in .05in; height: 5.85pt;\" valign=\"top\" width=\"72\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><strong><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif; color: black; mso-color-alt: windowtext;\">Required</span></strong></p>\r\n</td>\r\n<td style=\"width: 328.25pt; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; background: #D9D9D9; padding: 0in .05in 0in .05in; height: 5.85pt;\" valign=\"top\" width=\"438\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><strong><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif; color: black; mso-color-alt: windowtext;\">Usage/Purpose Description</span></strong></p>\r\n</td>\r\n</tr>\r\n</thead>\r\n<tbody>\r\n<tr style=\"mso-yfti-irow: 1; height: 6.8pt;\">\r\n<td style=\"width: 85.25pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Web Browser</span></p>\r\n</td>\r\n<td style=\"width: .75in; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"72\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Yes</span></p>\r\n</td>\r\n<td style=\"width: 328.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"438\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Remote administration and User file access over HTTPS/TLSv1.2.</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 2; height: 6.8pt;\">\r\n<td style=\"width: 85.25pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Database Server</span></p>\r\n</td>\r\n<td style=\"width: .75in; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"72\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Yes</span></p>\r\n</td>\r\n<td style=\"width: 328.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"438\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">MySQL, PostgreSQL, MS SQL Server, Oracle, or DB2/400 for storing settings. The server must support TLSv1.2 to enable secure access by the TOE.</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 3; height: 6.8pt;\">\r\n<td style=\"width: 85.25pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">LDAP/AD Server</span></p>\r\n</td>\r\n<td style=\"width: .75in; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"72\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">No</span></p>\r\n</td>\r\n<td style=\"width: 328.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"438\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Remote authentication server supporting TLSv1.2.</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 4; height: 6.8pt;\">\r\n<td style=\"width: 85.25pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Mail Server</span></p>\r\n</td>\r\n<td style=\"width: .75in; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"72\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">No</span></p>\r\n</td>\r\n<td style=\"width: 328.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"438\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Mail server supporting SMTP over TLSv1.2 for sending notifications.</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 5; height: 6.8pt;\">\r\n<td style=\"width: 85.25pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">File Server</span></p>\r\n</td>\r\n<td style=\"width: .75in; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"72\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">No</span></p>\r\n</td>\r\n<td style=\"width: 328.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"438\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Remote file server for storing user files:</span></p>\r\n<p class=\"TableNormal1\" style=\"margin-left: .5in; text-indent: -.25in; line-height: 106%; mso-list: l1 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">AS2, AS4, or WebDAV servers supporting HTTPS/TLSv1.2</span></p>\r\n<p class=\"TableNormal1\" style=\"margin-left: .5in; text-indent: -.25in; line-height: 106%; mso-list: l1 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">SFTP or SCP servers supporting SSHv2</span></p>\r\n<p class=\"TableNormal1\" style=\"margin-left: .5in; text-indent: -.25in; line-height: 106%; mso-list: l1 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">FTP/s servers supporting TLSv1.2</span></p>\r\n<p class=\"TableNormal1\" style=\"margin-left: .5in; text-indent: -.25in; line-height: 106%; mso-list: l1 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Amazon S3 or Azure Blob Storage supporting HTTPS/TLSv1.2</span></p>\r\n<p class=\"TableNormal1\" style=\"margin-left: .5in; text-indent: -.25in; line-height: 106%; mso-list: l1 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">REST, SOAP, or generic HTTPS/TLSv1.2 server</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 6; height: 6.8pt;\">\r\n<td style=\"width: 85.25pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">File Transfer Client</span></p>\r\n</td>\r\n<td style=\"width: .75in; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"72\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">No</span></p>\r\n</td>\r\n<td style=\"width: 328.