C128 Certification Report
Trend Micro TippingPoint Threat Protection System
(TPS) v5.5.0
File name: ISCB-5-RPT-C128-CR-v1
Version: v1
Date of document: 16 June 2023
Document classification : PUBLIC
For general inquiry about us or our services,
please email: mycc@cybersecurity.my
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page i of ix
PUBLIC
C128 Certification Report
Trend Micro TippingPoint Threat Protection System
(TPS) v5.5.0
16 June 2023
ISCB Department
CyberSecurity Malaysia
Level 7, Tower 1,
Menara Cyber Axis, Jalan Impact,
63000 Cyberjaya, Selangor, Malaysia
Tel: +603 8800 7999 Fax: +603 8008 7000
http://www.cybersecurity.my
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page ii of ix
PUBLIC
Document Authorisation
DOCUMENT TITLE: C128 Certification Report
DOCUMENT REFERENCE: ISCB-5-RPT-C128-CR-v1
ISSUE: v1
DATE: 16 June 2023
DISTRIBUTION: UNCONTROLLED COPY - FOR UNLIMITED USE AND
DISTRIBUTION
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page iii of ix
PUBLIC
Copyright Statement
The copyright of this document, which may contain proprietary information, is the
property of CyberSecurity Malaysia.
The document shall be held in safe custody.
©CYBERSECURITY MALAYSIA, 2023
Registered office:
Level 7, Tower 1
Menara Cyber Axis
Jalan Impact
63000 Cyberjaya
Selangor Malaysia
Registered in Malaysia – Company Limited by Guarantee
Company No. 201601006881 (726630-U)
Printed in Malaysia
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page iv of ix
PUBLIC
Foreword
The Malaysian Common Criteria Evaluation and Certification (MyCC) Scheme has been
established under the 9th
Malaysian Plan to increase Malaysia’s competitiveness in quality
assurance of information security based on the Common Criteria (CC) standard and to
build consumers’ confidence towards Malaysian information security products.
The MyCC Scheme is operated by CyberSecurity Malaysia and provides a model for licensed
Malaysian Security Evaluation Facilities (MySEFs) to conduct security evaluations of ICT
products, systems and protection profiles against internationally recognised standards.
The results of these evaluations are certified by the Malaysian Common Criteria
Certification Body (MyCB) Unit, a unit established within Information Security Certification
Body (ISCB) Department, CyberSecurity Malaysia.
By awarding a Common Criteria certificate, the MyCB asserts that the product complies
with the security requirements specified in the associated Security Target. A Security
Target is a requirements specification document that defines the scope of the evaluation
activities. The consumer of certified IT products should review the Security Target, in
addition to this certification report, to gain an understanding of any assumptions made
during the evaluation, the IT product's intended environment, its security requirements,
and the level of confidence (i.e., the evaluation assurance level) that the product satisfies
the security requirements.
This certification report is associated with the certificate of product evaluation dated
23 June 2023, and the Security Target (Ref [6]). The certification report, certificate of the
product being evaluated and the security target can be assessed on the MyCC Scheme
Certified Product Register (MyCPR), which is available on the MyCC website at
https://iscb.cybersecurity.my/index.php and these documents are also posted on
Common Criteria Portal at http://www.commoncriteriaportal.org .
Reproduction of this report is authorised provided the report is reproduced in its entirety.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page v of ix
PUBLIC
Disclaimer
The Information Technology (IT) product identified in this certification report and its
associate certificate has been evaluated at an accredited and licensed evaluation facility
established under the Malaysian Common Criteria Evaluation and Certification (MyCC)
Scheme using the Common Methodology for IT Security Evaluation, version 3.1 revision 5
(Ref [3]), for conformance to the Common Criteria for IT Security Evaluation, version 3.1
revision 5 (Ref [2]). This certification report and its associated certificate apply only to the
specific version and release of the product in its evaluated configuration. The evaluation
has been conducted in accordance with the provisions of the MyCC Scheme and the
conclusions of the evaluation facility in the evaluation technical report are consistent with
the evidence adduced. This certification report and its associated certificate is not an
endorsement of the IT product by CyberSecurity Malaysia or by any other organisation that
recognises or gives effect to this certification report and its associated certificate, and no
warranty of the IT product by CyberSecurity Malaysia or by any other organisation that
recognises or gives effect to this certificate, is either expressed or implied.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page vi of ix
PUBLIC
Document Change Log
RELEASE DATE PAGES
AFFECTED
REMARKS/CHANGE REFERENCE
d1 01 June 2023 All Initial draft
v1 16 June 2023 All Final Version
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page vii of ix
PUBLIC
Executive Summary
The Target of Evaluation (TOE) is Trend Micro TippingPoint Threat Protection System (TPS)
v5.5.0. The TOE is a network security platform that offers threat protection, shielding
network vulnerabilities, blocking exploits, and defending against known and zero-day
attacks (Intrusion Prevention System (IPS) capabilities). TPS provides coverage across
various threat vectors, including advanced threats, malware, and phishing attempts. It
employs a combination of technologies, such as deep packet inspection, threat reputation,
and malware analysis, on a flow-by-flow basis, to detect and prevent attacks on the
network.
The scope of the evaluation is defined by the Security Target (Ref[6]) which identifies
assumptions made during the evaluation, the intended environment for the TOE, the
security functional requirements, and the evaluation assurance level at which the product
is intended to satisfy the security requirements. Prospective consumers are advised to
verify that their operating environment is consistent with the evaluated configuration, and
to give due consideration to the comments, observations and recommendations in this
certification report.
This report confirms the findings of the security evaluation of the TOE to the Common
Criteria (CC) Evaluation Assurance Level 2. This report confirms that the evaluation was
conducted in accordance with the relevant criteria and the requirements of the Malaysia
Common Criteria Evaluation and Certification (MyCC) Scheme (Ref [4]).
The evaluation was performed by Securelytics SEF and the evaluation was completed on
26 May 2023.
Malaysia Common Criteria Certification Body (MyCB), as the MyCC Scheme Certification
Body, declares that the TOE evaluation meets all the Arrangements on the Recognition of
Common Criteria certificates and the product will be listed on MyCC Scheme Certified
Products Register (MyCPR) and on Common Criteria Recognition Arrangement portal.
