McAfee PASCDE-AB-IA Product Guide - Page 92

Appendix B: Common Criteria requirements

Get McAfee PASCDE-AB-IA - Policy Auditor For Servers PDF manuals and user guides View all McAfee PASCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals

Page 92 highlights

Appendix B: Common Criteria requirements ePolicy Orchestrator software has functional modifications that meet specific Common Criteria requirements. This information is intended for use by government agencies that are required to use only National Information Assurance Partnership (NIAP) Common Criteria validated security products. It describes functional modifications that meet specific Common Criteria requirements, and provides advice on best practices for satisfying those requirements. Server access Physical access to the server must be restricted to authorized personnel that have been adequately trained to manage the system. The server must be located in a physically secure facility with access limited to authorized personnel. Functionality on multiple platforms The combination of ePolicy Orchestrator software and McAfee Policy Auditor software functions identically on all platforms where they operate. Encryption All packages created and distributed by McAfee are signed with a key pair using the DSA (Digital Signature Algorithm) signature verification system, and are encrypted using 168-bit 3DES encryption. A key is used to encrypt or decrypt sensitive data. The ePolicy Orchestrator software repository list (SiteList.xml) file contains the names of all the repositories you are managing. The repository list includes the location and encrypted network credentials that managed systems use to select the repository and retrieve updates. The server sends the repository list to the agent during agent-server communication. The Security Keys page in the ePolicy Orchestrator software allows you to manage encryption for repositories and for agent-server communications. Applications running under the ePolicy Orchestrator software environment use a Secure Socket Layer (SSL) sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks. HTTPS and SSL support the use of X.509 digital certificates from the server so that a user can authenticate the sender. Passwords When a new ePolicy Orchestrator software user is created, the Add New User interface allows for use of NT authentication, which has previously been set at the network level, or a new ePolicy Orchestrator software authentication credential can be created. 92 McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
Appendix B: Common Criteria requirements
ePolicy Orchestrator software has functional modifications that meet specific Common Criteria
requirements.
This information is intended for use by government agencies that are required to use only
National Information Assurance Partnership (NIAP) Common Criteria validated security products.
It describes functional modifications that meet specific Common Criteria requirements, and
provides advice on best practices for satisfying those requirements.
Server access
Physical access to the server must be restricted to authorized personnel that have been
adequately trained to manage the system.
The server must be located in a physically secure facility with access limited to authorized
personnel.
Functionality on multiple platforms
The combination of ePolicy Orchestrator software and McAfee Policy Auditor software functions
identically on all platforms where they operate.
Encryption
All packages created and distributed by McAfee are signed with a key pair using the DSA (Digital
Signature Algorithm) signature verification system, and are encrypted using 168-bit 3DES
encryption. A key is used to encrypt or decrypt sensitive data.
The ePolicy Orchestrator software repository list (SiteList.xml) file contains the names of all the
repositories you are managing.The repository list includes the location and encrypted network
credentials that managed systems use to select the repository and retrieve updates.The server
sends the repository list to the agent during agent-server communication.
The Security Keys page in the ePolicy Orchestrator software allows you to manage encryption
for repositories and for agent-server communications.
Applications running under the ePolicy Orchestrator software environment use a Secure Socket
Layer (SSL) sublayer under regular HTTP application layering. HTTPS encrypts and decrypts
user page requests as well as the pages that are returned by the web server.The use of HTTPS
protects against eavesdropping and man-in-the-middle attacks.
HTTPS and SSL support the use of X.509 digital certificates from the server so that a user can
authenticate the sender.
Passwords
When a new ePolicy Orchestrator software user is created, the Add New User interface allows
for use of NT authentication, which has previously been set at the network level, or a new
ePolicy Orchestrator software authentication credential can be created.
McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6
92