CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

The Target of Evaluation (TOE) is Axonius Cybersecurity Asset Management Platform v4.0-f, a containerized software application designed to provide an organization a comprehensive inventory of its IT assets, uncover cybersecurity coverage gaps, and enforce security policies. The TOE uses integration-specific code, termed “adapters”, to connect to the organization’s existing IT systems to retrieve information about assets such as devices and users.

The specific tested version of the TOE is 4.0.11-f. In its evaluated configuration, the TOE is a containerized application executing on a platform comprising:

·       Docker runtime engine v19.0.3

·       Ubuntu 16.04

·       VMware ESXi 6.5

·       AMD Ryzen Threadripper 1950X (Zen microarchitecture)

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, September 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the guidance documentation, satisfies all of the security functional requirements stated in the Axonius Cybersecurity Asset Management Platform v4.0-f Security Target. The evaluation was completed in March 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Cryptographic Support

The TOE implements cryptography to protect data at rest and in transit.

For data at rest, the TOE securely stores the credential data used to log in to the TOE, private keys, and the credentials the TOE uses to authenticate to adapter data sources. This stored data is protected using either PBKDF2_HMAC with SHA512 and 100,000 rounds in conjunction with LUKS or using MongoDB’s Client-Side Field Level Encryption (AES-256-CBC).

For data in transit, the TOE implements HTTPS and TLS as both a client and a server. The TOE implements a HTTPS/TLS server for its administrative interface, while it implements either an SSH Client or a HTTPS/TLS client to communicate with any data sources connected to it. The TOE does not support mutual authentication.

The TOE implements all cryptography used for these functions using its own OpenSSL with CAVP validated algorithms. The TOE’s DRBG is seeded using entropy from the underlying OS platform.

User Data Protection

The TOE protects sensitive data in non-volatile memory using approved cryptographic algorithms and by leveraging LUKS functionality provided by the host platform.

The TOE relies on the network connectivity capabilities of its host OS platform. The TOE supports user-initiated and application-initiated uses of the network.

The TOE does not access any of the sensitive information repositories on the host platform.

Identification and Authentication

The TOE supports X.509 certificate validation as part of establishing TLS and HTTPS connections. The TOE supports various certificate validity checks and checks certificate revocation status using OCSP. If the certificate is invalid or the revocation status of a certificate cannot be determined, the certificate will not be accepted.

Security Management

The TOE itself and the configuration settings it uses are stored in locations recommended by the Linux platform vendor.

The TOE includes a web GUI. This interface enforces username/password authentication using locally stored credentials that are created using the TOE. The TOE does not include a default user account to access its management interface.

The security-relevant management functions supported by the TOE relate to configuration of adapters and certificates.

Privacy

The TOE does not collect or transmit personally identifiable information (PII) of any individuals.

Protection of the TSF

The TOE enforces various mechanisms to prevent itself from being used as an attack vector to its host OS platform. The TOE runs on top of the host operating system as a series of Docker containers containing Python and JavaScript code, and does not explicitly require disabling built-in operating system controls for any reason (e.g., those built into Ubuntu 16.04). As such, the TOE relies on the operating system to handle sensitive low-level operations such as memory mapping, and is compatible with Ubuntu 16.04, including when SELinux is enabled on the host OS. The TOE is interpreted code and not just-in-time compiled and therefore compiler flags to enforce ASLR are not necessary. The TOE also does not use both PROT_WRITE and PROT_EXEC on the same memory regions. There is no situation where the TSF maps memory to an explicit address.

The TOE does not use any undocumented platform APIs and no system calls are directly invoked in Axonius code. The TOE is entirely Dockerized Python/JavaScript, so all calls are indirect.

The TOE has a mechanism to determine its current software version. Software updates to the TOE can be acquired by leveraging its OS platform. All updates are digitally signed to guarantee their authenticity and integrity.

The TOE developer has internal mechanisms for receiving reports of security flaws, tracking product vulnerabilities, and distributing software updates to customers in a timely manner.

Trusted Path/Channels

The TOE encrypts sensitive data in transit between itself and its operational environment using TLS, HTTPS, or SSH.

Vendor Information