It is the responsibility of the user to ensure that Trend Micro TippingPoint Threat Protection
System (TPS) v5.5.0 meets their requirements. It is recommended that a potential user of
the TOE refer to the Security Target (Ref [6]) and to this Certification Report prior deciding
to purchase the product.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page viii of ix
PUBLIC
Table of Contents
Document Authorisation ................................................................................. ii
Copyright Statement........................................................................................ iii
Foreword ............................................................................................................ iv
Disclaimer ........................................................................................................... v
Document Change Log.................................................................................... vi
Executive Summary......................................................................................... vii
Index of Tables ................................................................................................. ix
Index of Figures................................................................................................ ix
1 Target of Evaluation................................................................ 1
1.1 TOE Description ................................................................................................1
1.7 TOE Identification ..............................................................................................2
1.7 Security Policy ...................................................................................................3
1.4 TOE Architecture .................................................................................................3
1.4.1 Logical Boundaries ..........................................................................4
1.4.2 Physical Boundaries ........................................................................6
1.5 Clarification of Scope.........................................................................................8
1.6 Assumptions ......................................................................................................9
1.6.1 Operational Environmental assumptions...........................................9
1.7 Evaluated Configuration ..................................................................................10
1.8 Delivery Procedures ........................................................................................12
1.8.1 TOE Delivery Procedures .................................................................................12
2 Evaluation................................................................................ 14
2.1 Evaluation Analysis Activities ..........................................................................14
2.1.1 Life-cycle support.................................................................................14
2.1.2 Development .........................................................................................14
2.1.3 Guidance documents ...........................................................................15
2.1.4 IT Product Testing ................................................................................15
3 Result of the Evaluation ....................................................... 22
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page ix of ix
PUBLIC
3.1 Assurance Level Information ...........................................................................22
3.2 Comments/Recommendations ........................................................................22
Annex A References ............................................................................... 24
A.1 References......................................................................................................24
A.2 Terminology...................................................................................................24
A.2.1 Acronyms .......................................................................................................24
A.2.2 Glossary of Terms .........................................................................................25
Index of Tables
Table 1: TOE Identification...........................................................................................................2
Table 2: Security Organisational Policies....................................................................................3
Table 3: TOE Hardware Appliances .............................................................................................6
Table 4: TOE Virtual Machine Appliances...................................................................................7
Table 5: Assumptions for the TOE Environment .......................................................................9
Table 6: Independent Functional Test ......................................................................................16
Table 7: List of Acronyms...........................................................................................................24
Table 8: Glossary of Terms.........................................................................................................25
Index of Figures
Figure 1 – Sample TPS Network Deployment Scenario ...........................................................11
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 1 of 26
PUBLIC
1 Target of Evaluation
1.1 TOE Description
1 The Target of Evaluation (TOE) is the Trend Micro TippingPoint Threat Protection System
(TPS) v5.5.0. It may also be referred to as TippingPoint Threat Protection System or
simply TPS. TPS is a network security platform that offers threat protection, shielding
network vulnerabilities, blocking exploits, and defending against known and zero-day
attacks (Intrusion Prevention System (IPS) capabilities).
2 TPS provides coverage across various threat vectors, including advanced threats,
malware, and phishing attempts. It employs a combination of technologies, such as
deep packet inspection, threat reputation, and malware analysis, on a flow-by-flow basis,
to detect and to prevent attacks on the network.
3 The product consists of the Threat Suppression Engine (TSE), Traffic Management filters,
and Digital Vaccine (DV) filters that provide threat protection, shielding network
vulnerabilities, blocking exploits, and defending against known and zero-day attacks.
4 The TOE’s specialized hardware-based traffic classification engines enable the IPS to
filter accurately at gigabit speeds and microsecond latencies. Unlike software-based
systems whose performance may be affected by the number of filters installed, the
scalable capacity of the TOE’s hardware engine allows thousands of filters to run
simultaneously with no impact on performance or accuracy. The TOE was evaluated as
an IPS network device and does not include evaluation of the aforementioned speed or
latency claims.
5 The TPS version 5.5.0 appliances included in the evaluation are TPS 1100TX, TPS
5500TX, TPS 8200TX, TPS 8400TX, and vTPS. Each physical appliance includes an RJ-45
console port and a 1 GbE copper management port. The 8200TX and 8400TX devices
are high-end systems that are designed for network environments requiring up to 40
Gbps of inspection throughput. The 1100TX and 5500TX devices support the same I/O
modules as the 8200TX and 8400TX so these models can support the same capacity on
a per-module basis, but they have fewer module slots for a reduced overall performance
capacity. The concept of IO modules is not applicable to the vTPS model which has two
virtual data ports.
6 The vTPS model is a virtual appliance supported on VMware and KVM. Each virtual
platform supports a virtual serial console and virtual Ethernet management port. Each
virtual appliance deployed in normal mode provides 500 Mbps IPS inspection
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 2 of 26
PUBLIC
throughput with two vCPUs or 1 Gbps IPS inspection throughput with three vCPUs. When
deployed in Performance mode, six vCPUs provide 2 Gbps IPS inspection throughput.
Each vTPS supports one vNIC (Vmware) or one bridge interface (KVM) for management.
7 All models (hardware and virtual) provide the same security protections and support all
the functionality specified in this ST.
8 The TOE provides intrusion prevention services including monitoring, collection,
inspection, analyzation, and reaction capabilities applied to network traffic in real-time.
The TOE reconstructs and inspects flow payloads by parsing the traffic at the application
layer. As each new packet of the traffic flow arrives, the engine re-evaluates the traffic
for malicious content. The instant the engine detects malicious traffic, it blocks all
current and all subsequent packets pertaining to the traffic flow. The blocking of the
traffic and packets ensures that the attack never reaches its destination. The TOE
provides authorized administrators with a CLI accessible via SSH to manage the TOE and
its IPS functions and to monitor, collect, log, and react in real-time to potentially
malicious network traffic. Evaluation of the IPS services focuses on inspecting the Ipv4
and Ipv6 traffic (TCP, UDP, ICMP, etc.).
