SailPoint IdentityIQ
September 19, 2015
National Information Assurance Partnership
Common Criteria Evaluation and Validation Scheme
Validation Report
SailPoint IdentityIQ
Report Number: CCEVS-VR-VID10611-2015
Version 1.0
October 2, 2015
National Institute of Standards and Technology National Security Agency
Information Technology Laboratory Information Assurance Directorate
100 Bureau Drive 9800 Savage Road STE 6940
Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6940
®
TM
VALIDATION REPORT
SailPoint IdentityIQ
ii
ACKNOWLEDGEMENTS
Validation Team
Daniel Faigin, Senior Validator
The Aerospace Corporation
Meredith Hennan, Lead Validator
The Aerospace Corporation
Common Criteria Testing Laboratory
Chris Gugel, CC Technical Director
Seyithan Ayhan
Chris Rakaczky
Booz Allen Hamilton (BAH)
Linthicum Heights, Maryland
SailPoint IdentityIQ
September 19, 2015
Table of Contents
1 EXECUTIVE SUMMARY................................................................................................................................4
2 IDENTIFICATION ...........................................................................................................................................5
3 ASSUMPTIONS AND CLARIFICATION OF SCOPE.................................................................................6
4 ARCHITECTURAL INFORMATION............................................................................................................9
4.1 TOE INTRODUCTION........................................................................................................................................9
4.2 PHYSICAL BOUNDARIES...................................................................................................................................9
5 SECURITY POLICY ........................................................................................................................................9
5.1 ENTERPRISE SECURITY MANAGEMENT ............................................................................................................9
5.2 SECURITY AUDIT ...........................................................................................................................................10
5.3 IDENTIFICATION AND AUTHENTICATION........................................................................................................10
5.4 SECURITY MANAGEMENT ..............................................................................................................................10
5.5 PROTECTION OF THE TSF...............................................................................................................................10
5.6 TOE ACCESS..................................................................................................................................................10
5.7 TRUSTED PATH/CHANNELS............................................................................................................................11
6 DOCUMENTATION.......................................................................................................................................12
7 EVALUATED CONFIGURATION...............................................................................................................13
8 IT PRODUCT TESTING................................................................................................................................14
8.1 TEST CONFIGURATION ...................................................................................................................................14
8.2 DEVELOPER TESTING .....................................................................................................................................14
8.3 EVALUATION TEAM INDEPENDENT TESTING..................................................................................................14
8.4 EVALUATION TEAM VULNERABILITY TESTING..............................................................................................15
9 RESULTS OF THE EVALUATION..............................................................................................................16
9.1 EVALUATION OF THE SECURITY TARGET (ASE) ............................................................................................16
9.2 EVALUATION OF THE DEVELOPMENT (ADV).................................................................................................16
9.3 EVALUATION OF THE GUIDANCE DOCUMENTS (AGD)...................................................................................16
9.4 EVALUATION OF THE LIFE CYCLE SUPPORT ACTIVITIES (ALC).....................................................................17
9.5 EVALUATION OF THE TEST DOCUMENTATION AND THE TEST ACTIVITY (ATE).............................................17
9.6 VULNERABILITY ASSESSMENT ACTIVITY (VAN) ..........................................................................................17
9.7 SUMMARY OF EVALUATION RESULTS ............................................................................................................17
10 VALIDATOR COMMENTS ..........................................................................................................................18
11 ANNEXES ........................................................................................................................................................19
12 SECURITY TARGET .....................................................................................................................................20
13 LIST OF ACRONYMS....................................................................................................................................21
14 TERMINOLOGY ............................................................................................................................................22
15 BIBLIOGRAPHY ............................................................................................................................................23
VALIDATION REPORT
SailPoint IdentityIQ
4
1 Executive Summary
This report documents the assessment of the National Information Assurance Partnership
(NIAP) validation team of the evaluation of IdentityIQ, provided by SailPoint
Technologies, Inc. It presents the evaluation results, their justifications, and the
conformance results. This Validation Report is not an endorsement of the Target of
Evaluation by any agency of the U.S. government, and no warranty is either expressed or
implied.
