{"product_id":11415,"v_id":11415,"product_name":"Trellix Endpoint Security (HX) Agent v35.31.31","certification_status":"Certified","certification_date":"2024-05-29T00:00:00Z","tech_type":"Application Software, Network Encryption","vendor_id":{"name":"Musarubra US LLC (\"Trellix\")","website":"https://www.trellix.com"},"vendor_poc":"Product Certifications","vendor_phone":"1-855-434-7339","vendor_email":"sec_certs@trellix.com","assigned_lab":{"cctl_name":"Acumen Security"},"product_description":"<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\"><strong style=\"mso-bidi-font-weight: normal;\">&nbsp;</strong></p>\r\n<table class=\"MsoTableGrid\" style=\"width: 472.25pt; border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-yfti-tbllook: 1184; mso-padding-alt: 0in 5.4pt 0in 5.4pt;\" border=\"1\" width=\"630\" cellspacing=\"0\" cellpadding=\"0\">\r\n<thead>\r\n<tr style=\"mso-yfti-irow: 0; mso-yfti-firstrow: yes; page-break-inside: avoid;\">\r\n<td style=\"width: 127.35pt; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; background: #FFC000; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"170\">\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\"><strong>Component</strong></p>\r\n</td>\r\n<td style=\"width: 344.9pt; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; background: #FFC000; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"460\">\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\"><strong>Description</strong></p>\r\n</td>\r\n</tr>\r\n</thead>\r\n<tbody>\r\n<tr style=\"mso-yfti-irow: 1; page-break-inside: avoid;\">\r\n<td style=\"width: 127.35pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"170\">\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">Trellix Endpoint Security (HX) Server</p>\r\n</td>\r\n<td style=\"width: 344.9pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"460\">\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">Trellix Endpoint Security (HX) Server is the server from which the TOE and updates thereof are installed on host platforms, from which the TOE receives the rules for scanning the host platform, and to which the TOE forwards the scanning results.</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">For installation on a host platform, the TOE and any updates thereof need to be uploaded from the production environment to the Trellix HX server. This uploading is not within the scope of this evaluation. Once uploaded, the TOE can be downloaded on the host platform and installed.</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The TOE collects system events (file, process, registry, network etc.) and processes them as per business logic expressed as scanning rules. It then communicates the results of the scanning to the Trellix HX Server. The TOE implements HTTPS TLS for secure communication between itself and the Trellix Endpoint Security (HX) Server and uses that for all communication.</p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 2; page-break-inside: avoid;\">\r\n<td style=\"width: 127.35pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"170\">\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">Host Platform</p>\r\n</td>\r\n<td style=\"width: 344.9pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"460\">\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The Host Platform may be any computer with an allowed Microsoft Windows operating system. The hoist platform must have in the minimum 1GB of system memory.</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The Host Platform must also implement the necessary network connectivity for the TOE to communicate with the Trellix Endpoint Security (HX) Server. While the TOE implements TLS to protect the content of the communication, the Host Platform must implement the protocol stacks and the physical ports for the connectivity.</p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 3; mso-yfti-lastrow: yes; page-break-inside: avoid;\">\r\n<td style=\"width: 127.35pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"170\">\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">CRL Server</p>\r\n</td>\r\n<td style=\"width: 344.9pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"460\">\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The TOE must be associated to a Certificate Revocation List (CRL) Server. The CRL Server contains the revocation list which is communicated to the TOE and used in the validation of the X.509 certificates. The CRL Server is part of the management server associated to the Trellix Endpoint Security (HX) Server.</p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>","evaluation_configuration":"","security_evaluation_summary":"<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Trellix Endpoint Security (HX) Agent v35.31.31 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The product, when delivered configured as identified in Common Criteria Administrator Guidance, satisfies all of the security functional requirements stated in the Trellix Endpoint Security (HX) Agent v35.31.31 Security Target. The project underwent CCEVS Validator review.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The evaluation was completed in May/2024.<span style=\"mso-spacerun: yes;\">&nbsp; </span>Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.</p>","environmental_strengths":"<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\"><a name=\"_Toc138774178\"></a><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"mso-bidi-language: EN-US; mso-bidi-font-style: italic;\">Security Functions Provided by the TOE</span></strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The TOE implements all security functions and mechanisms required for conformance with [PP_APP_v1.4] and [PKG_TLS_V1.1].