EAL 3 Evaluation of - Common Criteria

19.06.2014 Views
CCS Certification Report RSA enVision® v4.0 SP 1 TABLE OF CONTENTS Disclaimer..................................................................................................................................................... i Foreword ..................................................................................................................................................... ii Executive Summary.....................................................................................................................................1 1 Identification of Target of Evaluation ..............................................................................................2 2 TOE Description .................................................................................................................................2 3 Evaluated Security Functionality......................................................................................................2 4 Security Target....................................................................................................................................2 5 Common Criteria Conformance........................................................................................................2 6 Security Policy.....................................................................................................................................3 7 Assumptions and Clarification of Scope...........................................................................................3 7.1 SECURE USAGE ASSUMPTIONS .............................................................................................3 7.2 ENVIRONMENTAL ASSUMPTIONS..........................................................................................3 7.3 CLARIFICATION OF SCOPE.....................................................................................................4 8 Architectural Information .................................................................................................................4 9 Evaluated Configuration....................................................................................................................5 10 Documentation ....................................................................................................................................5 11 Evaluation Analysis Activities ...........................................................................................................6 12 ITS Product Testing ...........................................................................................................................7 12.1 ASSESSMENT OF DEVELOPER TESTS.....................................................................................8 12.2 INDEPENDENT FUNCTIONAL TESTING...................................................................................8 12.3 INDEPENDENT PENETRATION TESTING .................................................................................9 12.4 CONDUCT OF TESTING ..........................................................................................................9 12.5 TESTING RESULTS .................................................................................................................9 13 Results of the Evaluation....................................................................................................................9 14 Evaluator Comments, Observations and Recommendations .........................................................9 15 Acronyms, Abbreviations and Initializations.................................................................................10 16 References..........................................................................................................................................10 ___________________________________________________________________________ Version 1.0 22 January 2010 - Page iii of iii -

CCS Certification Report RSA enVision® v4.0 SP 1 Executive Summary The RSA enVision® platform v4.0 SP 1 (hereafter referred to as RSA enVision), from RSA, The Security Division of EMC, is the Target of Evaluation (TOE) for this Evaluation Assurance Level (EAL) 3 augmented evaluation. RSA enVision is a security information event management (SIEM) and log management solution, capable of collecting and analyzing large amounts of data in real-time from an array of event sources. It provides a log management solution for simplifying compliance, enhancing security and risk mitigation, and optimizing IT and network operations through the automated collection, analysis, alerting, auditing, reporting, and security storage of all logs. EWA-Canada is the CCEF that conducted the evaluation. This evaluation was completed on 11 December 2009 and was carried out in accordance with the rules of the Canadian Common Criteria Evaluation and Certification Scheme (CCS). The scope of the evaluation is defined by the security target, which identifies assumptions made during the evaluation, the intended environment for RSA enVision, the security requirements, and the level of confidence (evaluation assurance level) at which the product is intended to satisfy the security requirements. Consumers are advised to verify that their operating environment is consistent with that specified in the security target, and to give due consideration to the comments, observations and recommendations in this certification report. The results documented in the Evaluation Technical Report (ETR) 1 for this product provide sufficient evidence that it meets the EAL 3 augmented assurance requirements for the evaluated security functionality. The evaluation was conducted using the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 2. The following augmentation is claimed: ALC_FLR.2 – Flaw Reporting Procedures. Communications Security Establishment Canada, as the CCS Certification Body, declares that the RSA enVision evaluation meets all the conditions of the Arrangement on the Recognition of Common Criteria Certificates and that the product will be listed on the CCS Certified Products List (CPL) and the Common Criteria portal (the official website of the Common Criteria Project). 1 The ETR is a CCS document that contains information proprietary to the developer and/or the evaluator, and is not releasable for public review. ___________________________________________________________________________ Version 1.0 22 January 2010 - Page 1 of 11 -

Page 1 and 2: Certification Report EAL 3+ Evaluat

Page 3: CCS Certification Report RSA enVisi

Page 7 and 8: CCS Certification Report RSA enVisi




Page 15: CCS Certification Report RSA enVisi

evaluation

envision

certification

criteria

evaluators

january

functional

requirements

assurance

developer

www.cse-cst.gc.ca

EAL 3 Evaluation of - Common Criteria

EAL 3 Evaluation of - Common Criteria ... View more EAL 3 Evaluation of - Common Criteria

Delete template?

Save as template ?

EAL 3 Evaluation of - Common Criteria EAL 3 Evaluation of - Common Criteria