Compliant Product - SailPoint File Access Manager v8.3 SP5
Certificate Date: 2023.08.31CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11352-2023
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Protection Profile for Application Software Version 1.4
CC Testing Lab: Booz Allen Hamilton Common Criteria Testing Laboratory
Administrative Guide: File Access Manager Administrator Guide
Administrative Guide: File Access Manager v8.3 Service Pack 5 Deployment Guide
Administrative Guide: File Access Manager Installation Guide
Administrative Guide: SailPoint File Access Manager 8.3 SP5 Supplemental Administrative Guidance for Common Criteria
The TOE is the SailPoint File Access Manager (FAM) version 8.3 SP5 application, referred to as FAM or TOE from this point forward. FAM’s primary functionality is to allow its users to review and manage the governed data created by FAM for monitoring enterprise data stored on one or more managed resources. The governed data allows FAM users to identify and classify data, understand on which managed resources within the network the data is stored, and understand which enterprise users have access to the data.
In the evaluated configuration, the Target of Evaluation (TOE) is the SailPoint File Access Manager (FAM) 8.3 SP5 (“SailPoint FAM”) application is installed on a Windows Server 2019 and through APIs the TOE utilizes several functions of the operating system to perform its operations. The TOE relies on .NET Framework to function and Internet Information Services (IIS) to host its GUI web pages. The TOE communicates with the Windows operating system’s Server Message Block component to receive information about data on managed resources which FAM turns into governed data. The TOE also communicates with the Windows operating system’s Active Directory component which contains enterprise user data. The TOE stores all of its configuration data, TOE managed user credentials, and governed data within a separately installed SQL Database. During operation, the TOE will read and write this data to the SQL Database. In the evaluated configuration, the SQL Database resides on the same Windows Server as the TOE. The administrative interfaces include a local Fat Client for local access and a web GUI for remote access. The TOE is configured to securely communicate with the following external IT entity: Windows File Server(s).
SailPoint FAM 8.3 SP5 is a software-only TOE and therefore its physical boundary is its software. The TOE does not include the hardware or operating system of the system on which it is installed. It also does not include the third party software which is required for the TOE to run. The following table lists the components that are required for the TOE’s use in the evaluated configuration. These Operational Environment components are expected to be patched to include the latest security fixes for each component.
SailPoint FAM’s primary functionality of monitoring enterprise data was not evaluated, except where the product’s functionality relates to the Security Functional Requirements (SFRs) included within the scope of the evaluation.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. SailPoint File Access Manager 8.3 SP5 was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the SailPoint File Access Manager 8.3 SP5 Security Target Version 1.0, July 07, 2023. The evaluation underwent CCEVS Validator review. The evaluation was completed in July 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID11352 -2023 prepared by CCEVS.
The TOE invokes the Windows platform’s cryptographic services to secure data in transit communication. Due to this, the TOE does not directly invoke any DRBG functionality nor does the TOE perform generation of asymmetric cryptographic keys. The TOE also uses the Windows platform’s Data Protection API to store the credentials for accessing the SQL database.
User Data Protection
The TOE relies on the Windows platform to handle the following network connections, to include all of their cryptographic operations: respond to TLS connection requests from an Activity Monitor to receive managed resource data.
The administrator that installs the TOE will set the initial credentials for accessing the TOE and will also be assigned the owner permissions for the TOE’s software by the Windows platform. Due to the Windows platform’s access permissions and the TOE’s install directory being C:\Program Files, the TOE’s binaries and data files are protected from unprivileged modification. The TOE’s administrators are able to configure the TOE and perform tasks via the TOE’s GUI and fat client. All TOE configuration options are stored per the mechanisms recommended by the Windows platform vendor for .NET Core applications.
The TOE ensures the privacy of its administrators and users by not providing any ability to collect or transmit personally identifiable information (PII) over the network.
Protection of the TSF
The TOE relies on the Windows platform to request memory and will not request an explicit memory address. The TOE does not allocate any memory region with both write and execute permissions. As a .NET Core application, the TOE has stack-based buffer overflow protections. The TOE uses a number of Windows platform APIs and third-party libraries as part of its operation.
Administrators can verify the TOE’s version by checking any of the TOE’s binary files or by authenticating to the fat client. The TOE automatically checks its software version against the latest available software version provided by SailPoint. TOE software, including patch updates, is signed with a DigiCert certificate. Administrators can initiate the software update process through the fat client. The TOE’s uninstallation process results in the deletion of all traces of the application, with the exception of configuration settings, output files, and audit/log events.
The TOE invokes the Windows platform to encrypt all data-in-transit communications between itself and another trusted IT product. The trusted IT products, encryption protocols used, and the purpose of the connection have been described under the “User Data Protection” section above.
SailPoint Technologies, Inc.