9 The TOE uses NIST validated cryptographic algorithms and must be configured to
operate in FIPS mode in order to use them.
1.7 TOE Identification
10 The details of the TOE are identified in Table 1: TOE Identification below.
Table 1: TOE Identification
Evaluation Scheme
Malaysian Common Criteria Evaluation and Certification
(MyCC) Scheme
Project Identifier C128
TOE Name Trend Micro TippingPoint Threat Protection System (TPS)
TOE Version V5.5.0
Security Target Title
Trend Micro TippingPoint Threat Protection System (TPS)
v5.5.0 Security Target
Security Target Version V1.0
Security Target Date 22 May 2023
Assurance Level Evaluation Assurance Level 2
Criteria
Common Criteria for Information Technology Security
Evaluation, April 2017, Version 3.1, Revision 5 (Ref [2])
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 3 of 26
PUBLIC
Methodology
Common Methodology for Information Technology
Security Evaluation, April 2017, Version 3.1, Revision 5
(Ref [3])
Protection Profile
Conformance
None
Common Criteria
Conformance
CC Part 2 Extended
CC Part 3 Conformant
Package conformant to EAL 2
Sponsor
Leidos Inc.
6841 Benjamin Franklin Drive, Columbia, Maryland 21046,
The United States of America
Developer
Trend Micro Incorporated
11305 Alterra Parkway, Austin, Texas 78758 USA
Evaluation Facility
Securelytics SEF
A-19-06, Tower A,
Atria SOFO Suites,
Petaling Jaya, Selangor Darul Ehsan
1.7 Security Policy
11 There are two (2) organisational security policies defined regarding the use of TOE.
Table 2: Security Organisational Policies
Policies Statement
P.ACCESS_BANNER The TOE shall display an initial banner describing restrictions
of use, legal agreements, or any other appropriate information
to which users consent by accessing the TOE.
P.ANALYZE Analytical processes and information to derive conclusions
about potential intrusions must be applied to IPS data and
appropriate response actions taken.
1.4 TOE Architecture
12 The TOE consists of logical and physical boundaries which are described in Section 2.2
of the Security Target (Ref [6]).
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 4 of 26
PUBLIC
1.4.1 Logical Boundaries
13 The logical boundary of the TOE is summarized below:
• Security Audit
The TOE is able to generate audit records for security relevant events including
IPS-related events. The TOE can be configured to store the audit records locally
on the TOE and can also be configured to send the logs to a designated external
log server. The audit records in local audit storage cannot be modified or
deleted. In the event the space available for storing audit records locally is
exhausted, the TOE deletes the oldest historical log file, renames the current log
file to be a historical file, and creates a new current log file. The TOE will write a
warning to the audit trail when the space available for storage of audit records
exceeds 75% space remaining threshold.
• Cryptographic Support
The TOE is operated in FIPS mode and includes FIPS-approved and NIST-
recommended cryptographic algorithms. The TOE provides cryptographic
mechanisms for symmetric encryption and decryption, cryptographic signature
services, cryptographic hashing services, keyed-hash message authentication
services, deterministic random bit generation seeded from a suitable entropy
source, and key zeroization/destruction. The cryptographic mechanisms
support SSH used for secure communication, both as client and server.
• Identification & Authentication
The TOE requires users (i.e., administrators) to be successfully identified and
authenticated before they can access any security management functions
available in the TOE. The TOE offers both a locally connected console and a
network accessible interface over SSH to support administration of the TOE.
The TOE supports the local (i.e., on device) definition of administrators with
usernames and passwords. When a user is authenticated at the local console, no
information about the authentication data (i.e., password) is echoed to the user.
Passwords can be composed of any combination of upper and lower case letters,
numbers, and the following special characters: !; @; #; $; %; ^; &; *; (; ); ,; .; ?; <;
>; and /.
The TOE provides authentication failure handling for remote administrator
access. When the defined number of unsuccessful authentication attempts has
been reached, the remote administrator accessing the TOE via SSH is locked out
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 5 of 26
PUBLIC
for an administrator configurable period of time. Authentication failures by
remote administrators cannot lead to a situation where no Administrator access
is available to the TOE since administrator access is still available via local
console.
• Security Management
The TOE provides administrator roles and supports local and remote
administration. The TOE supports Super User, Admin, and Operator roles that
together comprise the Security Administrator role. Each user must be assigned
a role in order to perform any management action. The TOE provides authorized
administrators with a CLI accessible via SSH or locally through the console
interface for TOE configuration and to monitor, collect, log, and react in real-
time to potentially malicious network traffic.
• Protection of the TSF
The TOE protects sensitive data such as stored passwords and cryptographic
keys so that they are not accessible even by an administrator. It also provides its
own timing mechanism that ensures reliable time information is available.
The TOE provides mechanisms to view the current version of the TOE and to
install updates of the TOE software. TOE updates are initiated manually by the
Super User or Admin, who can verify the integrity of the update prior to
installation using a digital signature.
The TOE performs tests for software module integrity and cryptographic known-
answer tests.
• TOE Access
The TOE implements administrator-configurable session inactivity limits for local
interactive sessions at the console and for SSH sessions. The TOE will terminate
such sessions when the inactivity period expires. In addition, administrators can
terminate their own interactive sessions by logging out at the console and SSH.
The TOE supports an administrator-configurable TOE access banner that is
displayed prior to a user completing the login process at the CLI. This is
implemented for both local and remote management connections (console, SSH).
• Trusted path/channels
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 6 of 26
PUBLIC
The TOE protects interactive communication with remote administrators using
SSH. SSH ensures confidentiality of transmitted information and detects any loss
of integrity.
The TOE also uses SSH to protect the transmission of audit records to an external
audit server.
• Intrusion Prevention System
The TOE provides intrusion prevention services including collection, inspection,
analyzation, and reaction capabilities applied to network traffic in real-time.
1.4.2 Physical Boundaries
14 The TOE is a self-contained hardware appliance or VM with TPS 5.5.0 software. The
following table identifies the hardware appliance models included in the TOE.
