Compliant Product - Nessus 10.5.3
Certificate Date: 2023.07.07CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11368-2023
Product Type: Application Software
Conformance Claim: Protection Profile Compliant
PP Identifier: Functional Package for TLS Version 1.1
Protection Profile for Application Software Version 1.4
CC Testing Lab: Leidos Common Criteria Testing Laboratory
The Target of Evaluation (TOE) Nessus 10.5.3 is a software product that is designed to perform remote system scanning to determine configuration and patch levels that may indicate potential vulnerability risks to those systems. It is also designed to deploy, manage, and coordinate instances of the Nessus Agent application that is installed on endpoint systems to collect more detailed scan data than remote scanning can achieve on its own.
In addition to interacting with Nessus Agent applications in its operational environment, Nessus also connects to an environmental instance of Tenable.sc (SecurityCenter) which serves as a single point to aggregate and analyze data collected from various Tenable applications, including Nessus.
The TOE’s scanning and data collection capabilities are outside the scope of the TOE (aside from the trusted channel used to transmit the collected data), as is any other product behavior that is not described in Protection Profile for Application Software and the Functional Package for Transport Layer Security (TLS). The content and execution of plugins is similarly excluded from the TOE, although they are discussed in the context of network communications because the TSF must use platform network resources to acquire them.
The TOE is capable of running on a general-purpose Windows or Linux operating system on standard consumer-grade hardware on either a physical or virtual machine. For the evaluated configuration, the TOE was tested on virtualized instances of Windows Server 2019 and RHEL 8.7, each running on VMware ESXi 6.5 on a system using an AMD Ryzen Threadripper 1950X processor with the Zen microarchitecture.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the Protection Profile for Application Software, Version 1.4 and the Functional Package for Transport Layer Security (TLS), Version 1.1.
The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the guidance documentation, satisfies all of the security functional requirements stated in the Nessus 10.5.3 Security Target. The evaluation was completed in July 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Timely Security Updates
The TOE developer has internal mechanisms for receiving reports of security flaws, tracking product vulnerabilities, and distributing software updates to customers in a timely manner.
The TOE implements cryptography to protect data at rest and in transit.
For data at rest, the TOE stores credential data used to log in to the TOE as well as passphrase data used to protect PKI certificates that the TOE uses to authenticate to environmental components. This stored data is encrypted using AES or a PBKDF, depending on the data that is being stored.
For data in transit, the TOE implements TLS/HTTPS as a server. The TOE implements a TLS server for its administrative interface and to receive communications from other Tenable components in the operational environment.
The TOE implements all cryptography used for these functions using its own implementations of OpenSSL with NIST-approved algorithms. The TOE’s DRBG is seeded using entropy from the underlying OS platform.
User Data Protection
The TOE uses cryptographic mechanisms to protect sensitive data at rest. The key used by the TOE to encrypt and decrypt sensitive data is cryptographically protected by the TOE platform.
The TOE relies on the network connectivity and system log capabilities of its host OS platform. The TOE supports user-initiated, externally-initiated, and application-initiated uses of the network. The TOE also access various system resources as part of conducting system scans. Specifically, the TOE supports remote scanning of a variety of target host systems from network devices to PCs running general-purpose operating systems. For the target system, the TOE can examine externally-visible ports and services. If provided credentials (either by receiving them from Tenable.sc or by direct administrator input), the TOE can authenticate to the target system and utilize platform specific tools such as apt, yum, and WMI to collect more detailed information about the system.
Identification and Authentication
The TOE supports X.509 certificate validation as part of establishing TLS and HTTPS connections. The TOE supports various certificate validity checking methods and can also check certificate revocation status using OCSP. If the validity status of a certificate cannot be determined, the certificate will be accepted. All other cases where a certificate is found to be invalid will result in rejection without an administrative override.
The TOE itself and the configuration settings it uses are stored in locations recommended by the platform vendor for both Windows and Linux application versions.
The TOE includes a web GUI. This interface enforces username/password authentication using locally-stored credentials that are created using the TOE. The TOE does not include a default user account to access its management interface.
The security-relevant management functions supported by the TOE relate to configuration of transmission of system data (through execution of remote scanning) and configuration of transmission of application state information.
The TOE does not handle personally identifiable information (PII) of any individuals.
Protection of the TSF
The TOE enforces various mechanisms to prevent itself from being used as an attack vector to its host OS platform. Each TOE platform version (Windows and Linux) implements address space layout randomization (ASLR), does not allocate any memory with both write and execute permissions, does not write user-modifiable files to directories that contain executable files, is compiled using stack overflow protection, and is compatible with the security features of its host OS platform.
Each TOE platform version contains libraries and invokes system APIs that are well-known and explicitly identified.
The TOE has a mechanism to determine its current software version. Software updates to the TOE can be acquired by leveraging its OS platform. The format of the software update is dependent on the TOE platform version. All updates are digitally signed to guarantee their authenticity and integrity.
The TOE encrypts sensitive data in transit between itself and its operational environment using TLS and HTTPS. It facilitates the transmission of sensitive data from remote users over TLS and HTTPS.