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"438\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Client allowing users to store and retrieve files from the TOE:</span></p>\r\n<p class=\"TableNormal1\" style=\"margin-left: .5in; text-indent: -.25in; line-height: 106%; mso-list: l1 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">AS2 or AS4 clients supporting HTTPS/TLSv1.2</span></p>\r\n<p class=\"TableNormal1\" style=\"margin-left: .5in; text-indent: -.25in; line-height: 106%; mso-list: l1 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">SFTP or SCP clients supporting SSHv2</span></p>\r\n<p class=\"TableNormal1\" style=\"margin-left: .5in; text-indent: -.25in; line-height: 106%; mso-list: l1 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]--><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">FTP/s client supporting TLSv1.2</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 7; mso-yfti-lastrow: yes; height: 6.8pt;\">\r\n<td style=\"width: 85.25pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Java Runtime Environment</span></p>\r\n</td>\r\n<td style=\"width: .75in; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"72\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Yes (on CentOS)</span></p>\r\n</td>\r\n<td style=\"width: 328.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"438\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span lang=\"FR\" style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif; mso-ansi-language: FR;\">Platform-provided Java SE 8 Java Runtime Environment (JRE).</span></p>\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Note: The Windows platform does not provide a JRE, so the Windows version of the TOE includes the required JRE.</span></p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n</div>\r\n<p class=\"MsoNormal\">&nbsp;</p>","security_evaluation_summary":"<p class=\"MsoNormal\" style=\"margin-bottom: 0in; text-align: justify;\">The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Fortra&rsquo;s GoAnywhere Managed File Transfer v6.8 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.The product, when configured as identified in the Fortra&rsquo;s GoAnywhere Managed File Transfer v6.8 AGD, satisfies all of the security functional requirements stated in the Common Criteria Configuration Guide for Fortra&rsquo;s GoAnywhere Managed File Transfer v6.8 Security Target. The project underwent CCEVS Validator review.The evaluation was completed in April 2023.Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.</p>","environmental_strengths":"<h4>Logical Boundaries</h4>\r\n<p>The TOE provides the security functionality required by [SWAPP]<a name=\"_Hlk16850407\"></a>, [TLS-PKG], and [SSH-EP].</p>\r\n<h4>Cryptographic Support</h4>\r\n<p>The TOE utilizes the GoAnywhere MFT Bouncy Castle FIPS Java API cryptographic library version 1.0.2. This library implements all of the cryptographic algorithms required for SSH and TLS, drawing entropy from the platform RBG.</p>\r\n<p class=\"MsoNormal\">The cryptographic services provided by the TOE are described below:</p>\r\n<div align=\"center\">\r\n<table class=\"MsoNormalTable\" style=\"border-collapse: collapse; mso-table-layout-alt: fixed; border: none; mso-border-alt: solid windowtext .5pt; mso-yfti-tbllook: 1184; mso-padding-alt: 0in .05in 0in .05in; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext;\" border=\"1\" width=\"100%\" cellspacing=\"0\" cellpadding=\"0\">\r\n<thead>\r\n<tr style=\"mso-yfti-irow: 0; mso-yfti-firstrow: yes; height: 5.85pt;\">\r\n<td style=\"width: 116.75pt; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; background: #D9D9D9; padding: 0in .05in 0in .05in; height: 5.85pt;\" valign=\"bottom\" width=\"156\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><strong><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif; color: black; mso-color-alt: windowtext;\">Cryptographic Protocol</span></strong></p>\r\n</td>\r\n<td style=\"width: 350.75pt; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; background: #D9D9D9; padding: 0in .05in 0in .05in; height: 5.85pt;\" valign=\"top\" width=\"468\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><strong><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif; color: black; mso-color-alt: windowtext;\">Use within the TOE</span></strong></p>\r\n</td>\r\n</tr>\r\n</thead>\r\n<tbody>\r\n<tr style=\"mso-yfti-irow: 1; height: 6.8pt;\">\r\n<td style=\"width: 116.75pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"156\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">SSHv2 Client</span></p>\r\n</td>\r\n<td style=\"width: 350.75pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"468\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">File server transfers using SFTP or SCP</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 2; height: 6.8pt;\">\r\n<td style=\"width: 116.75pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"156\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">SSHv2 Server</span></p>\r\n</td>\r\n<td style=\"width: 350.75pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"468\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">User file transfers using SFTP or SCP</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 3; height: 6.8pt;\">\r\n<td style=\"width: 116.75pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"156\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">HTTPS/TLSv1.2 Client</span></p>\r\n</td>\r\n<td style=\"width: 350.75pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"468\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">File server transfers using AS2, AS4, WebDAV, FTP/s, Amazon S3, Azure Blob Storage, REST, SOAP, or HTTPS; Check for updates</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 4; height: 6.8pt;\">\r\n<td style=\"width: 116.75pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"156\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">HTTPS/TLSv1.2 