{"product_id":11614,"v_id":11614,"product_name":"Illumio Core v24.2.20","certification_status":"Certified","certification_date":"2025-06-20T00:00:00Z","tech_type":"Enterprise Security Management","vendor_id":{"name":"Illumio","website":""},"vendor_poc":"Bharath Shashikumar","vendor_phone":"669-800-5000","vendor_email":"bharath.shashikumar@illumio.com","assigned_lab":{"cctl_name":"DEKRA Cybersecurity Certification Laboratory"},"product_description":"<p style=\"margin: 0cm 39.2pt 19.25pt -0.25pt; text-indent: -0.5pt; line-height: 104%; font-size: 11pt; font-family: Arial, sans-serif; color: black;\"><span style=\"font-family: arial, helvetica, sans-serif;\">The TOE, Illumio Core v24.2.20, is an enterprise policy management product. The TOE&rsquo;s primary purpose is to manage communications within, and across, tiers of applications by defining access control policy. The TOE is a distributed software application that consists of the Policy Compute Engine (PCE) and the Virtual Enforcement Node (VEN).&nbsp;</span></p>\r\n<p style=\"margin: 0cm 39.2pt 5.6pt -0.25pt; text-indent: -0.5pt; line-height: 104%; font-size: 11pt; font-family: Arial, sans-serif; color: black;\"><span style=\"font-family: arial, helvetica, sans-serif;\">The TOE, Illumio Core,&nbsp;consists of the Policy Compute Engine (PCE) and the Virtual Enforcement Node (VEN). Together, these components form a distributed software platform that is designed to continuously protect communications within and, across, tiers of applications and hosts. The TOE enables administrators to create access control policies to secure and to implement granular segmentation of hosts and applications within enterprise network, effectively reducing the attack surface and securing the workload.&nbsp;Segmentation is another name for creating and sending (for enforcement) the firewall rules that separate traffic. <span style=\"line-height: 104%;\">A Workload represents a distinct collection of bare</span><span style=\"line-height: 104%;\">‐</span><span style=\"line-height: 104%;\">metal servers, VMs, containers, workstations, and VDI within data centers, cloud, or distributed enterprise environments.</span></span></p>\r\n<ul>\r\n<li style=\"text-indent: 0cm; line-height: 104%; font-size: 11pt; font-family: arial, helvetica, sans-serif; color: black;\"><span style=\"font-family: arial, helvetica, sans-serif;\"><strong><em>Policy Compute Engine (PCE)</em></strong> allows administrators to control network access policies, manage users and domains, and perform other management functions.<span style=\"font-size: 12pt; line-height: 104%; color: rgb(33, 33, 33);\"> The</span><span style=\"font-size: 12pt; line-height: 104%; color: rgb(33, 33, 33);\"> </span>Administrators access the PCE through a web browser-based user interface.&nbsp;&nbsp; The administrator has the ability to create p<span style=\"font-size: 12pt; line-height: 104%; color: rgb(33, 33, 33);\">olicies and then provision them into the VENs. </span>Any rule that is not allowed by a policy will be disallowed by default when VENs are placed in enforcement mode.&nbsp;</span></li>\r\n<li style=\"text-indent: -0.5pt; line-height: 104%; font-size: 11pt; font-family: arial, helvetica, sans-serif; color: black;\"><span style=\"font-family: arial, helvetica, sans-serif;\"><strong><em>Virtual Enforcement Nodes (VEN)</em></strong> are installed on the host machines, or Workloads, which are part of the protected enterprise network. The VEN has two main functions. a) gather detailed system and traffic information from the Workload and report that information to the PCE (not tested). B)&nbsp; enforce a security policy defined by the PCE (tested). The access control policies are defined in the PCE and then provisioned to the VEN. The VEN interprets the policies received from the PCE and prepares it for the host firewall. An example of a policy is to allow traffic from machines in the Asset Management app (source) to a web server of ERP App running on port 443 (destination). Once a policy is provisioned to a VEN, the VEN formulates it to a rule using host-based firewalls &ndash; the Windows Firewall on Windows. The policy then gets enforced by the native firewall. The host firewall is not part of the TOE. Only VEN is. The TOE uses an allow-list model, which means all traffic is blocked by default.&nbsp; Without a rule, traffic is not allowed to reach the hosts in an environment. The VEN also collects and reports audit events and other information about the Workload to the PCE.