</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">&nbsp;</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\"><strong>Cryptographic Support</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The TOE implements cryptographic support for the following:</p>\r\n<p class=\"MsoNormal\" style=\"text-indent: -.25in; mso-list: l1 level1 lfo1; margin: 0in 0in .0001pt .5in;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">-<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->TLS connectivity between itself and a Trellix Endpoint Security (HX) Series Appliance, including generation of 2048-bit RSA keys for a certificate signing request and implementation of all required cryptographic algorithms, and</p>\r\n<p class=\"MsoNormal\" style=\"text-indent: -.25in; mso-list: l1 level1 lfo1; margin: 0in 0in .0001pt .5in;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">-<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Digital certificate validation.</p>\r\n<p class=\"MsoNormal\" style=\"margin: 0in 0in .0001pt .5in;\">&nbsp;</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The cryptographic algorithms the TOE implements and the CAVP certificate numbers are given in <!-- [if supportFields]><span style='mso-element:field-begin'></span><span\r\nstyle='mso-spacerun:yes'> </span>REF _Ref106098937 \\h <span\r\nstyle='mso-spacerun:yes'> </span>\\* MERGEFORMAT <span style='mso-element:field-separator'></span><![endif]-->Table 1<!-- [if gte mso 9]><xml>\r\n <w:data>08D0C9EA79F9BACE118C8200AA004BA90B02000000080000000E0000005F005200650066003100300036003000390038003900330037000000</w:data>\r\n</xml><![endif]--><!-- [if supportFields]><span style='mso-element:field-end'></span><![endif]-->. Each algorithm is implemented using the OpenSSL Cryptographic Library version 3.0.8 which is part of the TOE.</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">&nbsp;</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt; text-align: center;\" align=\"center\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"mso-bidi-font-style: italic;\">Table 1 TOE Cryptographic Algorithms and CAVP Certificate References</span></strong></p>\r\n<div align=\"center\">\r\n<table class=\"MsoNormalTable\" style=\"width: 100.0%; border-collapse: collapse; border: none; mso-border-alt: solid windowtext .5pt; mso-yfti-tbllook: 1184; mso-padding-alt: 0in 5.4pt 0in 5.4pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext;\" border=\"1\" width=\"100%\" cellspacing=\"0\" cellpadding=\"0\">\r\n<thead>\r\n<tr style=\"mso-yfti-irow: 0; mso-yfti-firstrow: yes;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><a name=\"_Hlk148689262\"></a><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"font-size: 10.0pt;\">SFR</span></strong></p>\r\n</td>\r\n<td style=\"width: 156.45pt; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"209\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"font-size: 10.0pt;\">Algorithm in ST</span></strong></span></p>\r\n</td>\r\n<td style=\"width: 105.45pt; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"141\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"font-size: 10.0pt;\">Implementation name</span></strong></span></p>\r\n</td>\r\n<td style=\"width: 85.85pt; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"font-size: 10.0pt;\">CAVP Alg.</span></strong></span></p>\r\n</td>\r\n<td style=\"width: 58.5pt; border: solid windowtext 1.0pt; border-left: none; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"78\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><strong style=\"mso-bidi-font-weight: normal;\"><span style=\"font-size: 10.0pt;\">CAVP Cert #</span></strong></span></p>\r\n</td>\r\n</tr>\r\n</thead>\r\n<tbody>\r\n<tr style=\"mso-yfti-irow: 1;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">FCS_CKM.1/AK</span></span></p>\r\n</td>\r\n<td style=\"width: 156.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"209\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">RSA schemes using cryptographic key sizes of 2048-bit that meet the following: FIPS PUB 186-4, &ldquo;Digital Signature Standard (DSS)&rdquo;, Appendix B.3</span></span></p>\r\n</td>\r\n<td style=\"width: 105.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"141\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\">Trellix OpenSSL FIPS Provider v3.0.8</span></p>\r\n</td>\r\n<td style=\"width: 85.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">RSA KeyGen (FIPS186-4)</span></span></p>\r\n</td>\r\n<td style=\"width: 58.5pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"78\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">A5228</span></span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 2;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">FCS_CKM.2</span></span></p>\r\n</td>\r\n<td style=\"width: 156.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"209\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">RSA key establishment schemes that meet the following: NIST Special Publication 800-56B, &ldquo;Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography&rdquo;</span></span></p>\r\n</td>\r\n<td style=\"width: 105.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"141\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\">Trellix OpenSSL FIPS Provider v3.0.8</span></p>\r\n</td>\r\n<td style=\"width: 85.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">Vendor Affirmed</span></span></p>\r\n</td>\r\n<td style=\"width: 58.5pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"78\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">Vendor Affirmed </span></span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 3;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">FCS_COP.1/ SKC</span></span></p>\r\n</td>\r\n<td style=\"width: 156.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"209\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">AES-CBC mode as defined in NIST SP 800-38A and cryptographic key sizes 128 bits and 256 bits</span></span></p>\r\n</td>\r\n<td style=\"width: 105.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"141\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\">Trellix OpenSSL FIPS Provider v3.0.8</span></p>\r\n</td>\r\n<td style=\"width: 85.