The evaluation was performed by the Booz Allen Hamilton Inc. Common Criteria
Testing Laboratory (CCTL) in Linthicum Heights, Maryland, United States of America,
and was completed in September 2015. The information in this report is largely derived
from the Evaluation Technical Report (ETR) and associated test reports, all written by
Booz Allen. The evaluation determined that the product is both Common Criteria Part 2
Extended and Part 3 Conformant, and meets the assurance requirements set forth in the
Enterprise Security Management Identity and Credential Management Protection Profile
(ICMPP).
The Target of Evaluation (TOE) is the SailPoint IdentityIQ version 6.4p3. IdentityIQ is a
governance-based Identity and Access Management (IAM) software solution. It
integrates compliance management and provisioning in a unified solution that leverages a
common identity governance framework.
The Target of Evaluation (TOE) identified in this Validation Report has been evaluated at
a NIAP approved Common Criteria Testing Laboratory using the Common Methodology
for IT Security Evaluation (Version 3.1, Rev 4) for conformance to the Common Criteria
for IT Security Evaluation (Version 3.1, Rev 4), as interpreted by the Assurance
Activities contained in the ICMPP. This Validation Report applies only to the specific
version of the TOE as evaluated. The evaluation has been conducted in accordance with
the provisions of the NIAP Common Criteria Evaluation and Validation Scheme and the
conclusions of the testing laboratory in the evaluation technical report is consistent with
the evidence provided.
The validation team provided guidance on technical issues and evaluation processes, and
reviewed the individual work units of the ETR for the ICMPP Assurance Activities. The
validation team found that the evaluation showed that the product satisfies all of the
functional requirements and assurance requirements stated in the Security Target (ST).
Therefore the validation team concludes that the testing laboratory’s findings are
accurate, the conclusions justified, and the conformance results are correct. The
conclusions of the testing laboratory in the evaluation technical report are consistent with
the evidence produced.
The technical information included in this report was obtained from the SailPoint
IdentityIQ Security Target, Version 1.0, September 16, 2015 and analysis performed by
the Validation Team.
VALIDATION REPORT
SailPoint IdentityIQ
5
2 Identification
The CCEVS is a joint National Security Agency (NSA) and National Institute of
Standards effort to establish commercial facilities to perform trusted product evaluations.
Under this program, security evaluations are conducted by commercial testing
laboratories called Common Criteria Testing Laboratories (CCTLs). CCTLs evaluate
products against Protection Profile containing Assurance Activities that are interpretation
of CEM work units specific to the technology described by the PP.
The NIAP Validation Body assigns Validators to monitor the CCTLs to ensure quality
and consistency across evaluations. Developers of information technology products
desiring a security evaluation contract with a CCTL and pay a fee for their product’s
evaluation. Upon successful completion of the evaluation, the product is added to NIAP’s
Product Compliance List.
Table 1 provides information needed to completely identify the product, including:
 The Target of Evaluation (TOE): the fully qualified identifier of the product as
evaluated.
 The Security Target (ST), describing the security features, claims, and assurances
of the product.
 The conformance result of the evaluation.
 The Protection Profile to which the product is conformant.
 The organizations and individuals participating in the evaluation.
Table 1 – Evaluation Identifiers
Item Identifier
Evaluation
Scheme
United States NIAP Common Criteria Evaluation and Validation
Scheme
TOE SailPoint IdentityIQ version 6.4p3
Protection
Profile
Standard Protection Profile for Enterprise Security Management
Identity and Credential Management v2.1
Security Target SailPoint IdentityIQ Common Criteria Security Target, Version 1.0,
September 16, 2015
Evaluation
Technical Report
Evaluation Technical Report for a Target of Evaluation “SailPoint
IdentityIQ” Evaluation Technical Report v1.0 September 19, 2015
CC Version Common Criteria for Information Technology Security Evaluation,
Version 3.1 Revision 4
Conformance Result CC Part 2 extended, CC Part 3 conformant
Sponsor SailPoint Technologies, Inc.