</span></li>\r\n</ul>\r\n<p style=\"margin: 0cm 39.2pt 18.45pt -0.25pt; text-indent: -0.5pt; line-height: 104%; font-size: 11pt; font-family: Arial, sans-serif; color: black;\"><span style=\"font-family: arial, helvetica, sans-serif;\">The PCE allows administrators to visually display application traffic and to implement policies to every Workload. A Workload is considered managed when VEN is installed and paired (or unmanaged when VEN is not present). The PCE is capable of defining policies that targets managed (and unmanaged) Workloads, however policies can be enforced only by managed Workloads. The relationship between PCE and VEN is one to many.&nbsp;</span></p>","evaluation_configuration":"<p>The TOE does not include the hardware or operating systems of the systems on which it is installed. It also does not include the third-party software that is required for the TOE to run.</p>\r\n<p>The TOE supports a number of features that are not part of the core functionality. Those features are excluded from scope of the evaluation:</p>\r\n<ol>\r\n<li>Use of the SMTP&nbsp;</li>\r\n<li>High Availability and Failover functionality</li>\r\n<li>JSON/REST API use&nbsp;</li>\r\n<li>Policy-based encryption (SecureConnect)</li>\r\n<li>Configuration of policy targeting unmanaged Workloads&nbsp;</li>\r\n<li>Linux-based VEN</li>\r\n<li>LDAP Authentication</li>\r\n<li>All visual aspects of the visualization feature, (also known as Illumination map), except the feature to add rules.</li>\r\n<li>Deny policies: only allow rules are evaluated.</li>\r\n<li>Flexible label types: only the four default labels are evaluated (application, environment, location, role).</li>\r\n<li>Policy templates: the policies to be transmitted are generated from scratch.</li>\r\n<li>Windows outbound process-based enforcement: process-based enforcement allows more granular segmentation based on process name. The object &ldquo;Windows outbound process&rdquo; is not evaluated.</li>\r\n<li>IPv6 support by the PCE and VEN</li>\r\n</ol>\r\n<p>The TOE allows policies with multiple types of rules, destinations, and attributes. During the evaluation, a sample was taken to test most of them; the rest were not covered during the evaluation.</p>\r\n<p>The following parameters were covered during the evaluation:</p>\r\n<ol>\r\n<li>Subject attributes: IP address, hostname, OS and pairing status.</li>\r\n<li>Labels: location, application, environment and role.</li>\r\n<li>Policy operations: create, update and delete.</li>\r\n<li>Rules:\r\n<ol style=\"list-style-type: lower-alpha;\">\r\n<li>Traffic based on: inbound and outbound traffic.</li>\r\n<li>Destination and source based on: workload, IP, port.</li>\r\n<li>Protocols: ICMP, RDP, DNS.</li>\r\n</ol>\r\n</li>\r\n</ol>\r\n<p>The TOE runs on multiple platforms however, not all of them were tested, therefore they are not part of the evaluated configuration.</p>\r\n<ul>\r\n<li>External management workstation\r\n<ul style=\"list-style-type: circle;\">\r\n<li>Latest versions of Chrome, Mozilla Firefox or Microsoft Edge browser.</li>\r\n<li>Compatible SSH client able to connect to RHEL 9.4 (if required for OS management</li>\r\n</ul>\r\n</li>\r\n<li>Platform services:\r\n<ul style=\"list-style-type: circle;\">\r\n<li>Trusted Certificate Store&nbsp;\r\n<ul style=\"list-style-type: square;\">\r\n<li>Installation specific; at minimum, store certificates in default /etc/pki/ca-trust directories (linked by /etc/ssl/certs/) using appropriate read-only permissions.</li>\r\n</ul>\r\n</li>\r\n<li>Syslog daemon (syslog-ng)\r\n<ul style=\"list-style-type: square;\">\r\n<li>rsyslog 8.24.0 or higher, or syslog-ng 3.1.8 or higher.</li>\r\n</ul>\r\n</li>\r\n<li>Operating System (RHEL 9.4)\r\n<ul style=\"list-style-type: square;\">\r\n<li>Platform-provided Cryptographic Module (Red Hat Enterprise Linux OpenSSL Cryptographic Module, Windows Cryptographic Primitives Library)</li>\r\n</ul>\r\n</li>\r\n</ul>\r\n</li>\r\n<li>External IT services:\r\n<ul style=\"list-style-type: circle;\">\r\n<li>Audit Server (syslog)\r\n<ul style=\"list-style-type: square;\">\r\n<li>rsyslog 8.24.0 or higher, or syslog-ng 3.1.8 or higher.</li>\r\n</ul>\r\n</li>\r\n<li>Authentication Server (SAML)\r\n<ul style=\"list-style-type: square;\">\r\n<li>Any SAML 2.0-compliant provider.</li>\r\n</ul>\r\n</li>\r\n<li>DNS Server\r\n<ul style=\"list-style-type: square;\">\r\n<li>Any modern DNS bind service such as bind 9.16.</li>\r\n</ul>\r\n</li>\r\n<li>NTP Server\r\n<ul style=\"list-style-type: square;\">\r\n<li>Any modern NTP or chronyd service such as chrony 4.5.