Table 3: TOE Hardware Appliances
Device Main Processor Storage Network Ports Operating System /
Software
TPS1100TX Intel Pentium D-1517
(Broadwell with
AES-NI) CPU / 4
Cores, 8 Threads,
1.6GHz, 25W TDP
Storage = 8GB
CFAST (Internal)
/ 8GB (External)
One IOM Slot Hot-
Swappable
Up to 6 1GE
Segments, Up to 4
10GE Segments, 1
40GE Segment
Linux-4.14.76-yocto-
standard
OpenSSL 1.0.2l-fips
TPS5500TX Intel Xeon D-1559
(Broadwell with
AES-NI) CPU / 12
Cores, 24 Threads,
1.5GHz, 45W TDP
Storage = 32GB
CFAST (Internal)
/ 32GB (External)
Two IOM Slots, Hot-
Swappable
Up to 12 1GE
Segments, Up to 8
10GE Segments, Up
to 2 40GE Segments
Linux-4.14.76-yocto-
standard
OpenSSL 1.0.2l-fips
TPS8200TX 2x Intel Xeon E5-
2648Lv3 (with AES-
NI) CPUs / 12 Cores,
24 Threads, 1.8GHz,
75W TDP
Storage = 32GB
CFAST (Internal)
/ 32GB (External)
Four IOM Slots, Two
Hot-Swappable
Up to 12 1GE
Segments, Up to 8
10GE Segments, Up
to 2 40GE Segments
Linux-4.14.76-yocto-
standard
OpenSSL 1.0.2l-fips
TPS 8400TX 2x Intel Xeon E5-
2648Lv3 (with AES-
NI) CPUs / 12 Cores,
24 Threads, 1.8GHz,
75W TDP
Storage = 32GB
CFAST (Internal)
/ 32 GB (External)
Four IOM Slots, Hot-
Swappable
Up to 24 1GE
Segments, Up to 16
10GE Segments, Up
to 4 40GE Segments
Linux-4.14.76-yocto-
standard
OpenSSL 1.0.2l-fips
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 7 of 26
PUBLIC
15 The TippingPoint vTPS is deployed between layer 2 (L2) broadcast domains (virtual
switches) using an image with either “Normal” or “Performance” options. Performance
option offers an increased capacity for vCPUs and threading.
16 Virtual Machine appliance TOEs consist of TPS v5.5.0, including Linux-4.14.76-yocto-
standard and OpenSSL 1.0.2l-fips and requires the following:
Table 4: TOE Virtual Machine Appliances
Device Image Number
of
vCPUs
Memory Disk Operating System /
Software
vTPS Normal Option:
• Vmware:
vTPS_vmw_5.5.0_xxxx.z
ip
Or
• KVM:
vTPS_kvm_5.5.0_xxxx.ta
r.gz
2– 3 8GB 16.2GB ESXi Hypervisor version:
Version 6.7 or 7.0.2 (only
paid versions supported)
or
RHEL version 7.1 KVM
Performance Option:
• Vmware:
vTPS_vmw_5.5.0_xxxx.z
ip
Or
• KVM:
vTPS_kvm_5.5.0_xxxx.tar.
gz
6 16GB 16.2GB ESXi Hypervisor version:
Version 6.7 or 7.0.2 (only
paid versions supported)
or
RHEL version 7.1 KVM
vTPS virtual appliances are supported on hosts with Intel Haswell-based or Ivy Bridge-
based microprocessors.
17 Software Requirements
The TOE virtual (VM) appliances are delivered as an installation disk (or ISO image). They
require that the following are installed on the host hardware system:
•Vmware ESXi 6.7 or 7.0.2 (only paid versions supported)
•RHEL version 7.1 KVM
18 Additional Hardware Requirements
•External audit storage requires the use of syslog servers.
•An administrative workstation or terminal emulator equipped with SSH client software.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 8 of 26
PUBLIC
19 Exclusions
- The TippingPoint Threat Protection System solution includes Local Security
Management (LSM) and Security Management System (SMS) components that
provides remote administrative management. In the evaluated configuration, all
management must be performed using the CLI.
- The Digital Vaccine service is provided by the TOE developer and assumed to be a
trusted service. It may be used in the evaluated configuration; however it is not
included in the TOE itself and therefore no claims are made about its ability to
provide adequate or timely filter updates.
- The TPS devices can be configured to use sFlow record emission to sample a random
flow of traffic and send the data to a collector server for analysis. Sflow and collector
services are excluded from the evaluated configuration and must not be configured
or used.
- Two TippingPoint Threat Protection appliances can be installed in a redundant
network configuration. This system configuration provides High Availability (HA),
ensuring that the network traffic always flows at wire speeds in the event of any
internal hardware or software failure on the device. HA configurations are not
covered in the scope of the evaluation.
- TippingPoint Threat Protection appliances can be installed in a stacking
configuration. Stacking enables an organization to increase the overall inspection
capacity of the TPS by grouping multiple TX Series devices and pooling their
resources. Stacking configurations are not included in the evaluated configuration.
The devices are being evaluated in a standalone configuration.
- Optional bypass I/O modules are available for the 1100TX, 5500TX, 8200TX, and
8400TX security devices that provide high availability for copper and fiber segments.
These modules are not included in the TOE and must not be used in the evaluated
configuration.
1.5 Clarification of Scope
20 The TOE is designed to be suitable for use in accordance with user guidance that is
supplied with the product.
21 Section 1.4 of this document describes the scope of the evaluation, which is limited to
those claims made in the Security Target (Ref [6]).
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 9 of 26
PUBLIC
22 Potential consumers of the TOE are advised that some functions and services of the
overall product have not been evaluated as part of this evaluation. Potential consumers
of the TOE should carefully consider their requirements for using functions and services
outside of the evaluated configuration.
1.6 Assumptions
23 This section summarises the security aspects of the environment/configuration in which
the product is intended to operate. Consumers should understand the requirements for
secure operation of the TOE as defined in the Security Target (Ref [6]).
