McAfee PASCDE-AB-IA Product Guide - Page 92
Appendix B: Common Criteria requirements
View all McAfee PASCDE-AB-IA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 92 highlights
Appendix B: Common Criteria requirements ePolicy Orchestrator software has functional modifications that meet specific Common Criteria requirements. This information is intended for use by government agencies that are required to use only National Information Assurance Partnership (NIAP) Common Criteria validated security products. It describes functional modifications that meet specific Common Criteria requirements, and provides advice on best practices for satisfying those requirements. Server access Physical access to the server must be restricted to authorized personnel that have been adequately trained to manage the system. The server must be located in a physically secure facility with access limited to authorized personnel. Functionality on multiple platforms The combination of ePolicy Orchestrator software and McAfee Policy Auditor software functions identically on all platforms where they operate. Encryption All packages created and distributed by McAfee are signed with a key pair using the DSA (Digital Signature Algorithm) signature verification system, and are encrypted using 168-bit 3DES encryption. A key is used to encrypt or decrypt sensitive data. The ePolicy Orchestrator software repository list (SiteList.xml) file contains the names of all the repositories you are managing. The repository list includes the location and encrypted network credentials that managed systems use to select the repository and retrieve updates. The server sends the repository list to the agent during agent-server communication. The Security Keys page in the ePolicy Orchestrator software allows you to manage encryption for repositories and for agent-server communications. Applications running under the ePolicy Orchestrator software environment use a Secure Socket Layer (SSL) sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks. HTTPS and SSL support the use of X.509 digital certificates from the server so that a user can authenticate the sender. Passwords When a new ePolicy Orchestrator software user is created, the Add New User interface allows for use of NT authentication, which has previously been set at the network level, or a new ePolicy Orchestrator software authentication credential can be created. 92 McAfee Policy Auditor 6.0 software Product Guide for ePolicy Orchestrator 4.6