Developer Booz Allen Hamilton, Linthicum, Maryland
Common Criteria
Testing Lab (CCTL)
Booz Allen Hamilton, Linthicum, Maryland
CCEVS Validators Daniel Faigin, The Aerospace Corporation
Meredith Hennan, The Aerospace Corporation
VALIDATION REPORT
SailPoint IdentityIQ
6
3 Assumptions and Clarification of Scope
3.1 Assumptions
The following assumptions about the operational environment are made regarding its
ability to provide security functionality.
 The TOE will use cryptographic primitives provided by the Operational
Environment to perform cryptographic services.
 There will be a defined enrollment process that confirms user identity before
the assignment of credentials.
 The TOE will be able to establish connectivity to other ESM products in order
to share security data.
 Third-party entities that exchange attribute data with the TOE are assumed to
be trusted.
 There will be one or more competent individuals assigned to install,
configure, and operate the TOE.
 The TOE will receive reliable time data from the Operational Environment.
3.2 Threats
The following lists the threats addressed by the TOE. The assumed level of expertise of
the attacker for all the threats identified below is Enhanced-Basic.
 T.ADMIN_ERROR – An administrator may unintentionally install or
configure the TOE incorrectly, resulting in ineffective security mechanisms.
 T.EAVES – A malicious user could eavesdrop on network traffic to gain
unauthorized access to TOE data.
 T.FALSIFY – A malicious user may falsify the TOE’s identity and transmit
false data that purports to originate from the TOE to provide invalid data to
the ESM deployment.
 T.FORGE – A malicious user may falsify the identity of an external entity in
order to illicitly request to receive security attribute data or to provide invalid
data to the TOE.
 T. INSUFFATR – An Assignment Manager may be incapable of using the
TOE to define identities, credentials, and attributes in sufficient detail to
facilitate authorization and access control, causing other ESM products to
behave in a manner that allows illegitimate activity or prohibits legitimate
activity.
 T.MASK – A malicious user may attempt to mask their actions, causing audit
data to be incorrectly recorded or never recorded.
 T.RAWCRED – A malicious user may attempt to access stored credential data
directly, in order to obtain credentials that may be replayed to impersonate
another user.
 T.UNAUTH – A malicious user could bypass the TOE’s identification,
authentication, or authorization mechanisms in order to illicitly use the TOE’s
management functions.
 T.WEAKIA – A malicious user could be illicitly authenticated by the TSF
through brute-force guessing of authentication credentials.
VALIDATION REPORT
SailPoint IdentityIQ
7
3.3 Objectives
The following identifies the security objectives of the TOE. These security objectives
reflect the stated intent to counter identified threats and/or comply with any security
policies identified.
 O.ACCESSID – The TOE will include the ability to validate the identity of
other ESM products prior to distributing data to them.
 O.AUDIT – The TOE will provide measures for generating and recording
security relevant events that will detect access attempts to TOE-protected
resources by users.
 O.AUTH – The TOE will provide a mechanism to validate requested
authentication attempts and to determine the extent to which any validated
subject is able to interact with the TSF.
 O.BANNER – The TOE will display an advisory warning regarding use of the
TOE.
 O.EXPORT – The TOE will provide the ability to transmit user attribute data
to trusted IT products using secure channels.
 O.IDENT – The TOE will provide the Assignment Managers with the ability
to define detailed identity and credential attributes.
 O.INTEGRITY – The TOE will provide the ability to assert the integrity of
identity, credential, or authorization data.
 O.MANAGE – The TOE will provide Assignment Managers with the
capability to manage the TSF.
 O.PROTCOMMS – The TOE will provide protected communication channels
for administrators, other parts of a distributed TOE, and authorized IT entities.
 O.PROTCRED – The TOE will be able to protect stored credentials.
 O.ROBUST – The TOE will provide mechanisms to reduce the ability for an
attacker to impersonate a legitimate user during authentication.