1.6.1 Operational Environmental assumptions
24 Assumptions for the TOE environment as described in the Security Target (Ref [6]):
Table 5: Assumptions for the TOE Environment
Environment Statement
A.ADMIN_CREDENTIALS_SECURE The administrator’s credentials (private key)
used to access the network device are
protected by the platform on which they reside.
A.CONNECTIONS It is assumed that the TOE is connected to
distinct networks in a manner that ensures that
the TOE security policies will be enforced on all
applicable network traffic flowing among the
attached networks.
A.LIMITED_FUNCTIONALITY The device is assumed to provide networking
functionality as its core function and not
provide functionality/services that could be
deemed as general purpose computing. For
example the device should not provide
computing platform for general purpose
applications (unrelated to networking
functionality).
A.PHYSICAL_PROTECTION The network device is assumed to be physically
protected in its operational environment and
not subject to physical attacks that
compromise the security and/or interfere with
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 10 of 26
PUBLIC
the device’s physical interconnections and
correct operation. This protection is assumed
to be sufficient to protect the device and the
data it contains.
A.TRUSTED_ADMINISTRATOR The authorized administrator(s) for the
network device are assumed to be trusted and
to act in the best interest of security for the
organization. This includes being appropriately
trained, following policy, and adhering to
guidance documentation. Administrators are
trusted to ensure passwords/credentials have
sufficient strength and entropy and to lack
malicious intent when administering the
device. The network device is not expected to
be capable of defending against a malicious
administrator that actively works to bypass or
compromise the security of the device.
A.REGULAR_UPDATES The network device firmware and software is
assumed to be updated by an administrator on
a regular basis in response to the release of
product updates due to known vulnerabilities.
1.7 Evaluated Configuration
25 This section describes the evaluated configurations of the TOE that are included within
the scope of the evaluation.
26 As stated in the ST (Ref. [6]) the TOE consists of a single standalone hardware or virtual
appliance, each with v5.5.0. The hardware appliances are provided with the software
and standard I/O modules pre-installed.
27 The TOE is a standalone hardware or virtual appliance and comprises one main
subsystem providing the TOE Security Functions (TSFs). The TippingPoint Threat
Protection System subsystem consists as following:
• TippingPoint appliance hardware or virtual machine – appliances include the TPS
5.5.0 software and a hardened Linux-4.14.76-yocto-standard operating system.
All hardware models also include external user disk memory (CFast or SSD) while
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 11 of 26
PUBLIC
the vTPS virtual appliances have a single-disk architecture with either an 8-GB
user disk partition (for standard) or 16-GB user disk partition (for Performance).
The TX hardware models include standard I/O modules used to receive and
transmit packets for the threat detection functions. The concept of IO modules
is not applicable to vTPS which has two virtual data ports. It also incorporates an
OpenSSL cryptographic module to provide support respectively for Secure Shell
(SSH) cryptographic protocols. The TPS subsystem provides all of the TSF
including the Intrusion Prevention System (IPS) capabilities provided by the
included Threat Suppression Engine (TSE), Traffic Management filters, and
Digital Vaccine (DV).
28 Communication between the TPS and remote syslog server is secured using SSH.
29 The TOE provides a trusted path for administrators of the TOE to communicate with the
TOE. The trusted path is implemented using SSH for access to the CLI. Administrators
initiate the trusted path to the CLI by establishing an SSH connection using an SSH client
(e.g., putty). The CLI can also be accessed via direct access to the TOE.
30 A sample deployment scenario is as follows.
Figure 1 – Sample TPS Network Deployment Scenario
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 12 of 26
PUBLIC
1.8 Delivery Procedures
31 The evaluators examined the delivery documentation and determined that it describes
all procedures that are necessary to maintain security when distributing versions of the
TOE or parts of it to the consumer.
32 The evaluators also examined the aspects of the delivery process and determined that
the delivery procedures are used.
1.8.1 TOE Delivery Procedures
33 Delivery requirements call for system controls and procedures that provide assurance
in the delivery of the TOE without any undetected tampering or interference. For a valid
delivery, what is received by the end customer must correspond precisely to the TOE
master copy, thus avoiding any tampering with the actual version, or substitution of a
false version. Several procedures are necessary to maintain security when distributing
versions of the TOE or parts of it to a user’s site.
1.8.2 Delivery to Customers
34 Hardware
Once a hardware appliance instance of the TOE is manufactured, it is securely packaged.
Packaging tape is used to seal the packages containing the TOE hardware appliance and
associated accessory kit. The manufacturing facility (Benchmark Phoenix) sends the
packaged TOE appliance to Trend’s Distribution Center (DB Schenker Dallas). The Trend
Distribution Center holds the packaged TOE appliances in a secure area before an order
is shipped to prevent tampering. When an order for the TOE is received, the Trend
Distribution Center uses a private distribution service (e.g., UPS) to distribute the
package to the customer. On every TOE chassis, a security label has been affixed to
ensure that the chassis is not tampered with. If the unit is opened, then the label is
broken, indicating the unit may have been tampered with and all warranties are void.
35 Software Downloads and Updates
As part of the delivery process, TOE software updates are posted on the Threat
Management Center (TMC) website (https://tmc.tippingpoint.com). This site requires
authentication via the customer assigned credentials. The download and update process
is as follows:
• TOE “packages” are downloaded from TMC via a TLS connection. The
package files are encrypted. A public/private key system is used for the
encryption.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 13 of 26
PUBLIC
• When the package is loaded onto the device, key exchanges occur and the
package is unpacked, provided the keys match. If they don’t, log entries are
generated indicating there was a problem with the package.
• After the software updates, a reboot is needed. At this point, an MD5
checksum occurs to ensure the package is not corrupt.
• For Digital Vaccine (DV) updates, the MD5 checksum occurs during the
installation of the DV (reboots are not needed for DVs).
When product updates are released, a release e-mail is sent out to customers to notify
them of the update availability. TPS virtual appliance (vTPS) images are made available
on TMC. These are downloaded by the customer via a TLS connection. The image itself
is signed using Trend Micro certificate. The customers install the image into their own
server hardware running supported hypervisors.