Server</span></p>\r\n</td>\r\n<td style=\"width: 350.75pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"468\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">HTTPS Remote administration; HTTPS file access; AS2 or AS4 clients</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 5; height: 6.8pt;\">\r\n<td style=\"width: 116.75pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"156\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">TLSv1.2 Client</span></p>\r\n</td>\r\n<td style=\"width: 350.75pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"468\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">Database server; Authentication Server; Mail Server; </span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 6; mso-yfti-lastrow: yes; height: 6.8pt;\">\r\n<td style=\"width: 116.75pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"156\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">TLSv1.2 Server</span></p>\r\n</td>\r\n<td style=\"width: 350.75pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in .05in 0in .05in; height: 6.8pt;\" valign=\"top\" width=\"468\">\r\n<p class=\"TableNormal1\" style=\"line-height: 106%;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">User file transfers using FTP/s</span></p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n</div>\r\n<p align=\"left\"><strong>Table <!-- [if supportFields]><span style='font-size:12.0pt'><span\r\nstyle='mso-element:field-begin'></span><span\r\nstyle='mso-spacerun:yes'> </span>SEQ Table \\* ARABIC <span style='mso-element:\r\nfield-separator'></span></span><![endif]-->3<!-- [if supportFields]><span\r\nstyle='font-size:12.0pt;mso-no-proof:yes'><span style='mso-element:field-end'></span></span><![endif]--> TOE Provided Cryptography</strong></p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify;\">Each of these cryptographic algorithms have been validated for conformance to the requirements specified in their respective standards, as identified below.</p>\r\n<div align=\"center\">\r\n<table class=\"MsoNormalTable\" style=\"width: 98.94%; border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-yfti-tbllook: 1184; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext;\" border=\"1\" width=\"98%\" cellspacing=\"0\" cellpadding=\"0\">\r\n<thead>\r\n<tr style=\"mso-yfti-irow: 0; mso-yfti-firstrow: yes;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">SFR</span></strong></p>\r\n</td>\r\n<td style=\"width: 199.25pt; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"266\">\r\n<p class=\"TableNormal1\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">Algorithm in ST</span></strong></p>\r\n</td>\r\n<td style=\"width: 138.85pt; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"185\">\r\n<p class=\"TableNormal1\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">CAVP Alg.</span></strong></p>\r\n</td>\r\n<td style=\"width: 49.45pt; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"TableNormal1\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">CAVP Cert #</span></strong></p>\r\n</td>\r\n</tr>\r\n</thead>\r\n<tbody>\r\n<tr style=\"mso-yfti-irow: 1;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" rowspan=\"3\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">FCS_CKM.1</span></p>\r\n</td>\r\n<td style=\"width: 199.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"266\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, &ldquo;Digital Signature Standard (DSS)&rdquo;, Appendix B.3</span></p>\r\n</td>\r\n<td style=\"width: 138.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"185\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">RSA KeyGen (n = 2048, 3072)</span></p>\r\n</td>\r\n<td style=\"width: 49.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">C1876</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 2;\">\r\n<td style=\"width: 199.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"266\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">ECC schemes using &ldquo;NIST curves&rdquo; [selection: P-256, P-384, P-521] that meet the following: FIPS PUB 186-4, &ldquo;Digital Signature Standard (DSS)&rdquo;, Appendix B.4</span></p>\r\n</td>\r\n<td style=\"width: 138.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"185\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">ECDSA KeyGen<br />ECDSA KeyVer</span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">(Curve = P-256, P-384, P-521)</span></p>\r\n</td>\r\n<td style=\"width: 49.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">C1876</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 3;\">\r\n<td style=\"width: 199.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"266\">\r\n<p class=\"MsoNormal\"><span style=\"font-size: 10.0pt; line-height: 106%; mso-fareast-font-family: 'MS Gothic'; mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-bidi-font-weight: bold;\">FFC Schemes using Diffie-Hellman group 14 that meet the following: RFC 3526, Section 3</span></p>\r\n</td>\r\n<td style=\"width: 138.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"185\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">NIAP Policy Letter #5, Addendum #2, states &ldquo;No NIST CAVP, CCTL must perform all assurance/evaluation activities&rdquo;.</span></p>\r\n</td>\r\n<td style=\"width: 49.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">Vendor Affirmed.