BMC Software PATROL® Version 3.4.11 is a systems application and event management tool. It provides an environment by which the status of every vital resource in the distributed environment being managed can be monitored. The Target of Evaluation (TOE) is PATROLÒ version 3.4.11, as a suite of products consisting of:
\r\nThere were two evaluated TOE configurations, one a SUN platform, the other a PC platform. Specifically these consisted of a Sun Ultra 5 running Solaris 2.7, and a Dell GX1 running Windows NT 4.0 SP6a. Each platform had the corresponding TOE binaries installed and configured, per Installation, Generation and Startup (IGS), by a BMC engineer.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the BMC Software PATROL® Version 3.4.11 was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.1. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 1.0. Computer Sciences Corporation determined that the target evaluation assurance level (EAL) for the product is EAL 2. The product, configured as installed by the BMC Software technician, satisfies all of the security functional requirements stated in the Security Target (ST). A validator, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by Computer Sciences Corporation. The ST conforms to CC part 2 extended and is CC part 3 conformant at the EAL 2 level of assurance. The evaluation was completed in September 2002. Results of the evaluation can be found in the Validation Report BMC Software PATROL® Version 3.4.11 prepared by National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS).
","environmental_strengths":"The TOE provides the following security features
\r\nAuditing - PATROL® has the capability to generate audit logs. Audit information generated by the system is based on PATROL® Agent audit logs. Audit functionality provided by the IT Environment is outside the scope of this evaluation. The PATROL® Agent audit log feature permits the recording of various security-related aspects of PATROL® operation.
User Data Protection - PATROL® provides discretionary access control restrictions, inter-TSF user data confidentiality, and data exchange integrity. PATROL® uses access control lists (ACLs) to restrict access to PATROL® Agents.
\r\nIdentification and Authentication - PATROL® provides for identification and authentication of users on PATROL® Consoles and Agents.
\r\nSecurity Management - PATROL® includes access control lists (ACLs) and security role definitions/assignments to assist in the management of security policy implementation. The PATROL System Administrator can define the following:
\r\nThe tasks controlled through user roles include:
\r\n