Compliant Product - Tenable Security Center 3.2 (SC3) with 3D Tool 1.2 (3DT), Log Correlation Engine 2.0.2 (LCE), Passive Vulnerability Scanner 3.0 (PVS), and Nessus Scanner 3.0.4 (Nessus)
Certificate Date: 31 January 2010
Validation Report Number: CCEVS-VR-VID10273-2010
Product Type: IDS/IPS, Network Management, Security Management
Conformance Claim: EAL2 Augmented with ALC_FLR.3,AVA_MSU.1
PP Identifier: Intrusion Detection System System Protection Profile, Version 1.6, dated April 4, 2006 (Archived)
CC Testing Lab: Leidos (formerly SAIC) Common Criteria Testing Laboratory
The TOE consists of: Tenable Security Center 3.2 plus Components 3D Tool 1.2 (3DT); Log Correlation Engine 2.0.2 (LCE); Passive Vulnerability Scanner 3.0 (PVS); and Nessus Scanner 3.0.4 (Nessus). The components run on the following hardware: Security Center and LCE on Red Hat Linux ES3 and ES4; the 3D Tool on Windows XP SP3; the PVS on Windows Server 2003 SP2, Windows XP Professional SP3, Red Hat Linux ES3 and ES4; and Nessus on Windows Server 2003 SP2, Windows XP Professional SP3 and Windows Server 2000 SP4, FreeBSD 5 and 6, and Red Hat Linux Enterprise Server 3 and Enterprise Server 4, Debian Linux 3 SuSE 9 and 10, Solaris 10 Sparc, and Mac OS X 10.4.
The Tenable Security Center is a web based management console that unifies the process of vulnerability detection and management, event and log management, compliance monitoring, and provides reports on all of the above. The Security Center enables communication of security events to IT management, and audit teams. The major components of a Security Center system are Security Center (SC3), the Nessus Vulnerability Scanner (Nessus), Log Correlation Engine (LCE) and the LCE Clients, Passive Vulnerability Scanner (PVS), and the 3D Tool (3DT).
- Security Center – The Security Center application is the management module that ties all of the other components together and enables enterprise wide vulnerability, event and log management, analysis, and reporting.
- Nessus Vulnerability Scanner – The Nessus Vulnerability Scanner is an active scanner that provides agent-less host auditing of both UNIX and Windows servers. It features network node discovery, asset profiling, and vulnerability analysis. Nessus scanners can be distributed throughout a large network, on DMZs, and across distributed networks. It can be used for ad-hoc scanning, daily scans, and quick-response audits.
- Log Correlation Engine – The Log Correlation Engine aggregates, normalizes, correlates and analyzes event log data from the various devices within the network infrastructure. It is closely integrated with the Security Center, allowing the centralization of log analysis and vulnerability management.
- Passive Vulnerability Scanner – The Passive Vulnerability Scanner continuously monitors network traffic, searching for vulnerable systems, watching for potential application compromises, observing client and server trust relationships, and tracking open or browsed network protocols in use. The Passive Scanner maps new hosts and services as they appear on the network and monitors for vulnerabilities.
- 3D Tool – The 3D Tool is a 3D Visualization tool that runs on a user workstation and displays network topology and the relative distribution of security information in three dimensions.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the TOE is EAL 2 augmented with ALC_FLR.3 and AVA_MSU.1. The TOE, configured as specified in the evaluated configuration guide, satisfies all of the security functional requirements stated in the Security Target and in the Intrusion Detection System System Protection Profile, Version 1.6, April 4, 2006 (IDSSYPP). Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in January 2010. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Tenable Network Security, Inc., Tenable Security Center 3.2 and Components prepared by CCEVS.
The TOE is a set of software products that collectively represent a complete intrusion and vulnerability detection system that provides an integrated environment for managing security events and vulnerabilities. The primary TOE components include plug-ins that provide functionality specific to the TOE component allowing the component to be customized for each user environment and to be updated as new vulnerabilities are identified over time. The TOE provides administration and organization of security workflow and management tasks, including automatic reporting to affected parties; division of duties; access control for application data; and update and tracking of vulnerability closure.