PrinterLogic Web Stack Server version 18.3
Security Target
Version 1.0
27 November 2019
Prepared for:
PrinterLogic
912 West 1600 South
St. George, UT 84770
Prepared by:
Accredited Testing and Evaluation Labs
6841 Benjamin Franklin Drive
Columbia, MD 21046
Security Target Version 1.0, 11/27/2019
Page ii of iii
Table of Contents
1. SECURITY TARGET INTRODUCTION............................................................................................................1
1.1 SECURITY TARGET, TOE AND CC IDENTIFICATION........................................................................................1
1.2 CONFORMANCE CLAIMS.................................................................................................................................1
1.3 CONVENTIONS ................................................................................................................................................2
1.3.1 Terminology ..........................................................................................................................................3
1.3.2 Acronyms...............................................................................................................................................4
2. PRODUCT AND TOE DESCRIPTION............................................................................................................5
2.1 INTRODUCTION...............................................................................................................................................5
2.2 PRODUCT OVERVIEW......................................................................................................................................5
2.3 TOE OVERVIEW .............................................................................................................................................6
2.4 TOE ARCHITECTURE......................................................................................................................................9
2.4.1 Physical Boundary.................................................................................................................................9
2.4.2 Logical Boundary ................................................................................................................................11
2.5 TOE DOCUMENTATION ................................................................................................................................12
3. SECURITY PROBLEM DEFINITION ..........................................................................................................13
4. SECURITY OBJECTIVES ..............................................................................................................................14
5. IT SECURITY REQUIREMENTS..................................................................................................................15
5.1 EXTENDED REQUIREMENTS..........................................................................................................................15
5.2 TOE SECURITY FUNCTIONAL REQUIREMENTS .............................................................................................16
5.2.1 Cryptographic Support (FCS)..............................................................................................................16
5.2.2 User Data Protection (FDP).................................................................................................................17
5.2.3 Security Management (FMT) ..............................................................................................................17
5.2.4 Privacy (FPR) ......................................................................................................................................18
5.2.5 Protection of the TSF (FPT) ................................................................................................................18
5.2.6 Trusted Path/Channels (FTP)...............................................................................................................19
5.3 TOE SECURITY ASSURANCE REQUIREMENTS...............................................................................................19
6. TOE SUMMARY SPECIFICATION..............................................................................................................20
6.1 TIMELY SECURITY UPDATES ........................................................................................................................20
6.2 CRYPTOGRAPHIC SUPPORT...........................................................................................................................20
6.3 USER DATA PROTECTION .............................................................................................................................21
6.4 SECURITY MANAGEMENT.............................................................................................................................22
6.5 PRIVACY.......................................................................................................................................................23
6.6 PROTECTION OF THE TSF .............................................................................................................................23
6.7 TRUSTED PATH/CHANNELS ..........................................................................................................................24
7. PROTECTION PROFILE CLAIMS...............................................................................................................25
8. RATIONALE.....................................................................................................................................................26
8.1 TOE SUMMARY SPECIFICATION RATIONALE................................................................................................26
APPENDIX A: TOE USAGE OF THIRD-PARTY COMPONENTS ..................................................................28
A.1 PLATFORM APIS...........................................................................................................................................28
A.2 THIRD-PARTY LIBRARIES .............................................................................................................................29
LIST OF TABLES
Security Target Version 1.0, 11/27/2019
Page iii of iii
Table 1 TOE Security Functional Components ......................................................................................................16
Table 2 Assurance Components ...............................................................................................................................19
Table 3 Sensitive Data ...............................................................................................................................................21
Table 4 Security Functions vs Requirements Mapping..........................................................................................27
Security Target Version 1.0, 11/27/2019
Page 1 of 52
1. Security Target Introduction
This section identifies the Security Target (ST) and Target of Evaluation (TOE) identification, ST conventions, ST
conformance claims, and the ST organization. The TOE is PrinterLogic Web Stack Server, version 18.3.
PrinterLogic Web Stack Server (PL Server) is a web server application that interacts with PrinterLogic Web Stack
Clients (PL Clients) in its operational environment. These clients are installed on endpoint systems in an organization
to facilitate direct IP printing. The PL Server is used to administer PL Clients, specifically in regards to configuration,
user self-service, and handling of mediated printing activities that cannot be performed directly between a computer
and an installed printer (e.g., AirPrint, Email Printing Service, Google Could Print).
