Assurance Continuity - Forescout Version 8.4.1
Date of Maintenance Completion: 2023.05.02CC Certificate Validation Report Assurance Activity
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
Original Evaluated TOE: 2022.08.05 - Forescout v8.3
Please note: The above files are for the Original Evaluated TOE. Consequently, they do not refer to this maintained version, although they apply to the maintained version.
Security Target * Assurance Continuity Maintenance Report Administrative Guide
Please note: This serves as an addendum to the VR for the Original Evaluated TOE.
* This is the Security Target (ST) associated with this latest Maintenance Release. To view previous STs for this TOE, click here.
Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product. Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate. Such assurance can only be gained through re-evaluation.
Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary. A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target. Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents.
Each of the changes to “Forescout v8.4.1” was analyzed to determine whether it fell into the categorization of “Major Changes” or “Minor Changes”. The conclusion was that all of the changes were minor and had either minor or no impact on the evaluated product.
The IAR New Features Section contains a table listing the new features that have been added for all releases between the Validated TOE and the Changed TOE along with a brief description of each feature. The New Features table lists 38 new features. Of these, 21 have no impact to the Security Target, the ADV_FSP functional specification, ATE test procedures, or the AGD guidance documentation. There are 15 new features that caused exclusion list in the Security Target to be updated. There are 3 new features that caused the AGD to be updated; one of these also has a feature excluded in the ST.
New Features with no impact on the ST, ADV, ATE, or AGD
1. Forescout Platform 8.4 Pre-Upgrade Verifier
2. Forescout Platform 8.4 Smartcard Group
3. Forescout Platform 8.4 Endpoints Behind NAT/SASE
4. Forescout Platform 8.4 fstool Command: unlock_console_user
5. Forescout Platform 8.4 eyeExtend Connect Version
6. Core Extensions Module 1.4 Active Probing 1.0.1: New Active Probing Plugin
7. Core Extensions Module 1.4 CEF 3.0: Include Syslog Message Header
8. Endpoint Module 1.4 HPS Inspection Engine 11.3
9. Endpoint Module 1.4 Linux 1.7: Additional Requirements
10. Network Module 1.4 Centralized Network Controller 1.4
11. Network Module 1.4 Switch Plugin 8.16: New Switch API for Switch Definition and Management
12. Network Module 1.4 Switch Plugin 8.16: Switch Health Alerts
13. Continuum Platform 8.4.1 Virtual Machine Resources Check
14. Core Extensions Module 1.4.1 Active Probing Plugin 2.0: New Host Properties
15. Core Extensions Module 1.4.1 Active Probing Plugin 2.0: Deprecated Host Properties
16. Endpoint Module 1.4.1 OS X Plugin 2.5.1
17. Network Module 1.4.1 Switch Plugin 8.16.3 Plugin Adds Management of Vendor Switches: DNI
18. Network Module 1.4.1 Switch Plugin 8.16.3 Plugin Adds Management of Vendor Switches: Accton
19. Network Module 1.4.1 Switch Plugin 8.16.3 Plugin Adds Management of Vendor Switches: QuantaMesh
20. Network Controller Plugin 1.2.1: Support for Additional Vendors and Solutions
21. Network Controller Plugin 1.2.1: Assign Cisco ACI Controllers to VLAN
New Features that required an update to the exclusion list in the Security Target
1. Forescout Platform 8.4 Risk Scoring Service
2. Authentication Module 1.4 RADIUS 4.7: Enable SASL Encryption for LDAP Bindings
3. Authentication Module 1.4 RADIUS 4.7: MAC Address Repository (MAR) Expiration and Removal
4. Authentication Module 1.4 RADIUS 4.7: FreeRADIUS Version Upgraded
5. Core Extensions Module 1.4 Admin API 1.0: New Admin API
6. Core Extensions Module 1.4 Device Classification Engine 1.6
7. Hybrid Cloud Module 2.3
8. Cloud Tools Module 1.0.1
9. Continuum Platform 8.4.1 Forescout Cloud Features Onboarding
10. Continuum Platform 8.4.1 Forescout Cloud Features Multifactor Risk Scoring
11. Continuum Platform 8.4.1 Forescout Cloud Features eyeSegment
12. Continuum Platform 8.4.1 Forescout Cloud Features Classification Feedback Dialog
13. Authentication Module 1.4.1 RADIUS Plugin 4.7.2: Addition of Endpoint Attribute for Pre-Admission Authorization Rules
14. Core Extensions Module 1.4.1 Cloud Uploader 1.3.1: Cloud Connectivity Test Results Provide Additional Information
15. Hybrid Cloud Module 2.3.1
New Features requiring updates to the Guidance documentation
1. Core Extensions Module 1.4 Admin API 1.0: New Admin API (feature also added to the exclusion list in the ST)
2. Forescout Continuum Platform 8.4.1 Configure Audit Trail Logging
3. Continuum Platform 8.4.1 CLI User Not Subject to Lockout
Forescout Technologies, Inc.