</li>\r\n</ul>\r\n</li>\r\n</ul>\r\n</li>\r\n<li>Optional external servers\r\n<ul style=\"list-style-type: circle;\">\r\n<li>SMTP Server &nbsp;\r\n<ul style=\"list-style-type: square;\">\r\n<li>Any modern SMTP service such as postfix 3.5.</li>\r\n</ul>\r\n</li>\r\n<li>External Certificate Authority (CA)\r\n<ul style=\"list-style-type: square;\">\r\n<li>Installation specific; any modern CA implementation should be sufficient.</li>\r\n</ul>\r\n</li>\r\n</ul>\r\n</li>\r\n</ul>","security_evaluation_summary":"<p>The evaluation was carried out in accordance with the Common Criteria Evaluation <span style=\"font-family: arial, helvetica, sans-serif;\">and</span> Validation Scheme (CCEVS) processes and procedures. Illumio Core Platform v24.2.20 was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2022 Revision 1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2022 Revision 1. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the Illumio Core Platform v24.2.20 Security Target Version 0.5. The evaluation underwent CCEVS Validator review. The evaluation was completed in June 2025. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID11614-2025 prepared by CCEVS.</p>","environmental_strengths":"<h4>Protection of the TOE Security Function (TSF)</h4>\r\n<p>The TOE protects sensitive data, such as stored passwords and secrets, so it is not directly accessible in plaintext.</p>\r\n<h4>Trusted Path/Channels</h4>\r\n<p>&nbsp;The TOE implements secure channels for communication for both the PCE and the VEN. PCE implements secure remote administration, exports audit records securely to an external audit server, integrates with an external authentication server, and securely transfers policy updates to VEN. The VEN securely connects to PCE to receive policy updates.</p>\r\n<h4>Enterprise Security Management</h4>\r\n<p>The TOE supports policy definition and transmission through its two primary components - PCE and VEN. The PCE computes and manages the security policies that are consumed by the VENs. The TOE allows administrators to define security policies and distributes those rules securely to the VENs which enforce those rules on the host using its native firewall.</p>\r\n<h4>Security Audit</h4>\r\n<p>The TOE allows audit of security related events and logging of such audit events securely to an audit server.&nbsp; The TOE is able to generate audit records of security-relevant events as they occur. Generally, any use of a management function via the Web UI, as well as relevant IT environment events, will be audited. The agents (VENs) also send audit events to TOE by invoking the TOE&rsquo;s API</p>\r\n<p>The TOE stores audit data locally, in the operational environment, by utilizing the Linux file system. The TOE is also capable of uploading audit records securely to an external audit server (e.g., syslog) in the operational environment.</p>\r\n<h4>Identification and Authentication</h4>\r\n<p>The TOE supports secure user authentication and handles authentication failures. The TOE requires users to be identified and authenticated before they can access any of the management functions. The TOE also enforces strong password policy and offers the ability to lockout users on unsuccessful user authentications.</p>\r\n<h4>Security Management</h4>\r\n<p>The TOE uses role-based access control to restrict access to management functions based on user&rsquo;s role. The TOE supports management capabilities listed in Table 6-3. The TOE restricts management functions associated with the VEN the same way that the TOE&rsquo;s own management functions are controlled. Only authorized administrators belonging to appropriate roles are capable of managing VENs.</p>\r\n<h4>TOE Access</h4>\r\n<p>The TOE can be configured by an administrator to force an interactive session&rsquo;s termination based on a timeout value. The TOE can also be configured to display advisory banners as part of the authentication prompt.</p>\r\n<h4>Trusted Path/Channels</h4>\r\n<p>The TOE implements secure channels for communication for both the PCE and the VEN. PCE implements secure remote administration, exports audit records securely to an external audit server, integrates with an external authentication server, and securely transfers policy updates to VEN. The VEN securely connects to PCE to receive policy updates.</p>","features":[{"id":777,"feature_name":"Auditing"},{"id":787,"feature_name":"Enterprise Security Management"},{"id":741,"feature_name":"Flaw Remediation"}]}