Compliant Product - Tenable SecurityCenter 4.4 (SC) and Components: 3D Tool 2.0.1. Log Correlation Engine 3.6 (LCE), Passive Vulnerability Scanner 3.6 (PVS), Nessus 5.0.1, and xTool 2.1
Certificate Date: 01 October 2012
Validation Report Number: CCEVS-VR-VID10443-2012
Product Type: Security Management
Conformance Claim: EAL2 Augmented with ALC_FLR.2
CC Testing Lab: Leidos (formerly SAIC) Common Criteria Testing Laboratory
The Tenable SecurityCenter is a web based management console that unifies the process of vulnerability detection and management, event and log management, compliance monitoring, and provides reports on all of the above. The SecurityCenter enables communication of security events to IT, management, and audit teams. The major components of a SecurityCenter system are SecurityCenter (SC4), the Nessus Vulnerability Scanner (Nessus), Log Correlation Engine (LCE) and the LCE Clients, Passive Vulnerability Scanner (PVS), 3D Tool (3DT), and the xTool.
- SecurityCenter – The SecurityCenter application is the management module that ties all of the other components together and enables enterprise wide vulnerability, event and log management, analysis, and reporting.
- Nessus Vulnerability Scanner – The Nessus Vulnerability Scanner is an active scanner that provides agent-less host auditing of both UNIX and Windows servers. It features network node discovery, asset profiling, and vulnerability analysis. Nessus scanners can be distributed throughout a large network, on DMZs, and across distributed networks. It can be used for ad-hoc scanning, daily scans, and quick-response audits.
- Log Correlation Engine – The Log Correlation Engine aggregates, normalizes, correlates and analyzes event log data from the various devices within the network infrastructure. It is closely integrated with the SecurityCenter, allowing the centralization of log analysis and vulnerability management.
- Passive Vulnerability Scanner – The Passive Vulnerability Scanner continuously monitors network traffic, searching for vulnerable systems, watching for potential application compromises, observing client and server trust relationships, and tracking open or browsed network protocols in use. The Passive Scanner maps new hosts and services as they appear on the network and monitors for vulnerabilities.
- 3D Tool – User interface to SecurityCenter using 3DT for an enhanced view of topology and vulnerability data.
- xTool – User interface to xTool for conversion of XML data files to .audit file formats used by SecurityCenter.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 3. Science Application International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the TOE is EAL 2 augmented with ALC_FLR.2. The TOE, configured as specified in the evaluated configuration guide, satisfies all of the security functional requirements stated in the Security Target and in the Intrusion Detection System System Protection Profile (IDSSYPP), Version 1.7, July 25, 2007. Validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by SAIC. The evaluation was completed in September 2012. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report for Tenable Network Security, Inc., Tenable SecurityCenter 4 and Components prepared by CCEVS.
The TOE is a set of software products that collectively represent a complete intrusion and vulnerability detection system that provides an integrated environment for managing security events and vulnerabilities. The primary TOE components include plug-ins that provide functionality specific to the TOE component allowing the component to be customized for each user environment and to be updated as new vulnerabilities are identified over time. The TOE facilitates the administration and organization of security workflow and management tasks, including automatic reporting to affected parties; division of duties; access control for application data; and update and tracking of vulnerability closure.