The TOE is the IBM Cloud Extender (CE) application. It consists of four modules enabling communications functionality with various customer-provided services and the IBM MaaS Cloud Extender Configuration Tool, hereafter refers to as Configuration Tool.
\r\nThe TOE is installed within the customer’s network in order to enable services offered by the IBM MaaS360 Enterprise Mobility Management (EMM), a cloud-based multi-tenant platform that provides a mobile device management (MDM) solution. Specifically, the TOE is installed behind the customer firewall with network access to appropriate internal systems. The TOE is available as a small Windows Application.
\r\nThe four TOE modules covered by the evaluation are the following:
\r\nThe TOE is packaged and delivered in the Windows Application Software (.EXE) running on the following platforms:
\r\nThe evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the IBM MaaS360 Cloud Extender version 3.000.800 TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R5. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1, R5 supplemented by that found in the Protection Profiles cited below. The product, when delivered and configured as identified in the MaaS360 Cloud Extender Common Criteria Guide, meets the requirements of the following:
\r\nThe TOE provides the following cryptographic functions via the Microsoft Cryptography API: Next Generation (CNG) cryptographic library from the underlying Microsoft Windows Server platform on which the TOE runs:
\r\nThe TOE also comes with its own OpenSSL cryptographic library, which provides the following cryptographic services:
\r\nThe TOE provides user data protection services by restricting its access to specific platform-based resources, such as sensitive data repositories, and network communications, that are strictly needed to support the necessary TOE functionality.
\r\nSensitive application data when stored in non-volatile memory is protected using platform-provided EFS services.
\r\nThe TOE supports authentication by X.509 certificates by the TOE and by using the platform API.
\r\nThe TOE provides the ability to set a number of its configuration options, which are stored, as recommended by Microsoft, in the Windows Registry and are protected using the Data Protection Application Programming Interface (DPAPI).
\r\nThe TOE does not specifically request Personally Identifiable Information (PII).
\r\nThe TOE only uses documented Windows APIs. The TOE does not write user-modifiable files to directories that contain executable files. The TOE implements anti-exploitation capabilities including stack buffer overrun protection and Address Space Layout Randomization (ASLR) techniques.
\r\nThe TOE is packaged and delivered in the Windows Application Software (.EXE) format signed with Microsoft Authenticode using the Microsoft Sign Tool.
\r\nThe TOE protects all transmitted data via trusted channels over TLS 1.2.
","features":[{"id":253,"feature_name":"Certificate Authentication"},{"id":252,"feature_name":"Certificate Validation"},{"id":245,"feature_name":"Credential Storage"},{"id":423,"feature_name":"DRBG"},{"id":433,"feature_name":"DTLS 1.0"},{"id":434,"feature_name":"DTLS Server with Mutual Authentication"},{"id":251,"feature_name":"HTTPS Client"},{"id":421,"feature_name":"HTTPS Server with Mutual Authentication"},{"id":418,"feature_name":"PBKDF"},{"id":432,"feature_name":"TLS 1.1"}]}