The Bastille Enterprise Fusion Center analyzes observed wireless device data to detect devices, their metadata, and their locations (the data collection component is not part of the evaluation). The Fusion Center provides real time feeds of this enriched device data. This data enables users to make security decisions by leveraging the real time wireless device inventory the Fusion Center provides and site policies of the organization. Sites can include one or more floors of a building, multiple buildings, or entire organization campuses.
\r\nThe Fusion Center provides secure access to the data through the use of APIs available to users via the TLS/HTTPS protected network connections. There are several web-based (single page) applications that are built into the TOE and these are built exclusively with the aforementioned APIs. Usage of these APIs is outside of scope of this evaluation. The TOE can optionally also provide notifications to subscriber applications through the use of webhooks via secured TLS/HTTPS protocol. Webhooks functionality is out of scope of this evaluation.
","evaluation_configuration":"The TOE is running on Ubuntu Linux LTS 18.04 and 22.04, running on VMware ESXI Virtualization Server 7 or higher. Ubuntu Linux is not part of the TOE but is provided together with the TOE as a virtual appliance. Ubuntu Pro ESM long term support (LTS) subscription is prepaid by Bastille.
","security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. The TOE was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5. The evaluation methodology used by the Evaluation Team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5. The evaluation, completed in October 2025 was successful and provides a level of assurance that the TOE meets the Security Functional Requirements identified in the Security Target. This assurance comes from the performance of the work units associated with the Security Assurance Requirements. A detailed description of those Assurance Requirements as well as the details of how the product meets each of them can be found in the Security Target. A more detailed account of the evaluation assurance activities and the results obtained can be found in the Assurance Activity Report.
","environmental_strengths":"The TOE does not directly perform cryptographic services, but rather calls the platform-provided crypto library, so cryptographic operations are out of the TOE logical scope.
\r\nThe TOE protects confidential data using platform provided mechanisms and does not collect sensitive information from the platform or users. The TOE restricts its access to platform resources to network connections.
\r\nThe TOE uses x509 certificates to verify the authenticity of the remote services when initiating secure communications with them.
\r\nThe TOE provides security management functionality for users to perform initial configuration and to configure external connections. Configuration is stored in a way recommended by the platform. The TOE requires users to change the built-in OS credentials during initial configuration of the TOE. TOE configures file permissions for its binaries to protect from modification by unprivileged users.
\r\nThe TOE does not collect or transmit Personal Identifiable Information.
\r\nThe TOE employs built-in anti-exploitation capabilities and uses only supported platform APIs and a limited number of 3rd party libraries. The TOE uses SemVer format to track TOE versions.
\r\nThe TOE provides its current version number and capabilities to check for existing updates to the TOE. The TOE is distributed with the OS as a Virtual Appliance, and updates are distributed as a complete virtual appliance image.
\r\nThe TOE performs encryption of transmitted sensitive data using platform provided functionality.
","features":[{"id":56,"feature_name":"Certificate Authentication"},{"id":55,"feature_name":"Certificate Validation"},{"id":49,"feature_name":"Credential Storage"},{"id":54,"feature_name":"DRBG"},{"id":51,"feature_name":"HTTPS Client"},{"id":53,"feature_name":"HTTPS Server with Mutual Authentication"},{"id":50,"feature_name":"PBKDF"},{"id":13,"feature_name":"Wifi Security Monitoring"}]}