1.8.3 Method of Packaging and Shipment
36 Packaging
Trend Micro packages and labels the product in accordance with the current bill of
material (BOM) and any applicable package specification for the product to be shipped.
All products are enclosed in cardboard shipping boxes and sealed with tape. A shipping
label identifying the exact product (including the serial number for the included device)
and the customer name is provided on the outside of the shipping box.
Each hardware device is wrapped in a plastic bag and sealed with a warning label. The
device cannot be removed from the plastic bag without damaging either the bag or the
label.
37 Shipping
Trend Micro employs its current default carrier to deliver the product to customers.
Trend Micro determines the best carrier, routing, and cost for the shipment.
Trend Micro’s default carrier is currently UPS. Unless otherwise specified, all items are
sent via UPS.
38 Tracking
Packages are tracked via the carrier’s tracking numbers. The tracking number allows
any party to find the status of the package either by calling the toll-free number or
logging into the website. Tracking numbers are only provided to customers upon
request.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 14 of 26
PUBLIC
2 Evaluation
39 The evaluation was conducted in accordance with the requirements of the Common
Criteria, version 3.1 Revision 5 (Ref [2]) and the Common Methodology for IT Security
Evaluation (CEM), version 3.1 Revision 5 (Ref [3]). The evaluation was conducted at
Evaluation Assurance Level 2. The evaluation was performed conformant to the MyCC
Scheme Requirement (MyCC_REQ) (Ref [4]) and ISCB Evaluation Facility Manual
(ISCB_EFM) (Ref [5]).
2.1 Evaluation Analysis Activities
40 The evaluation activities involved a structured evaluation of the TOE, including the
following components:
2.1.1 Life-cycle support
41 An analysis of the TOE configuration management system and associated
documentation was performed. The evaluators found that the configuration items were
clearly and uniquely labelled, and that the access control measures as described in the
configuration management documentation are effective in preventing unauthorised
access to the configuration items. The developer’s configuration management system
was evaluated, and it was found to be consistent with the provided evidence.
42 The evaluators examined the delivery documentation and determined that it described
all of the procedures required to maintain the integrity of the TOE during distribution
to the consumer.
2.1.2 Development
43 The evaluators analyzed the TOE functional specification; they determined that the
design completely and accurately describes the TOE security functionality interfaces
(TSFIs), and how the TOE security function (TSF) implements the security functional
requirements (SFRs).
44 The evaluators examined the TOE design specification; they determined that the
structure of the entire TOE is described in terms of subsystems. They also determined
that, it provides a complete, accurate, and high-level description of the SFR-enforcing
behavior of the SFR-enforcing subsystems.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 15 of 26
PUBLIC
45 The evaluators examined the TOE security architecture description; they determined
that the information provided in the evidence is presented at a level of detail
commensurate with the descriptions of the SFR-enforcing abstractions contained in the
functional specification and TOE design.
46 At the end, the evaluators confirmed that all the requirements for this class were fulfilled
and passed.
2.1.3 Guidance documents
47 The evaluators examined the TOE preparative user guidance and operational user
guidance, and determined that it sufficiently and unambiguously described how to
securely transform the TOE into its evaluated configuration, and how to use and
administer the product in order to fulfil the security objectives for the operational
environment. The evaluators examined and tested the preparative and operational
guidance, and determined that they were complete and sufficiently detailed to result in
a secure configuration.
48 The evaluators confirmed that the TOE guidance has fulfilled all the requirements and
passed for this class.
2.1.4 IT Product Testing
49 Testing at EAL 2 consists of assessing developer tests, performing independent
functional test, and conducting penetration tests. The TOE testing was conducted by
Securelytics SEF. The detailed testing activities, including configurations, procedures,
test cases, expected results and actual results are documented in a separate Test Plan
Report.
2.1.4.1 Assessment of Developer Tests
50 The evaluators verified that the developer has met their testing responsibilities by
repeating some developer test, as documented in the Evaluation Technical Report (Ref
[7]) (not a public document because it contains information proprietary to the developer
and/or the evaluator). The results of the evaluators’ tests are consistent with the
developers’ test results defined in their evaluation evidences submitted.
2.1.4.2 Independent Functional Testing
51 At EAL 2, independent functional testing is the evaluation conducted by evaluators
based on the information gathered by examining design and guidance documentation,
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 16 of 26
PUBLIC
examining developer’s test documentation, executing a subset of the developer’s test
plan, and creating test cases that are independent of the developer’s tests.
52 All testing was planned and documented to a sufficient level of detail to allow
repeatability of the testing procedures and results. The results of the independent
functional tests were recorded by the evaluators and are consistent with the expected
test results in the test documentation.
Table 6: Independent Functional Test
Test ID
Description
Security
Function
Results
F001 –
Identification
and
Authentication
1. To test that the TOE requires each user
to be successfully identified and
authenticated before allowing any other
TSF-mediated actions on behalf of that
user
2. To test the TSF’s ability to detect when
unsuccessful authentication attempts
occur related to administrators
attempting to authenticate remotely using
a password.
3. To test the TSF’s ability to provide the
password management capabilities meet
FIA_PMG_EXT.1 requirements
4. To test the TSF’s ability to provide only
obscured feedback to the administrative
user while the authentication is in progress
at the local console.
5. To test the TSF’s ability to provides local
password-based and SSH public key-based
authentication for administrative user
authentication.
FIA_AFL.1
FIA_PMG_EXT.1
FIA_UAU.7
FIA_UAU_EXT.2
FIA_UIA_EXT.1
Passed.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 17 of 26
PUBLIC
Test ID
Description
Security
Function
Results
F002 –
Security
Management
1. To test that the TOE capable of
performing the management function
meets FMT_SMF.1.1/Core requirements.
2. To test the TSF’s ability to restrict the
functions to Security Administrators to
perform manual updates, modify behavior,
and manage data.
FMT_MOF.1/Ma
nualUpdate
FMT_MOF.1/Fu
nctions
FMT_MTD.1 &
FMT_SMF.1/Co
re
FMT_SMF.1/IPS
FMT_SMR.2
Passed.