The focus of this evaluation is on the TOE functionality supporting the claims of version 1.3 of the Protection Profile
for Application Software [App PP]. The only capabilities covered by the evaluation are those specified in the
aforementioned Protection Profile; no additional security functional claims are made by the product. The security
functionality specified in [App PP] includes protection of security-relevant data at rest and in transit, any cryptographic
functionality used to achieve this, and security of the interactions between the application(s) and their underlying
platform(s). Where appropriate and permitted by the [App PP], this evaluation will identify areas where the TOEâ€™s
underlying platform is used to support the TOEâ€™s implementation of its claimed security functionality.
The Security Target contains the following additional sections:
ï‚· Product and TOE Description (Section 2)
ï‚· Security Problem Definition (Section 3)
ï‚· Security Objectives (Section 4)
ï‚· IT Security Requirements (Section 5)
ï‚· TOE Summary Specification (Section 6)
ï‚·
Security Target Version 1.0, 11/27/2019
Page 2 of 52
ï‚· Protection Profile Claims (Section 0)
ï‚· Rationale (Section 8)
1.1 Security Target, TOE and CC Identification
ST Title â€“ PrinterLogic Web Stack Server version 18.3 Security Target
ST Version â€“ Version 1.0
ST Date â€“ 27 November 2019
TOE Identification â€“ PrinterLogic Web Stack Server version 18.3. The specific components of the TOE include:
1. PrinterLogic Web Stack Web Server (on-premises variant)
a. Supported on Windows Server 2008 R2, 2012, 2012 R2, or 2016 (64-bit)
TOE Developer â€“ PrinterLogic, LLC
Evaluation Sponsor â€“ PrinterLogic, LLC
CC Identification â€“ Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April
2017
1.2 Conformance Claims
This ST and the TOE it describes are conformant to the following CC specifications: This ST is conformant to:
ï‚· Protection Profile for Application Software, Version 1.3, 01 March 2019 with the following optional,
selection-based, and objective SFRs:
o FCS_CKM.1(1)
o FCS_CKM.2
ï‚· The following NIAP Technical Decisions apply to this PP and have been accounted for in the ST
development and the conduct of the evaluation, or were considered to be non-applicable :
ï‚· TD0416: Correction to FCS_RBG_EXT.1 Test Activity
o No change to ST; affects only test activities.
ï‚· TD0427: Reliable Time Source
o No change to ST; the ST includes the PPâ€™s assumptions by reference and therefore any
changes to the assumptions are implicity made.
ï‚· TD0434: Windows Desktop Application Test
o No change to ST; affects only test activities.
ï‚· TD0435: Alternative to SELinux for FPT_AEX_EXT.1.3
o No change to ST; affects only test activities.
ï‚· TD0437: Supported Configuration Mechanism
o FMT_MEC_EXT.1.1 has been modified in ST.
ï‚· TD0444: IPsec selections
o N/A to TOE; the TD adds a selection for IPsec to FTP_DIT_EXT.1 but the TSF does not
include IPsec so this selection is not chosen.
ï‚· TD0445: User Modifiable File Definition
o No change to ST; affects only test activities.
Security Target Version 1.0, 11/27/2019
Page 3 of 52
ï‚· TD0465: Configuration Storage for .NET Apps
o N/A to TOE; the TOE is not a .NET application.
ï‚· Common Criteria for Information Technology Security Evaluation Part 2: Security functional components,
Version 3.1, Revision 5, April 2017.
o Part 2 Extended
ï‚· Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components,
Version 3.1 Revision 5, April 2017.
o Part 3 Extended
1.3 Conventions
The following conventions have been applied in this document:
ï‚· Security Functional Requirements â€“ Part 2 of the CC defines the approved set of operations that may be
applied to functional requirements: iteration, assignment, selection, and refinement.
o Iteration: allows a component to be used more than once with varying operations. An iterated SFR
is indicated by a number in parentheses placed at the end of the component. For example,
FCS_CKM.1(1) and FCS_CKM.1(2) indicate that the ST includes two iterations of the
FCS_CKM.1 requirement: (1) and (2).
o Assignment: allows the specification of an identified parameter. Assignments are indicated using
italics and are surrounded by brackets (e.g., [assignment item]). Note that an assignment within a
selection would be identified in both italics and underline, with the brackets themselves underlined
since they are explicitly part of the selection text, unlike the brackets around the selection itself (e.g.,
[selection item, [assignment item inside selection]]).
o Selection: allows the specification of one or more elements from a list. Selections are indicated using
underlines and are surrounded by brackets (e.g., [selection item]).
o Refinement: allows the addition of details and non-technical changes to grammar and formatting.