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">AES-CBC</span></span></p>\r\n</td>\r\n<td style=\"width: 58.5pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"78\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">A5228</span></span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 4;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">FCS_COP.1/ Hash</span></span></p>\r\n</td>\r\n<td style=\"width: 156.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"209\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">SHA-1 and SHA-256 and message digest sizes 160 and 256 bits</span></span></p>\r\n</td>\r\n<td style=\"width: 105.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"141\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\">Trellix OpenSSL FIPS Provider v3.0.8</span></p>\r\n</td>\r\n<td style=\"width: 85.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">SHA-1</span></span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">SHA2-256</span></span></p>\r\n</td>\r\n<td style=\"width: 58.5pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"78\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">A5228</span></span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 5;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">FCS_COP.1/ Sig</span></span></p>\r\n</td>\r\n<td style=\"width: 156.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"209\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">RSA scheme using cryptographic key sizes of 2048-bit that meet the following: FIPS PUB 186-4, &ldquo;Digital Signature Standard (DSS)&rdquo;, Section 5</span></span></p>\r\n</td>\r\n<td style=\"width: 105.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"141\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\">Trellix OpenSSL FIPS Provider v3.0.8</span></p>\r\n</td>\r\n<td style=\"width: 85.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">RSA SigGen (FIPS186-4)</span></span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">RSA SigVer (FIPS186-4)</span></span></p>\r\n</td>\r\n<td style=\"width: 58.5pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"78\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">A5228</span></span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 6;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">FCS_COP.1/ KeyedHash</span></span></p>\r\n</td>\r\n<td style=\"width: 156.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"209\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">HMAC-SHA-1 and HMAC-SHA-256 with key sizes 256 and 160 bits used in HMAC and message digest sizes 256 and 160 bits that meet the following: FIPS Pub 198-1,&rsquo;The Keyed-Hash Message Authentication Code&rsquo; and FIPS Pub 180-4 &lsquo;Secure Hash Standard'</span></span></p>\r\n</td>\r\n<td style=\"width: 105.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"141\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\">Trellix OpenSSL FIPS Provider v3.0.8</span></p>\r\n</td>\r\n<td style=\"width: 85.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">HMAC-SHA-1</span></span></p>\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">HMAC-SHA2- 256</span></span></p>\r\n</td>\r\n<td style=\"width: 58.5pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"78\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">A5228</span></span></p>\r\n</td>\r\n</tr>\r\n<tr style=\"mso-yfti-irow: 7; mso-yfti-lastrow: yes;\">\r\n<td style=\"width: 75.0pt; border: solid windowtext 1.0pt; border-top: none; mso-border-top-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"100\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">FCS_RBG_EXT.2.1</span></span></p>\r\n</td>\r\n<td style=\"width: 156.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"209\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">An </span></span><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"mso-fareast-font-family: 'Times New Roman';\">NIST Special Publication 800-90A using </span></span><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">CTR_DRBG(AES) </span></span><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"mso-fareast-font-family: 'Times New Roman';\">with a minimum of </span></span><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">256-bits</span></span></p>\r\n</td>\r\n<td style=\"width: 105.45pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"141\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\">Trellix OpenSSL FIPS Provider v3.0.8</span></p>\r\n</td>\r\n<td style=\"width: 85.85pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"114\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">Counter DRBG</span></span></p>\r\n</td>\r\n<td style=\"width: 58.5pt; border-top: none; border-left: none; border-bottom: solid windowtext 1.0pt; border-right: solid windowtext 1.0pt; mso-border-top-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-alt: solid windowtext .5pt; padding: 0in 5.4pt 0in 5.4pt;\" valign=\"top\" width=\"78\">\r\n<p class=\"TableNormal1\"><span style=\"mso-bookmark: _Hlk148689262;\"><span style=\"font-size: 10.0pt;\">A5228</span></span></p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n</div>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">&nbsp;</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\"><strong>Identification and Authentication</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The TOE uses X.509v3 certificates as defined by RFC 5280 to authenticate the TLS connection to the Trellix Endpoint Security (HX) Series appliance. The TOE validates the X.509 certificates using the certificate path validation algorithm defined in RFC 5280.</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">&nbsp;</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\"><a name=\"_Ref107472432\"></a><strong>User Data Protection</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The TOE is distributed as an installer package in Microsoft Installer (MSI) format. As well as the initial installation package, all updates to the TOE are also distributed as MSI packages. Each TOE installation and update package is digitally signed by Trellix in the production environment of the TOE. There are several methods to acquire the TOE's installation images. These include downloading them from the HX server, manually obtaining them from the vendor's cloud servers, or accessing them from the vendor's offline portal. Subsequent updates for the TOE can either be distributed from the HX server or downloaded and installed manually on the host machine.