F003 –
Security Audit
1. To test that the TOE able to generate
record within each audit record and IPS
records for the auditable
2. To test that the TOE able to provide
reliable time
3. Stamps
4. To test that TSF be able to transmit
audit data to external IT entities using a
trusted channel.
5. To test that the TSF able to generate a
warning to inform the Administrator
before the audit trail exceeds storage
capacity
FAU_GEN.1/Au
dit
FAU_GEN.2
FAU_GEN.1/IPS
FAU_STG.1
FAU_STG_EXT.1
FAU_STG_EXT.3
FTP_ITC.1
Passed.
F004 –
Cryptographic
Support and
Trusted Path
1. To test the TSF able to implement SSH
protocol that complies to FCS_SHC_EXT.1
and FCS_SHC_EXT.1
2. To test that TSF able to ensure that SSH
transport implementation uses encryption
algorithms defined in FCS_SHC_EXT.1 and
FCS_SHC_EXT.1.
3. To test that the TSF shall ensure that
the SSH transport implementation uses
hmac-sha1, hmac-sha2-256, hmac-sha2-
512 as its data integrity MAC algorithms
and rejects all other MAC algorithms.
FCS_COP.1/Dat
aEncryption
FCS_COP.1/Has
h
FCS_COP.1/Key
edHash,
FCS_RBG_EXT.1
FCS_SHC_EXT.1
FCS_SHS_EXT.1
Passed.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 18 of 26
PUBLIC
Test ID
Description
Security
Function
Results
4. To test that TSF able to ensure that the
SSH client authenticates the identity of the
SSH server using a local database
associating each host name with its
corresponding public key as described in
RFC 4251 section 4.1.
5. To test that TSF able to provide a trusted
communication channel that is distinct
from other channels and provides assured
identification of its end points and
protection of channel data from
modification or disclosure.
6. To test that the TOE permits remote
users to initiate communication via the
trusted path
7. To test that TSF shall initiate
communication via the trusted channel for
transmitting audit records to an external
audit server.
Passed.
F005 – TSF
Protection
1. To test that TSF able to store
administrative passwords in non-plaintext
form
2. To test that TSF able to prevent reading
of all pre-shared keys, symmetric key, and
private keys.
3. To test that TSF able to provide reliable
time stamps for its own use.
4. To test TSF's ability to run self-tests to
demonstrate correct operation.
FPT_APW_EXT.
1
FPT_SKP_EXT.1
FPT_STM_EXT.1
FPT_TST_EXT.1
FPT_TUD_EXT.1
Passed.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 19 of 26
PUBLIC
Test ID
Description
Security
Function
Results
5. To test that TSF able to provide
Security Administrators the ability
• to query the currently executing
version of the TOE firmware/software
• ability to manually initiate updates to
TOE firmware/software
6. To test that TSF able to provide a
digital signature to authenticate
firmware/software updates to the TOE.
F006 – TOE
Access
1. To test that TSF able to terminate local
and remote interactive sessions after an
inactivity time interval.
2. To test that TSF allow Administrator
initiated termination of the
Administrator’s own interactive session
3. To test that TSF can display a Security
Administrator-specified warning message
before establishing an administrative user
session.
FTA_SSL.3
FTA_SSL.4
FTA_TAB.1
FIA_UIA_EXT.1
Passed.
F007 –
Intrusion
Prevention
System
1. To test that TSF able to support the
definition of anomaly activity
2. To test that TSF able to allow the
operations to be associated with anomaly-
based IPS policies complies to
IPS_ABD_EXT.1.3.
3. To test that TSF able to configure and
implement known-good and known-bad IP
addresses.
4. To test that TSF allows Security
Administrators to configure IPS policy
elements.
5. To test that TSF able to analyse IP-based
network traffic and detect violations of IPS
policies.
IPS_ABD_EXT.1
IPS_IPB_EXT.1
IPS_NTA_EXT.1
IPS_SBD_EXT.1
Passed.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 20 of 26
PUBLIC
Test ID
Description
Security
Function
Results
6. To test that TSF able to inspect network
traffic protocols to satisfy
IPS_NTA_EXT.1.2
7. To test that TSF able to assign
signatures to promiscuous and inline
sensor interfaces and designate one or
more interfaces as 'management' for
communication between TOE and external
entities.
8. To test that TSF able to inspect packet
header contents and header fields.
9. To test that TSF able inspect packet
payload data to perform string-based
pattern-matching.
10. To test that TSF able to detects
header-based signatures at IPS sensor
interfaces.
11. To test that TSF able to detect and
apply traffic-pattern detection signatures
to IPS sensor interfaces.
12. To test that TSF allows operations to
be associated with signature-based IPS
policies.
13. To test that TSF able to detect
malicious payload even if it is split across
multiple packets.
53 All testing performed by evaluators produced the expected results and as such the TOE
behaved as expected.
2.1.4.3 Vulnerability Analysis
54 The evaluators performed a vulnerability analysis of the TOE in order to identify
potential vulnerabilities in the TOE. This vulnerability analysis considered public domain
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 21 of 26
PUBLIC
sources and an analysis of guidance documentation, functional specification, TOE
design, and security architecture description.
55 From the vulnerability analysis, the evaluators conducted penetration testing to
determine that the TOE is resistant to attack performed by an attacker possessing a
basic attack potential. The following factors have been taken into consideration during
penetration tests:
a) Time taken to identify and exploit (elapsed time);
b) Specialist technical expertise required (specialised expertise);
c) Knowledge of the TOE design and operation (knowledge of the TOE);
d) Window of opportunity; and
e) IT hardware/software or other equipment required for exploitation
2.1.4.4 Vulnerability testing
56 The penetration tests focused on:
a) Connectivity Check
b) Traceroute IP
c) Port Scanning
d) Banner Grabbing
e) Nessus Scanning
f) Packet Crafting
g) Vulnerability Dependency Check
h) UDP Flooding Attack
57 The result of the penetration testing noted that there is no residual vulnerability found.
However, it is important to ensure that the TOE is used only in its evaluated
configuration and in a secure environment as specified in the Security Target (Ref [6]).