Refinements are indicated using bold, for additions, and strike-through, for deletions (e.g., â€œâ€¦ all
objects â€¦â€ or â€œâ€¦ some big things â€¦â€). Note that minor grammatical changes that do not involve
the addition or removal of entire words (e.g., for consistency of quantity such as changing â€œmeetsâ€
to â€œmeetâ€) do not have formatting applied.
ï‚· Other sections of the ST â€“ Other sections of the ST use bolding to highlight text of special interest, such as
captions.
ï‚· For SFRs that only apply to specific components of the TOE, the SFR is indicated by one or more
abbreviations in parentheses placed at the end of the component. Specifically, â€˜WSâ€™ is used to indicate that
the component applies to the Web Server and â€˜WCâ€™, â€˜LCâ€™, and â€˜MCâ€™ indicate applicability to Windows
Client, Linux Client, and macOS Client, respectively. For example, FCS_HTTPS_EXT.1(WC,LC,MC)
applies to all TOE components except for the Web Server component.
ï‚· The ST does not highlight operations that have been completed by the PP authors, though it does preserve
brackets to show where operations have been made.
1.3.1 Terminology
The following terms and abbreviations are used in this ST:
Admin Console A GUI that is part of the Web Server application. Used by administrators to configure PL Client
settings, including whether to designate a given PL Client instance as a Service Host.
Administrator Any member of the organization deploying the TOE who has credentials to access the Admin
Console.
Security Target Version 1.0, 11/27/2019
Page 4 of 52
AirPrint A feature of Apple devices (Mac/iPhone/iPad) that is used to print documents on those devices
via wireless network.
Console Print
Application
An interactive program running on a printer or multifunction device, typically controllable
through a touchscreen, that can be used to configure device settings and networking.
Delphi An integrated development environment for the Object Pascal programming language.
Email Printing A method of remote printing where a user can send an email message to a specific address that
is monitored by a Service Host and either printed directly or held for pull printing.
Google Cloud
Printing
A feature of Android/Chrome OS devices that is used to print documents on those devices via
wireless network.
PrinterLogic
Web Stack
Client
A TOE component. Runs on user machines and is used to handle installation of print drivers
and remote printing. Can be configured as a Service Host to provide additional functionality for
remote printing.
Pull Printing A workflow for printing where a user requests to print a document but it is held by a Service
Host instead of being immediately printed. The user can then choose to later release the
document through the Release Portal, after which it is printed by a desired target printer. Often
used in cases where physical custody of a printed document is essential but the user is not
physically at or near the desired printer at the time the print job is initiated.
Release Portal A GUI that is part of the Web Server application. Used to direct a Service Host to release held
documents for printing.
Remote
Printing
Term used to collectively describe AirPrint, Email Printing, and Google Cloud Printing.
Self-Service
Portal
A GUI that is part of the Web Server application. Used for user installation of printer drivers
and other basic configuration functionality that does not need to be restricted to administrators.
Service Host A special configuration for a PL Client application. While configured as a Service Host, a PL
Client can process remote printing and pull printing workflows. It does this by acting as a
â€˜dummyâ€™ printer for AirPrint/Google Cloud Printing and/or by monitoring email boxes used for
email printing.
User An individual in the organization that lacks any specific privileges to administer PrinterLogic
Web Stack.
Web Server A TOE component. Application that runs various user- and administrator-facing user interfaces
and acts as a central point for distributing configuration settings changes and release of held pull
printing jobs to the various PL Clients (including Service Hosts).