 O.SELFID – The TOE will be able to confirm its identity to the ESM
deployment upon sending identity, credential, or authorization data to
dependent machines within the ESM deployment.
3.4 Clarification of Scope
All evaluations (and all products) have limitations, as well as potential misconceptions
that need clarifying. This text covers some of the more important limitations and
clarifications of this evaluation. Note that:
 As with any evaluation, this evaluation only shows that the evaluated
configuration meets the security claims made, with a certain level of assurance.
The level of assurance for this evaluation is defined within the Standard
Protection Profile for Enterprise Security Management Identity and Credential
Management v2.1, 24 October 2013 to which this evaluation claimed exact
compliance.
 Consistent with the expectations of the Protection Profile, this evaluation did not
specifically search for, nor seriously attempt to counter, vulnerabilities that were
not “obvious” or vulnerabilities to objectives not claimed in the ST. The CEM
VALIDATION REPORT
SailPoint IdentityIQ
8
defines an “obvious” vulnerability as one that is easily exploited with a minimum
of understanding of the TOE, technical sophistication and resources.
 The functionality evaluated is scoped exclusively to the security functional
requirements specified in the Section 6 of the Security Target and their operation
with respect to the TOE is described in Section 8 of the Security Target. Any
other functionality provided by SailPoint IdentityIQ needs to be assessed
separately and no further conclusions can be drawn about their effectiveness.
The evaluated configuration of the TOE is the SailPoint IdentityIQ software product.
The TOE includes all the code that enforces the policies identified (see Section 5).
VALIDATION REPORT
SailPoint IdentityIQ
9
4 Architectural Information
Note: The following architectural description is based on the description presented in
the Security Target.
4.1 TOE Introduction
IdentityIQ (also referred to as the TOE) is a governance-based Identity and Access
Management (IAM) software solution. It integrates compliance management and
provisioning in a unified solution that leverages a common identity governance
framework. IdentityIQ provides a variety of IAM processes that include automated
access certifications, policy management, access request and provisioning, password
management and identity intelligence.
4.2 Physical Boundaries
The physical boundary of the TOE includes the IdentityIQ software that is installed on
top of the Apache Tomcat application server. The evaluated configuration of the TOE
includes licenses for both the Compliance Manager and Lifecycle Manager portions of
IdentityIQ. The TOE does not include the hardware or operating systems of the systems
on which it is installed. It also does not include the third-party software that is required
for the TOE to run. The following table lists the software components that are required
for the TOE’s use in the evaluated configuration. These Operational Environment
components are expected to be patched to include the latest security fixes for each
component.
Component Requirement
Server OS Windows Server 2012
OS Type 64-bit
Application Server Apache Tomcat 6.0
Database Oracle 11g R1
Authentication Store Windows Server 2012 R2 Active Directory
In addition to the server requirements, a web browser is required for any system used to
administer the TOE. In the evaluated configuration, the TOE was tested using Internet
Explorer 10 and the compatibility of other browsers was not assessed.
5 Security Policy
5.1 Enterprise Security Management
The TOE performs enterprise user authentication using Active Directory as well as its
own authentication mechanisms within the Operational Environment. IdentityIQ requires
each user to enter valid identification in the form of a username and authentication in the
form of a password to gain access to the TOE.
IdentityIQ uses connectors that are provided by the Operational Environment to
communicate with third-party ESM products. In the evaluated configuration, IdentityIQ
connects to Active Directory using the ADSI connector. The TOE will read and directly
VALIDATION REPORT
SailPoint IdentityIQ
10
manage user data as well as configuration information, such as policy data, from any
connected Active Directory. The TOE will also push user data to any instance of Active
Directory to allow enterprise users to be centrally managed and address any conflicts of
user data throughout the enterprise.
5.2 Security Audit
The TOE generates audit records of its behavior and administrator activities. Audit data
includes date, time, event type, subject identity, and other data as required. Audit data is
written to a remote Oracle 11g database. The communication between the TOE and the
remote database is secured using TLS that is provided by the JRE’s JDBC that resides in
the Operational Environment.