2.1.4.5 Testing Results
58 Tests conducted for the TOE produced the expected results and demonstrated that the
product behaved as specified in its Security Target and its functional specification.
Therefore, the certifiers confirmed that all the test conducted were PASSED as expected.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 22 of 26
PUBLIC
3 Result of the Evaluation
59 After due consideration during the oversight of the execution of the evaluation by the
certifiers and of the Evaluation Technical Report (Ref [7]), the Malaysian Common
Criteria Certification Body certifies the evaluation of Trend Micro TippingPoint Threat
Protection System (TPS) v5.5.0 which is performed by Securelytics SEF.
60 Securelytics SEF found that Trend Micro TippingPoint Threat Protection System (TPS)
v5.5.0 upholds the claims made in the Security Target (Ref [6]) and supporting
documentations and has met the requirements of the Common Criteria (CC) Evaluation
Assurance Level 2.
61 Certification is not a guarantee that a TOE is completely free of exploitable
vulnerabilities. There will remain a small level of risk that exploitable vulnerabilities
remain undiscovered in its claimed security functionality. The risk is reduced as the
certified level of assurance increases for the TOE.
3.1 Assurance Level Information
62 EAL 2 provides assurance by a full security target and analysis of the SFRs in that Security
Target, using functional and interface specifications, guidance documentation and a
description of the design of the TOE and the implementation to understand the security
behaviours.
63 The analysis is supported by independent testing of the TSF, evidence of developer
testing based on the functional specification, selective independent confirmation of the
developer test results, and a vulnerability analysis (based upon the functional
specification, TOE design, security architecture description and guidance evidence
provided) demonstrating resistance to penetration attackers with a basic attack
potential.
64 EAL 2 also provides assurance through use of a configuration management system and
evidence of secure delivery procedures.
3.2 Comments/Recommendations
65 The Malaysian Certification Body (MyCB) notes that:
a) Potential purchasers of the TOE should make themselves familiar with the developer
guidance documentation provided with the TOE and pay attention to all security
warnings.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 23 of 26
PUBLIC
b) Potential purchasers of the TOE must maintain the confidentiality, integrity and
availability of security relevant data for TOE initialization, start-up and operation if
stored or handled outside the TOE.
c) System Auditor should review the audit trail generated and exported by the TOE
periodically.
d) Potential purchasers of the TOE should ensure appropriate network protection is
maintained, the network on which the TOE is installed must be both physically and
logically protected.
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 24 of 26
PUBLIC
Annex A References
A.1 References
[1] Arrangement on the recognition of Common Criteria Certificates in the field of
Information Technology Security, July, 2014.
[2] The Common Criteria for Information Technology Security Evaluation, Version 3.1,
Revision 5, April 2017.
[3] The Common Methodology for Information Technology Security Evaluation, Version
3.1, Revision 5, April 2017.
[4] MyCC Scheme Requirement (MYCC_REQ), v1a, CyberSecurity Malaysia, January 2023.
[5] ISCB Evaluation Facility Manual (ISCB_EFM), v3, January 2023.
[6] Trend Micro TippingPoint Threat Protection System (TPS) v5.5.0 Security Target,
Version 1.0, 22 May 2023.
[7] Evaluation Technical Report, Version 1.0, 01 June 2023.
A.2 Terminology
A.2.1 Acronyms
Table 7: List of Acronyms
Acronym Expanded Term
CB Certification Body
CC Common Criteria (ISO/IEC15408)
CEM Common Evaluation Methodology (ISO/IEC 18045)
CCRA Common Criteria Recognition Arrangement
IEC International Electrotechnical Commission
ISO International Organisation for Standardization
ISCB Information Security Certification Body
MyCB Malaysian Common Criteria Certification Body
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 25 of 26
PUBLIC
Acronym Expanded Term
MyCC Malaysian Common Criteria Evaluation and Certification
Scheme
MyCPR MyCC Scheme Certified Products Register
MySEF Malaysian Security Evaluation Facility
PP Protection Profile
ST Security Target
TOE Target of Evaluation
A.2.2 Glossary of Terms
Table 8: Glossary of Terms
Term Definition and Source
CC International
Interpretation
An interpretation of the CC or CEM issued by the CCMB that
is applicable to all CCRA participants.
Certificate The official representation from the CB of the certification of
a specific version of a product to the Common Criteria.
Certification Body An organisation responsible for carrying out certification
and for overseeing the day-today operation of an Evaluation
and Certification Scheme. Source CCRA
Consumer The organisation that uses the certified product within their
infrastructure.
Developer The organisation that develops the product submitted for CC
evaluation and certification.
Evaluation The assessment of an IT product, IT system, or any other
valid target as defined by the scheme, proposed by an
applicant against the standards covered by the scope defined
in its application against the certification criteria specified in
the rules of the scheme. Source CCRA and MS-ISO/IEC Guide
65
PUBLIC
FINAL
C128 Certification Report ISCB-5-RPT-C128-CR-v1
Page 26 of 26
PUBLIC
Term Definition and Source
Evaluation and Certification
Scheme
The systematic organisation of the functions of evaluation
and certification under the authority of a certification body
in order to ensure that high standards of competence and
impartiality are maintained and that consistency is achieved.
Source CCRA.
Interpretation Expert technical judgement, when required, regarding the
meaning or method of application of any technical aspect of
the criteria or the methodology. An interpretation may be
either a national interpretation or a CC international
interpretation.
Certifier The certifier responsible for managing a specific certification
task.
Evaluator The evaluator responsible for managing the technical aspects
of a specific evaluation task.
Maintenance Certificate The update of a Common Criteria certificate to reflect a
specific version of a product that has been maintained under
the MyCC Scheme.
National Interpretation An interpretation of the CC, CEM or MyCC Scheme rules that
is applicable within the MyCC Scheme only.
Security Evaluation Facility An organisation (or business unit of an organisation) that
conducts ICT security evaluation of products and systems
using the CC and CEM in accordance with Evaluation and
Certification Scheme policy
Sponsor The organisation that submits a product for evaluation and
certification under the MyCC Scheme. The sponsor may also
be the developer.
--- END OF DOCUMENT ---