1.3.2 Acronyms
AA Assurance Activity
API Application Programming Interface
ASLR Address Space Layout Randomization
AES Advanced Encryption Standard
CAVP Cryptographic Algorithm Validation Program
CBC Cipher-Block Chaining
CC Common Criteria for Information Technology Security Evaluation
CEM Common Evaluation Methodology for Information Technology Security
CPA Control Panel Application
CRL Certificate Revocation List
FIPS Federal Information Processing Standard
GUI Graphical User Interface
HMAC Hashed Message Authentication Code
HTTP(S) Hypertext Transfer Protocol (Secure)
Security Target Version 1.0, 11/27/2019
Page 5 of 52
IP Internet Protocol
LDAPS Lightweight Directory Access Protocol Secure
NIAP National Information Assurance Partnership
NIST National Institute of Standards and Technology
PL PrinterLogic Web Stack
PII Publicly Identifiable Information
PP Protection Profile
RSA Rivest, Shamir and Adleman (algorithm for public-key cryptography)
SAR Security Assurance Requirement
SFR Security Functional Requirement
SHA Secure Hash Algorithm
SNMP Simple Network Management Protocol
SQL Structured Query Language
SSH Secure Shell
SSL Secure Socket Layer Protocol
ST Security Target
TCP Transmission Control Protocol
TLS Transport Layer Security
TOE Target of Evaluation
TSF TOE Security Functions
XMPP Extensible Messaging and Presence Protocol
Security Target Version 1.0, 11/27/2019
Page 6 of 52
2. Product and TOE Description
The TOE is the PrinterLogic Web Stack Server v18.3 product. This section provides an overview of the capabilities
of the product and then proceeds to describe the TOE itself in terms of its evaluated components and functional claims.
2.1 Introduction
PrinterLogic Web Stack Server is an web application that is used to manage on-premise application designed to
simplify the management, migration, and provisioning of printers. PrinterLogic Web Stack Server facilitates features
including centrally-managed direct IP printing, self-service installation of printer drivers, automated deployment of
drivers, centralized reporting of printer usage, and pull/mobile printing.
PrinterLogic Web Stack Server is part of a client-server distribution. The TOE is the server portion of this distribution.
It interacts with remote PL Client applications in its operational environment.
2.2 Product Overview
This sub-section describes capabilities of the PrinterLogic Web Stack Server product as a whole. It should be noted
that many of these capabilities are not covered within the scope of the evaluation. The scope of the evaluation is
covered in the subsequent sub-sections that provide the TOE overview and describe the TOE architecture and physical
and logical boundaries.
PrinterLogic Web Stack Server is a product that provides centralized services for user installation of print drivers as
well as pull printing and cloud printing functionality.
PrinterLogic Web Stack Server can be used to centrally manage direct IP printing. Printers can be added, modified
(e.g. driver, port, name, duplex option), and removed from a centralized Admin Console. These changes are then
provisioned to individual PrinterLogic Web Stack Client (PL Client) applications installed on user workstations in the
operational environment. End users are provided a Self-Service Portal where they can install additional print drivers
above and beyond those provisioned for them. They are also provided a Release Portal where held pull print jobs can
be released to a selected printer. Authorizations are based on Active Directory attributes, so users may be given access
(or the ability to gain access) to different printers based on role, geographic location, or other attributes.
PrinterLogic Web Stack Server can also be used for centralized auditing and reporting of print jobs by communicating
with the PL Client applications in its operational environment. This allows the organization to identify operational
costs based on printer usage so that cost savings can be identified. It also uses SNMP to provide monitoring of
individual printers and can generate emails in response to specific SNMP notifications.
Pull printing, also known as secure printing, refers to the case where a user will initiate a print job from their desktop
workstation but it will not be printed immediately. Instead, the TOE will interact with the environmental PL Client to
â€˜holdâ€™ the print job until the user signals that they wish to â€˜releaseâ€™ (i.e. print) the job once they are physically present
at the printer that they wish to have the job printed to. This is signaled either by the user logging onto the TOE
themselves (e.g. through a mobile device) or through the user signing on to the printer, which then uses its embedded
control panel application (CPA) to retrieve and print the job. Cloud printing refers to the use of various network
services to initiate print jobs in the absence of having installed printer drivers on the system. The TOE, along with the
environmental PL Client, supports the following methods of cloud printing:
ï‚· Email printing: the TOE can be used to configure a PL Client to communicate with an email inbox and
automatically place any attachments in a pull print queue owned by the enterprise identity of the user that
sent an email to the inbox (via reverse Active Directory lookup).
ï‚· Apple AirPrint: the TOE can be used to configure a PL Client to broadcast itself as an AirPrint-compatible
printer so that iOS users can use native iOS printing capabilities. The user provides their credentials to PL
Client, which takes the print job and places it into a pull print queue owned by the user.