</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 4;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" rowspan=\"3\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">FCS_CKM.2</span></p>\r\n</td>\r\n<td style=\"width: 199.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"266\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">RSA-based key establishment schemes that meet the following: RSAES-PKCS1-v1_5 as specified in Section 7.2 of RFC 8017, &ldquo;Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1&rdquo;</span></p>\r\n</td>\r\n<td style=\"width: 138.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"185\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">NIAP Policy Letter #5, Addendum #2, states &ldquo;No NIST CAVP exists, must be described in TSS &ndash; See FIPS 140-2 I.G. D.4: Vendor Affirmation&rdquo;.</span></p>\r\n</td>\r\n<td style=\"width: 49.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">Vendor Affirmed.</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 5;\">\r\n<td style=\"width: 199.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"266\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">Elliptic curve-based key establishment schemes that meet the following: NIST Special Publication 800-56A Revision 2, &ldquo;Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography&rdquo;</span></p>\r\n</td>\r\n<td style=\"width: 138.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"185\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">KAS-ECC</span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">(Curve = P-256, P-384, P-521)</span></p>\r\n</td>\r\n<td style=\"width: 49.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">C1876</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 6;\">\r\n<td style=\"width: 199.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"266\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">Key establishment scheme using Diffie-Hellman group 14 that meets the following: RFC 3526, Section 3</span></p>\r\n</td>\r\n<td style=\"width: 138.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"185\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">NIAP Policy Letter #5, Addendum #2 does not provide any guidance for this selection.</span></p>\r\n</td>\r\n<td style=\"width: 49.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">Vendor Affirmed.</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 7;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">FCS_COP.1/ DataEncryption</span></p>\r\n</td>\r\n<td style=\"width: 199.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"266\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">AES used in [<strong style=\"mso-bidi-font-weight: normal;\">CBC, GCM</strong>] mode and cryptographic key sizes [<strong style=\"mso-bidi-font-weight: normal;\">128 bits, 256 bits</strong>]</span></p>\r\n</td>\r\n<td style=\"width: 138.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"185\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">AES-CBC (128-bit, 256-bit)</span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">AES-GCM (128-bit, 256-bit)</span></p>\r\n</td>\r\n<td style=\"width: 49.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">C1876</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 8;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" rowspan=\"2\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">FCS_COP.1/ SigGen</span></p>\r\n</td>\r\n<td style=\"width: 199.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"266\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">For RSA schemes: FIPS PUB 186-4, &ldquo;Digital Signature Standard (DSS)&rdquo;, Section 5.5, using PKCS #1 v2.1 Signature Schemes RSASSA-PSS and/or RSASSA-PKCS1v1_5; ISO/IEC 9796-2, Digital signature scheme 2 or Digital Signature scheme 3</span></p>\r\n</td>\r\n<td style=\"width: 138.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"185\">\r\n<p class=\"TableNormal1\"><span lang=\"ES\" style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-ansi-language: ES;\">RSA SigGen<br />RSA SigVer</span></p>\r\n<p class=\"TableNormal1\"><span lang=\"ES\" style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin; mso-ansi-language: ES;\">(n = 2048, 3072)</span></p>\r\n</td>\r\n<td style=\"width: 49.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">C1876</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 9;\">\r\n<td style=\"width: 199.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"266\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">For ECDSA schemes: FIPS PUB 186-4, &ldquo;Digital Signature Standard (DSS)&rdquo;, Section 6 and Appendix D, Implementing &ldquo;NIST curves&rdquo; [<strong style=\"mso-bidi-font-weight: normal;\">P-256, P-384, P-521</strong>]; ISO/IEC 14888-3, Section 6.4</span></p>\r\n</td>\r\n<td style=\"width: 138.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"185\">\r\n<p class=\"TableNormal1\" style=\"margin-bottom: 0in;\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">ECDSA SigGen</span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">ECDSA SigVer</span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">(Curve = P-256, P-384, P-521)</span></p>\r\n</td>\r\n<td style=\"width: 49.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">C1876</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 10;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">FCS_COP.1/ Hash</span></p>\r\n</td>\r\n<td style=\"width: 199.