{"product_id":11481,"v_id":11481,"product_name":"HCL BigFix Version 11.0.3","certification_status":"Certified","certification_date":"2025-05-27T00:00:00Z","tech_type":"Application Software,Network Encryption","vendor_id":{"name":"HCL Technologies Limited","website":""},"vendor_poc":"Alessandro Dinia","vendor_phone":"+39 3455906645","vendor_email":"alessandro.dinia@hcl.com","assigned_lab":{"cctl_name":"atsec information security corporation"},"product_description":"<p>The Target of Evaluation (TOE) is the HCL BigFix Server version 11.0.3, an application software that is part of HCL BigFix Endpoint Management solution, provided by HCL Technologies Limited. The TOE is installed and runs as a service on a Microsoft&reg; Windows&reg; operating system.</p>\r\n<p>HCL BigFix Endpoint Management is a centralized endpoint management system that allows authorized operators to monitor the system configurations of distributed endpoint systems (client computers) and enables operators to take any necessary corrective actions.</p>\r\n<p>The TOE implements the server functionality of HCL BigFix Endpoint Management solution, which manages and coordinates the flow of information to and from individual Client Computers and stores the results in the BigFix database. The database is used by the TOE to store and retrieve applicable Fixlets (e.g., identification of vulnerable/misconfigured endpoints) and Actions (e.g., remediation action) as well as TOE configuration data.</p>","evaluation_configuration":"<p>The evaluation configuration consists of HCL BigFix Server version 11.0.3 running on Microsoft Windows Server 2019 Standard version 1809.</p><p>The Operational Environment of the TOE is restricted to the following BigFix components:</p><ul><li>BigFix Administration Tool 11.0.3 (in the same system hosting the TOE)</li><li>BigFix Client 11.0.3</li><li>BigFix Console 11.0.3</li><li>BigFix IEM CLI 11.0.3</li></ul><p>In addition, the TOE requires the Microsoft SQL Server 2019 installed in the Operational Environment. </p><p><br data-mce-bogus=\"1\"></p>","security_evaluation_summary":"<p>The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the HCL BigFix Server version 11.0.3 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R5. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1, R5 supplemented by that found in the Protection Profiles cited below. The evaluation was completed in May 2025. The product, when delivered and configured as identified in the <em>HCL BigFix Server Version 11.0.3 Common Criteria Configuration Guide </em>meets the requirements of the following:</p>\r\n<ul>\r\n<li>Protection Profile for Application Software, Version 1.4, 2021-10-07</li>\r\n<li>Functional Package for Transport Layer Security (TLS), Version 1.1, 2019-03-01</li>\r\n</ul>","environmental_strengths":"<p>The TOE provides the following security functionality required by the Protection Profile for Application Software, version 1.4 and Functional Package for TLS, version 1.1.</p><h2>Cryptographic support</h2><p>The TOE provides cryptographic support using the OpenSSL cryptographic module bundled in the TOE and the Windows Cryptography API: Next Generation (CNG) cryptographic module supplied by the underlying Windows platform.</p><p>The TOE uses OpenSSL for the following cryptographic services:</p><ul><li>Trusted channels for incoming and outgoing connections using the TLS protocol version 1.2.</li><li>Conditioning of passwords for storing credentials (Master Operator's and Operator's passwords).</li></ul><p>The TOE uses the Windows CNG for the following cryptographic services:</p><ul><li>Protect private keys and database credentials using the Data Protection Application Programming Interface (DPAPI).</li><li>Provide entropy to the SP800-90A compliant DRBG implemented in OpenSSL.</li></ul><h2>User data protection</h2><p>The TOE provides user data protection by encrypting sensitive data at rest, as well as restricting access to platform-based resources required by the TOE.</p><h2>Identification and authentication</h2><p>The TOE authenticates the identity of the endpoint server when connecting as a TLS client by validating the X.509 certificates received from the server during the TLS protocol handshake. The TOE uses the cURL library and OpenSSL, which are part of the TOE.</p><p>The TOE also authenticates Console Operators for the purpose of managing the TOE from the Console or the REST API.</p><h2>Privacy</h2><p>The TOE does not request Personally Identifiable Information (PII).</p><h2>Security management</h2><p>The TOE provides the ability to set various configuration options for communication paths. The TOE also provides security management functions via the BigFix Console and REST API.</p><h2>Protection of the TOE Security Functionality</h2><p>The TOE implements several mechanisms to protect itself and its security functionality. These mechanisms include utilizing only documented Windows platform APIs; does not write user-modifiable files to directories that contain its executable files; using stack buffer overrun protection and Address Space Layout Randomization (ASLR) techniques. Also, all TOE binaries and updates are signed using the Microsoft Authenticode process. The TOE is delivered as an InstallShield installation package, signed by HCL.</p><h2>Trusted path/channels</h2><p>The TOE protects all incoming and outgoing transmitted data via HTTPS with TLS version 1.2 as the underlying protocol.</p>","features":[{"id":479,"feature_name":"Certificate Authentication"},{"id":481,"feature_name":"Certificate Validation"},{"id":482,"feature_name":"Credential Storage"},{"id":483,"feature_name":"DRBG"},{"id":484,"feature_name":"DTLS 1.0"},{"id":486,"feature_name":"DTLS Server with Mutual Authentication"},{"id":487,"feature_name":"PBKDF"},{"id":488,"feature_name":"TLS 1.1"}]}