ï‚· Google Cloud Printing: the TOE can be used to configure a PL Client either to interface with Google Cloud
or to impersonate a Google Cloud server so that Android/Chromebook users can use native printing
capabilities. Similar to email printing, the PL Client will perform a reverse lookup of the userâ€™s enterprise
identity and hold the print job in a queue until released by that user.
Security Target Version 1.0, 11/27/2019
Page 7 of 52
2.3 TOE Overview
The Target of Evaluation (TOE) is comprised of the PrinterLogic Web Stack Server software application (Web
Server). The Web Server is deployed on Windows.
The focus of this evaluation is on the TOE functionality supporting the claims in the Protection Profile for Application
Software, Version 1.3. Specifically, the following capabilities are within the scope of the evaluation:
ï‚· Trusted communications of user credential data, print spool data, and configuration data between the user
and the TOE and between the TOE and the operational environment. Note that the Web Server relies on the
underlying Windows OS platform to provide its HTTP server functionality.
ï‚· The extent to which the TSF relies on platform-provided and third-party capabilities to perform its
functionality.
ï‚· The extent to which data used to determine the behavior of the TSF is secured while at rest and in transit.
ï‚· The ability for the TOE to function on a host platform that is configured for secure operation.
ï‚· The ability of the TOE to interface with the low-level components of its host platform in such a manner that
the TOE cannot be used as an attack vector to exploit the host platform.
ï‚· Pull printing and cloud printing functionality that require the TSF to handle sensitive print spool data.
ï‚· The ability of the organization deploying the TOE to perform timely and trusted security updates to it.
The basic workflows of the application that relate to the TSF are listed below:
Administrator change to client settings
1. Administrator opens web browser, navigates to Admin Console on the TOE over TLS/HTTPS connection.
2. Administrator supplies username/password to TOE, which authenticates them locally.
3. If authentication is successful, administrator interacts with Admin Console to change settings for desired
clients in the operational environment.
4. Changes are propagated locally to SQL database on Web Server platform and transmitted to desired clients
in the operational environment over TLS/HTTPS connection.
User self-service
1. User opens web browser, navigates to Self-Service Portal on the TOE over TLS/HTTPS connection.
5. User supplies username/password to TOE, which authenticates them locally.
2. If authentication is successful, user interacts with Self-Service Portal to manage printer drivers or release
held print jobs.
3. If printer drivers are not installed, the TOE will automatically transfer the desired drivers to the environmental
PL Client running on the userâ€™s system, which then installs the drivers automatically.
4. If print job is released, the TOE will communicate with the environmental PL Client instance that is holding
the job over TLS/HTTPS (the instance on the userâ€™s local system for pull printing, a Service Host for cloud
printing) to instruct it to send the job to the desired printer.
Pull printing
1. User prints document on local system, choosing a pull printer installed by the environmental PL Client.
2. Print job is held by PL Client and PL Client notifies the TOE over TLS/HTTPS that a print job is being held
by that user.
3. User releases job by doing one of the following:
- Navigating to the Release Portal on the TOE, selecting the held job, and specifying a printer to print it
to
- Authenticating to a printer that has been configured to send pull printing requests back to the TOE
4. Regardless of the method used to release the print job, the TOE will notify the PL Client that the job has been
released (via TLS/HTTPS) and the PL Client will take the held job and send it to the platformâ€™s print spool
for printing to the desired printer.
Email printing (standard)
Security Target Version 1.0, 11/27/2019
Page 8 of 52
1. On the Admin Console, administrator configures an environmental Service Host to poll a particular email
box.
2. The configuration change is sent to the Service Host via TLS/HTTPS and also stored by the TOE on the local
database.
3. The configuration change is received by the Service Host and stored in the registry/configuration files as
needed.
4. When the user wishes to print a document, they will email it to the polled email box.
5. The Service Host will retrieve any emails sent to the polled email box over IMAPS (IMAP over TLS).
6. The Service Host will connect to the environmental Active Directory server over TLS to do a reverse lookup
of the sender of the email (i.e., the user). BIND credential used to do this is retrieved from the Web Server
over HTTPS.
7. If the sender of the email is a valid AD user, the Service Host will hold the print job and notify the TOE (over
TLS/HTTPS) that a print job is being held for that user.
8. The user can then release their print job using one of the methods specified in â€˜pull printingâ€™ above.
9. If the sender of the email is not a valid AD user, the Service Host will discard the email.
Email printing (direct)
1. On the Admin Console, administrator configures an environmental Service Host to poll a particular email
box.