</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\"><strong style=\"mso-bidi-font-weight: normal;\">&nbsp;</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\"><strong>Privacy</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The TOE does not transmit Personally Identifiable Information (PII) over the network. This protects the privacy of the users of the host platform.</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">&nbsp;</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\"><strong>Protection of the TSF</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The TOE implements several security mechanisms to protect itself when installed on the host platform. Protection of the installation and update packages when stored on the Trellix Endpoint Security (HX) Series appliance or on the TOE is using digital signatures as described in User Data Protection.</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">&nbsp;</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The TOE never allocates memory with both write and execute permissions. Furthermore, the TOE operates in an environment in which the following security mechanisms are in effect:</p>\r\n<p class=\"MsoListParagraphCxSpFirst\" style=\"margin-left: .75in; mso-add-space: auto; text-indent: -.25in; mso-list: l0 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-family: 'Calibri',sans-serif;\"><span style=\"mso-list: Ignore;\">-<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Data execution prevention,</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"margin-left: .75in; mso-add-space: auto; text-indent: -.25in; mso-list: l0 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-family: 'Calibri',sans-serif;\"><span style=\"mso-list: Ignore;\">-<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Mandatory address space layout randomization (no memory map to an explicit address),</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"margin-left: .75in; mso-add-space: auto; text-indent: -.25in; mso-list: l0 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-family: 'Calibri',sans-serif;\"><span style=\"mso-list: Ignore;\">-<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Structured exception handler overwrite protection,</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"margin-left: .75in; mso-add-space: auto; text-indent: -.25in; mso-list: l0 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-family: 'Calibri',sans-serif;\"><span style=\"mso-list: Ignore;\">-<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Export address table access filtering, and</p>\r\n<p class=\"MsoListParagraphCxSpLast\" style=\"margin-left: .75in; mso-add-space: auto; text-indent: -.25in; mso-list: l0 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-family: 'Calibri',sans-serif;\"><span style=\"mso-list: Ignore;\">-<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Anti-Return Oriented Programming.</p>\r\n<p class=\"MsoNormal\" style=\"line-height: 107%; margin: 12.0pt 0in 12.0pt 0in;\">Protection of the TOE and parts of it when stored within the production environment is not in the scope of the evaluation. Nevertheless, during compilation, the TOE is built with several flags enabled to check for engineering flaws. The flags and the protection mechanisms include the following:</p>\r\n<p class=\"MsoListParagraphCxSpFirst\" style=\"margin-left: .75in; mso-add-space: auto; text-indent: -.25in; mso-list: l0 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-family: 'Calibri',sans-serif;\"><span style=\"mso-list: Ignore;\">-<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->The TOE is built with the /GS flag enabled. This reduces the possibilities of stack-based buffer overflows in the product.</p>\r\n<p class=\"MsoListParagraphCxSpMiddle\" style=\"margin-left: .75in; mso-add-space: auto; text-indent: -.25in; mso-list: l0 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-family: 'Calibri',sans-serif;\"><span style=\"mso-list: Ignore;\">-<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->The compiler enables Address Space Layout Randomization (ASLR) by default.</p>\r\n<p class=\"MsoListParagraphCxSpLast\" style=\"margin-left: .75in; mso-add-space: auto; text-indent: -.25in; mso-list: l0 level1 lfo2;\"><!-- [if !supportLists]--><span style=\"font-family: 'Calibri',sans-serif;\"><span style=\"mso-list: Ignore;\">-<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->The TOE is not built with the /DYNAMICBASE:NO which would disable ASLR.</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">&nbsp;</p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\"><strong>Trusted Path/Channels</strong></p>\r\n<p class=\"MsoNormal\" style=\"margin-bottom: .0001pt;\">The TOE receives scanning policies from the associated Trellix Endpoint Security (HX) Series appliance over a network connection. The TOE uses the scanning policies for scanning the host platform and returns the results of the scanning to the appliance. The connection between the TOE and the Trellix Endpoint Security (HX) Series appliance is always secured with TLS. The TLS is implemented in full conformance with [PKG_TLS_V1.1].</p>","features":[{"id":2200,"feature_name":"Certificate Authentication"},{"id":2201,"feature_name":"Certificate Validation"},{"id":2202,"feature_name":"Credential Storage"},{"id":2203,"feature_name":"DRBG"},{"id":2204,"feature_name":"DTLS 1.0"},{"id":2205,"feature_name":"DTLS Server with Mutual Authentication"},{"id":32,"feature_name":"Endpoint Security"},{"id":2206,"feature_name":"HTTPS Client"},{"id":2207,"feature_name":"PBKDF"},{"id":2208,"feature_name":"TLS 1.1"}]}