5.3 Identification and Authentication
When an administrator authenticates to the TOE, the TOE will associate the username
with a principal. The principal, along with the capabilities, rights, and dynamic scopes
determine the access that the administrator will have while logged into the TOE.
The TOE provides mechanisms to reduce the likelihood of unauthorized access. The TOE
is able to lock out an administrative account after a specific number of unsuccessful
authentication attempts. This setting is defaulted to lockout users after five failed
authentication attempts but is configurable by an administrator. Password complexity,
history, length, and lifetime can be configured by administrators. These security
parameters are used to reduce the likelihood of a successful brute force attack to gain
unauthorized access to the system.
5.4 Security Management
The TOE is managed by authorized administrators using a web GUI. All administrative
actions are performed via the web GUI. The TOE uses capabilities to control user access
to functionality within the product. Users or a group of users can be assigned to one or
more of the 27 out-of-the-box capabilities. The TOE also allows administrators to create
or modify capabilities and assign them to users or groups of users.
5.5 Protection of the TSF
In the evaluated configuration, the TOE requests the JRE to encrypt administrator
credentials before being sent to the Operational Environment’s Oracle database. The TOE
does not store any cleartext password data in memory and there are no credentials stored
locally on the TOE. Similarly, the answers to user security questions (used if the user has
forgotten their password) are stored in an encrypted format in the Oracle database. In the
evaluated configuration, the TOE does not store any secret or private keys and thus, there
is no mechanism to disclose this information.
5.6 TOE Access
The TOE can display a warning banner prior to allowing any administrative actions to be
performed. In the event that the maximum timeout value for inactivity has been reached,
the TOE will terminate the remote session. A user can also terminate their own session by
selecting the logout button.
VALIDATION REPORT
SailPoint IdentityIQ
11
5.7 Trusted Path/Channels
The TOE’s evaluated configuration enforces secure communication between the TOE
and IT entities in the operational environment by using the Operational Environment’s
JNDI, ADSI, and JDBC installed on the local system. These trusted channels transfer
TOE data, enterprise user data, and IdentityIQ administrator data to and from IT entities
within the Operational Environment. When users log on to the TOE via a web GUI, a
trusted path is established and it is secured using HTTPS that is provided by Apache
Tomcat using its OpenSSL module.
VALIDATION REPORT
SailPoint IdentityIQ
12
6 Documentation
The vendor provides a standard set of guidance documents that covers the core
functionality of the product. These documents were used during the evaluation of the
TOE:
 SailPoint IdentityIQ Supplemental Administrative Guidance v1.0
 SailPoint IdentityIQ Administration Guide version 6.4
 SailPoint IdentityIQ User’s Guide version 6.4
 SailPoint IdentityIQ Direct Connectors Administration and Configuration Guide
version 6.4
 SailPoint IdentityIQ Installation Guide version 6.4
 SailPoint_IdentityIQ_Capabilities.xls
These guidance documents contain the security-related guidance material for this
evaluation and must be referenced to place the product within the Common Criteria
evaluated configuration. The guidance documents are applicable for version of
IdentityIQ claimed by this evaluation.
VALIDATION REPORT
SailPoint IdentityIQ
13
7 Evaluated Configuration
The evaluated configuration, as defined in the Security Target, is the SailPoint
IdentityIQ software installed upon a general purpose server platform.
To use the product in the evaluated configuration, the product must be configured as
specified in the SailPoint IdentityIQ Supplemental Administrative Guidance v1.0
document. Refer to Section 4.2 for the component requirements and Section 6 for the
full list of documents needed for instructions on how to place the TOE in its
evaluated configuration.
VALIDATION REPORT
SailPoint IdentityIQ
14
8 IT Product Testing
This section describes the testing efforts of the developer and the evaluation team. It is
derived from information contained in the Evaluation Technical Report for a Target of
Evaluation “SailPoint IdentityIQ” Evaluation Technical Report v1.0 dated September
19, 2015, which is not publically available.