2. In the operational environment, the administrator will configure one or more sub-domains of that email box
to forward inbound messages to that email box via mail routing rules.
3. On the Admin Console, administrator configures the printer(s) that should be printed to based on the sub-
domains of inbound messages.
4. The configuration changes are sent to the Service Host via TLS/HTTPS and also stored by the TOE on the
local database.
5. The configuration changes are received by the Service Host and stored in the registry/configuration files as
needed.
6. When the user wishes to print a document, they will email it to the polled email box.
7. The Service Host will retrieve any emails sent to the polled email box over IMAPS (IMAP over TLS).
8. The Service Host will connect to the environmental Active Directory server over LDAPS to do a reverse
lookup of the sender of the email (i.e., the user). BIND credential used to do this is retrieved from the TOE
over HTTPS.
9. If the sender of the email is a valid AD user, the Service Host will immediately print the document using the
specified printer.
Email printing (guest)
1. On the Admin Console, administrator configures an environmental Service Host to poll a particular email
box.
2. The administrator also designates a specific printer as a guest printer for that email box using the â€˜Allow print
jobs to be emailed directly to this printer from guestsâ€™ option in the TOE.
3. When a guest user (i.e., not defined in the organizational Active Directory) wishes to print a document, they
send it as an email to the polled email box.
4. The Service Host will retrieve any emails sent to the polled email box over IMAPS (IMAP over TLS).
5. Since the user is a guest, there will be no AD user to look up.
6. The Service Host will then take the email and immediately release it to be printed to the specified guest
printer.
AirPrint cloud printing
1. On the Admin Console, administrator enables iOS printing and designates an environmental Service Host as
a pull printer for this.
2. In the operational environment, an administrator creates pointer records on the DNS server to let any iOS
device see the pull printer.
3. User prints a document on iOS device, specifying the Service Host as the pull printer.
4. The user will be prompted for their Active Directory credentials, which are validated by the Service Host
using LDAPS.
Security Target Version 1.0, 11/27/2019
Page 9 of 52
5. Once the user credentials have been validated, the print job will be transmitted to the Service Host via IPPS
(IPP over TLS).
6. The Service Host will notify the TOE that a job is being held for that user.
7. The user releases the job using one of the methods specified in â€˜pull printingâ€™ above.
Google Cloud printing (traditional)
1. On the Admin Console, administrator registers an environmental Service Host as a pull printer and configures
it for mobile printing.
2. Configuration settings are transmitted to the Service Host using TLS/HTTPS.
3. The Administrator enables Google Cloud printing and specifies the email address and password of the Google
Cloud print account where documents will be published.
4. The Administrator registers the printer in Google (via pop-up redirect from Admin Console to Google).
5. A user prints a document on their Android or Chromebook device to the pull printer.
6. When the user selects print, the print job is sent to the Google Cloud print server and subsequently converted
to a PDF document.
7. The Service Host will poll the Google Cloud print server and retrieve print jobs from the print serverâ€™s queue.
8. The Service Host will perform a reverse AD lookup of the user that submitted the print job.
9. If the user is recognized, the print job is pulled down from the Google Cloud print server over TLS/HTTPS
(XMPP channel over TLS created by Google Cloud for job status and TLS/HTTPS for retrieval of the job
itself) and held.
10. The Service Host notifies the TOE over TLS/HTTPS that a pull print job is being held for the user.
11. The user can release the print job for printing using any of the methods specified in â€˜pull printingâ€™ above.
Google Cloud printing (local)
1. On the Admin Console, Administrator specifies one or more environmental Service Hosts to function as a
local Google Cloud printer.
2. Configuration settings are transmitted to the Service Host using TLS/HTTPS.
3. The Service Host will automatically broadcast itself as a Google Cloud printer.
4. User on Android or Chromebook device will see the Service Host as a valid printer.
5. When the user selects print, the print job is sent directly to the Service Host using TLS/HTTPS rather than to
the Google Cloud print server.