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"266\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">[<strong style=\"mso-bidi-font-weight: normal;\">SHA-1, SHA-256, SHA-384, SHA-512</strong>] and message digest sizes [<strong style=\"mso-bidi-font-weight: normal;\">160, 256, 384, 512</strong>] bits</span></p>\r\n</td>\r\n<td style=\"width: 138.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"185\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">SHA-1</span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">SHA2-256</span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">SHA2-384</span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">SHA2-512</span></p>\r\n</td>\r\n<td style=\"width: 49.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">C1876</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 11;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">FCS_COP.1/ KeyedHash</span></p>\r\n</td>\r\n<td style=\"width: 199.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"266\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">[<strong style=\"mso-bidi-font-weight: normal;\">HMAC-SHA-1,</strong> <strong style=\"mso-bidi-font-weight: normal;\">HMAC-SHA- 256, HM<span style=\"text-transform: uppercase;\">AC-Sha-384, HMAc-SHA-512</span></strong>] and cryptographic key sizes [<strong style=\"mso-bidi-font-weight: normal;\">256-bits, 160-bits, 384-bits, 512-bits</strong>] and message digest sizes [<strong style=\"mso-bidi-font-weight: normal;\">160, 384, 512</strong>] bits</span></p>\r\n</td>\r\n<td style=\"width: 138.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"185\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">HMAC-SHA-1</span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">HMAC-SHA2-256</span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">HMAC-SHA2-384</span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">HMAC-SHA2-512</span></p>\r\n</td>\r\n<td style=\"width: 49.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">C1876</span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 12; mso-yfti-lastrow: yes;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">FCS_RBG_EXT.1</span></p>\r\n</td>\r\n<td style=\"width: 199.25pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"266\">\r\n<p class=\"TableNormal1\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">CTR_DRBG (AES)</span></strong></p>\r\n</td>\r\n<td style=\"width: 138.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"185\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">Counter DRBG (AES)</span></p>\r\n</td>\r\n<td style=\"width: 49.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"66\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bidi-font-family: Calibri; mso-bidi-theme-font: minor-latin;\">C1876</span></p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n</div>\r\n<p class=\"MsoCaption\" style=\"text-align: left;\" align=\"left\"><strong><a name=\"_Ref27561265\"></a><span style=\"font-size: 12.0pt;\">Table </span><!-- [if supportFields]><span\r\nstyle='mso-bookmark:_Ref27561265'></span><span style='mso-element:field-begin'></span><span\r\nstyle='mso-bookmark:_Ref27561265'><span style='font-size:12.0pt'><span\r\nstyle='mso-spacerun:yes'> </span>SEQ Table \\* ARABIC <span style='mso-element:\r\nfield-separator'></span></span></span><![endif]--><span style=\"mso-bookmark: _Ref27561265;\"><span style=\"font-size: 12.0pt;\"><span style=\"mso-no-proof: yes;\">4</span></span></span><!-- [if supportFields]><span\r\nstyle='mso-bookmark:_Ref27561265'></span><span style='mso-element:field-end'></span><![endif]--></strong><span style=\"font-size: 12.0pt;\"><strong> CAVP Algorithm Testing References</strong></span></p>\r\n<h4>User Data Protection</h4>\r\n<p>The TOE relies on the underlying platform to encrypt sensitive data at rest.</p>\r\n<h4>Identification and Authentication</h4>\r\n<p>The TOE uses X.509v3 certificates as defined by RFC 5280 to authenticate the TLS connection to the external TLS servers. The TOE validates the X.509 certificates using the certificate path validation algorithm defined in RFC 5280.</p>\r\n<p>The TOE authenticates users using a username/password combination or X.509 TLS Client Certificates.</p>\r\n<h4>Security Management</h4>\r\n<p>The TOE allows the configuration of users, file servers, file transfer services, keys and certificates, and cryptographic protocols.</p>\r\n<h4>Privacy</h4>\r\n<p>The TOE does not transmit Personally Identifiable Information (PII) over the network.</p>\r\n<h4>Protection of the TSF</h4>\r\n<p>The TOE employs several mechanisms to ensure that it is secure on the host platform. The TOE only allocates a limited amount of memory with both write and execute permission to support just-in-time compiling. The TOE supports ASLR, stack-based overflow protections, and platform security mechanisms (Windows Defender and SELinux).</p>\r\n<p>The TOE is distributed as a Microsoft .EXE file (Windows) or a RPM (CentOS). The installers are signed by Fortra so their integrity can be verified by the platform.</p>\r\n<h4>Trusted Path/Channels</h4>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: 0in; text-align: justify;\">The TOE protects all data in transit using TLSv1.2 or SSHv2.</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: 0in; text-align: justify;\"><span style=\"font-size: 12.0pt; line-height: 106%; font-family: 'Times New Roman',serif;\">&nbsp;</span></p>","features":[]}