8.1 Test Configuration
The evaluation team installed and configured the TOE according to the SailPoint
IdentityIQ Supplemental Administrative Guidance v1.0 document for testing.
The following environment components and test tools* were utilized during the testing:
 Windows Server 2012
 Oracle 11g R1
 Apache Tomcat 6.0
 Microsoft Active Directory
 Wireshark: version 1.12.5
*Only the test tools utilized for functional testing have been listed.
8.2 Developer Testing
No evidence of developer testing is required in the Assurance Activities for this product.
8.3 Evaluation Team Independent Testing
The test team's approach was to test the security mechanisms of the SailPoint IdentityIQ
software by exercising the external interfaces to the TOE and viewing the TOE behavior
on the platform. Each TOE external interface was described in the relevant design
documentation (e.g., ST and AGD) in terms of the claims on the TOE that can be tested
through the external interface. The “SailPoint IdentityIQ Security Target v1.0” (ST),
“SailPoint IdentityIQ Supplemental Administrative Guidance v1.0” (AGD), the
"SailPoint IdentityIQ ATE Test Matrix Results" (Test Matrix), and “Test Specification -
IdentityIQ Test Plan: Common Criteria Testing” (Test Plan) were used to demonstrate
test coverage of all SFR testing assurance activities as defined by the ICMPP for all
security relevant TOE external interfaces. TOE external interfaces that will be
determined to be security relevant are interfaces that
 change the security state of the product,
 permit an object access or information flow that is regulated by the security
policy,
 are restricted to subjects with privilege or behave differently when executed by
subjects with privilege, or
 invoke or configure a security mechanism.
Security functional requirements will be determined to be appropriate to a particular
interface if the behavior of the TOE that supported the requirement could be invoked or
observed through that interface.
VALIDATION REPORT
SailPoint IdentityIQ
15
8.4 Evaluation Team Vulnerability Testing
The evaluation team created a set of vulnerability tests to attempt to subvert the security
of the TOE. These tests were created based upon the evaluation team's review of the
vulnerability analysis evidence and independent research. The Evaluation Team
conducted searches for public vulnerabilities related to the TOE. A few notable resources
consulted include securityfocus.com, the cve.mitre.org, and the nvd.nist.gov.
Upon the completion of the vulnerability analysis research, the team had identified
several generic vulnerabilities upon which to build a test suite. These tests were created
specifically with the intent of exploiting these vulnerabilities within the TOE or its
configuration.
The team tested the following areas:
 Eavesdropping on Communications
In this test, the evaluators manually inspected network traffic to and from the
TOE in order to ensure that no useful or confidential information could be
obtained by a malicious user on the network.
 Port Scanning
Remote access to the TOE should be limited to the standard TOE interfaces and
procedures. This test attempted to find ways to bypass these standard interfaces
of the TOE and open any other vectors of attack.
 Web Interface Vulnerability Identification (Burp Suite Pro)
Burp Suite is a web application vulnerability assessment tool suite. Burp looks for
major vulnerabilities including cross-site scripting, SQL injection, directory
traversal, unchecked file uploads, etc. as well as less critical vulnerabilities such
as unnecessary information disclosure.
VALIDATION REPORT
SailPoint IdentityIQ
16
9 Results of the Evaluation
The results of the assurance requirements are generally described in this section and are
presented in detail in the proprietary ETR. The reader of this document can assume that
all Assurance Activities and work units received a passing verdict.
A verdict for an assurance component is determined by the resulting verdicts assigned to
the corresponding evaluator action elements. The evaluation was conducted based upon
CC version 3.1 rev 4 and CEM version 3.1 rev 4. The evaluation determined the SailPoint
IdentityIQ TOE to be Part 2 extended and meet the SARs contained in the PP.
Additionally the evaluator performed the Assurance Activities specified in the ICMPP.
The following evaluation results are extracted from the non-proprietary Evaluation
Technical Report provided by the CCTL, and are augmented with the validator’s
observations thereof.
9.1 Evaluation of the Security Target (ASE)
The evaluation team applied each ASE CEM work unit. The ST evaluation ensured the
ST contains a description of the environment in terms of policies and assumptions, a
statement of security requirements claimed to be met by the TOE that are consistent with
the Common Criteria, and product security function descriptions that support the
requirements. Additionally the evaluator performed an assessment of the Assurance
Activities specified in the ICMPP.
The validator reviewed the work of the evaluation team, and found that sufficient
evidence and justification was provided by the evaluation team to confirm that the
evaluation was conducted in accordance with the requirements of the CEM, and that the
conclusion reached by the evaluation team was justified.
9.2 Evaluation of the Development (ADV)
The evaluation team applied each ADV CEM work unit specified in the ICMPP. The
evaluation team assessed the design documentation and found it adequate to aid in
understanding how the TSF provides the security functions. The design documentation
consists of a functional specification contained in the Security Target’s TOE Summary
Specification as well as a separately developed Functional Specification document.
The validator reviewed the work of the evaluation team, and found that sufficient evidence
and justification was provided by the evaluation team to confirm that the evaluation was
conducted in accordance with the Assurance Activities, and that the conclusion reached by
the evaluation team was justified.
9.3 Evaluation of the Guidance Documents (AGD)
The evaluation team applied each AGD CEM work unit specified in the ICMPP. The
evaluation team ensured the adequacy of the user guidance in describing how to use the
operational TOE. Additionally, the evaluation team ensured the adequacy of the
administrator guidance in describing how to securely administer the TOE. The guides were
assessed during the design and testing phases of the evaluation to ensure they were complete.
VALIDATION REPORT
SailPoint IdentityIQ
17
Additionally the evaluator performed the Assurance Activities specified in the ICMPP related
to the examination of the information contained in the operational guidance documents.
The validator reviewed the work of the evaluation team, and found that sufficient evidence
and justification was provided by the evaluation team to confirm that the evaluation was
conducted in accordance with the Assurance Activities, and that the conclusion reached by
the evaluation team was justified.
9.4 Evaluation of the Life Cycle Support Activities (ALC)
The evaluation team applied each ALC CEM work unit specified in the ICMPP, as well as
the Assurance Activities specified for ALC_CMC.1 and ALC_CMS.1. The evaluation team
found that the TOE was identified.
The validator reviewed the work of the evaluation team, and found that sufficient evidence
and justification was provided by the evaluation team to confirm that the evaluation was
conducted in accordance with the requirements of the CEM, and that the conclusion reached
by the evaluation team was justified.
9.5 Evaluation of the Test Documentation and the Test Activity (ATE)
The evaluation team applied each ATE CEM work unit specified in the ICMPP. The
evaluation team ran the set of tests specified by the Assurance Activities in the ICMPP and
recorded the results in a Test Report, summarized in the Evaluation Technical Report.
The validator reviewed the work of the evaluation team, and found that sufficient evidence
was provided by the evaluation team to show that the evaluation activities addressed the test
activities in the ICMPP, and that the conclusion reached by the evaluation team was justified.
9.6 Vulnerability Assessment Activity (VAN)
The evaluation team applied each AVA CEM work unit specified in the ICMPP. The
evaluation team performed a public search for vulnerabilities, performed vulnerability testing
and did not discover any issues with the TOE.
The validator reviewed the work of the evaluation team, and found that sufficient evidence
and justification was provided by the evaluation team to confirm that the evaluation
addressed the vulnerability analysis Assurance Activities in the ICMPP, and that the
conclusion reached by the evaluation team was justified.
9.7 Summary of Evaluation Results
The evaluation team’s assessment of the evaluation evidence demonstrates that the claims in
the ST are met. Additionally, the evaluation team’s test activities also demonstrated the
accuracy of the claims in the ST.
The validation team’s assessment of the evidence provided by the evaluation team is that it
demonstrates that the evaluation team performed the Assurance Activities in the ICMPP, and
correctly verified that the product meets the claims in the ST.
VALIDATION REPORT
SailPoint IdentityIQ
18
10 Validator Comments
The validators note that during testing and vulnerability assessments, the lab identified two areas
of security concern, and worked with the vendor to ensure that the validated product was patched
in those areas.
Please note that the evaluated configuration is dependent upon the TOE being configured per the
evaluated configuration instructions in the SailPoint IdentityIQ Supplemental Administrative
Guidance v1.0. Some configuration instructions require editing HTML and XML files that
interface to the TOE. It is advised that the administrator use caution when editing these files to
ensure that the HTML/XML is constructed properly. Also, it is assumed that the administrator
understands which HTML/XML constructs are permitted for use by the organization.
The functionality evaluated is scoped exclusively to the security functional requirements
specified in the Security Target. Other functionality included in the product was not assessed as
part of this evaluation. All other functionality provided by the devices needs to be assessed
separately and no further conclusions can be drawn about their effectiveness.
VALIDATION REPORT
SailPoint IdentityIQ
19
11 Annexes
Not applicable
VALIDATION REPORT
SailPoint IdentityIQ
20
12 Security Target
The security target for this product’s evaluation is SailPoint IdentityIQ, Version 1.0,
September 16, 2015.
VALIDATION REPORT
SailPoint IdentityIQ
21
13 List of Acronyms
Acronym Definition
AD Active Directory
ADSI Active Directory Services Interface
ESM Enterprise Security Management
FIPS Federal Information Processing Standards
GUI Graphical User Interface
HTTPS Hypertext Transfer Protocol Secure
ICF Identity Connector Framework
ICM Identity and Credential Management
JDBC Java Database Connectivity
JNDI Java Naming and Directory Interface
JRE Java Runtime Environment
LDAP Lightweight Directory Access Protocol
MS Microsoft
OS Operating System
PP Protection Profile
SMTP Simple Mail Transfer Protocol
SPML Service Provisioning Markup Language
TLS Transport Layer Security
TOE Target of Evaluation
TSF TOE Security Functions
VALIDATION REPORT
SailPoint IdentityIQ
22
14 Terminology
Term Definition
Administrator The subset of organizational users who have authorizations to manage the
TSF.
Entitlement A privilege assigned to an account on a target system that is configured
through provisioning.
Identity Store The repository in the Operational Environment where organizational users
are defined along with their credential data and identity attributes.
Organizational User A user defined in the identity store that has the ability to interact with assets
in the Operational Environment.
Provisioning The process of configuring the settings and/or account information of
environmental assets based on the privileges that different types of
organizational users need on them to carry out their organizational
responsibilities.
VALIDATION REPORT
SailPoint IdentityIQ
23
15 Bibliography
1. Common Criteria for Information Technology Security Evaluation – Part 1:
Introduction and general model, Version 3.1 Revision 4.
2. Common Criteria for Information Technology Security Evaluation – Part 2:
Security functional requirements, Version 3.1 Revision 4.
3. Common Criteria for Information Technology Security Evaluation – Part 3:
Security assurance requirements, Version 3.1 Revision 4.
4. Common Evaluation Methodology for Information Technology Security
Evaluation, Version 3.1 Revision 4.
5. SailPoint IdentityIQ Security Target, Version 1.0, September 16, 2015.
6. Evaluation Technical Report for a Target of Evaluation “SailPoint IdentityIQ”
Evaluation Technical Report v1.0 dated September 19, 2015.
7. SailPoint IdentityIQ Supplemental Administrative Guidance v1.0
8. SailPoint IdentityIQ Administration Guide version 6.4
9. SailPoint IdentityIQ User’s Guide version 6.4
10. SailPoint IdentityIQ Direct Connectors Administration and Configuration Guide
version 6.4
11. SailPoint IdentityIQ Installation Guide version 6.4
12. SailPoint_IdentityIQ_Capabilities.xls