6. The Service Host will perform a reverse AD lookup of the user that submitted the print job.
7. If the user is recognized, the print job is held by the Service Host.
8. The Service Host notifies the TOE over TLS/HTTPS that a pull print job is being held for the user.
9. The user can release the print job for printing using any of the methods specified in â€˜pull printingâ€™ above.
Software update (Web Server)
1. Administrator downloads the PrinterLogic Web Stack update from the PrinterLogic web site.
2. Administrator runs the update file, specifying all desired options.
3. The old version of the application will automatically be replaced with the updated version as part of the
update process.
From these use cases, the user-facing responsibilities of the TOE include the following:
ï‚· Provide a mechanism for administrators to access the TSF remotely over a trusted path.
ï‚· Provide a mechanism for users to access the TSF remotely over a trusted path.
ï‚· Provide an interface for administrators to modify configuration settings of a PL Client application, for these
configuration settings to be stored locally on the Web Server platform, and for them to be transmitted securely
to the PL Client application over a trusted channel.
ï‚· Notify a PL Client application over a trusted channel that a print job has been released.
The TSF includes all security data and configuration settings needed to support this behavior. Not all configuration
settings are security-relevant; information about how the PL Client is displayed to the user or the installation of print
drivers is outside the scope of the TOE.
Security Target Version 1.0, 11/27/2019
Page 10 of 52
Once a print job has been released, the TSF notifies the relevant environmental PL Client, which sends the job to the
print spool for printing by the host platform. Any transmission of the print job data from the host platform itself to the
target printer is not under the control of the TSF and is therefore outside the scope of the TOE. Similarly, all
configuration of network settings and email servers that allow print data to be received by the TOE are outside the
scope of the TOE. The TSF is not responsible for the security of print data that is sent by the user to a component in
the TOEâ€™s operational environment (e.g., the communication from the user to a mailbox used for email printing is
non-TSF, but the communication between that mailbox and the TOE is part of the TSF).
2.4 TOE Architecture
The PrinterLogic Web Stack Server TOE is a PHP application hosted on IIS
The TOE consists of three subsystems: an Admin Console, which provides a graphical user interface (GUI) for
administrative functions; a Self-Service Portal, which provides a GUI for end user configuration functions; a Release
Portal, which provides a GUI for end users to release held pull print jobs; and a print management client configuration
subsystem, which handles the storage and application of configuration settings.
The TOE includes the following running processes:
ï‚· CGI/FastCGI
ï‚· PrinterLogic Web Stack Client Interface
ï‚· PrinterLogic Web Stack Client Launcher
ï‚· PrinterLogic Web Stack Client Manager
2.4.1 Physical Boundary
The TOE consists of the following component:
ï‚· Web Server application (for Windows)
In Figure 1 below the TOE and its associated MySQL database are indicated by a red box. In the evaluated
configuration all other components in Figure 1, including the PrinterLogic Web Stack Client are considered parts of
the environment.
Figure 1: TOE Architecture
TSF-relevant remote interfaces are shown using solid green lines in Figure 1. Note that an environmental Service
Host may also reside on a system that is remote from the TOE. In these cases, the same interface that is used by the
Security Target Version 1.0, 11/27/2019
Page 11 of 52
TOE to communicate with a remote PL Client is used. Printing functionality is shown in this diagram using a dotted
line. This is because facilitating printing activities is the primary purpose of the product; however, the actual act of
sending documents from a systemâ€™s print spool to a networked printer is still the responsibility of the underlying
operating system.
The TOE has the following system requirements for its host platform:
ï‚· Windows Server 2008 R2 or higher (64-bit)
ï‚· Microsoft IIS 7.0 or higher
ï‚· Two 2.0 GHz processors or one 2.0 GHz dual-core processor for up to 15,000 users (add a core for each
additional 15,000 users)
ï‚· 4GB RAM for up to 15,000 users (add 4GB for each additional 15,000 users)
ï‚· 20GB free hard disk space (add 4GB for each additional 100 printers)
ï‚· MySQL 5.7 (installed as part of installation package)
The following network ports must be open for the TOE to function:
ï‚· 443/TCP (for HTTPS communications)
ï‚· 587/TCP and 993/TCP (for secure SMTP/IMAP communications)
The product itself also requires TCP port 9100 to be open for network printing, UDP ports 161/162 to be open for
SNMP communications, and TCP ports 80/139/445 and UDP ports 137/138 for installation of printer drivers;
however, these functions do not pertain to the storage and transmission of sensitive data so they are non-TSF.
The TOE supports the following web browsers:
ï‚· Microsoft Edge 40.x and HTML 16.x
ï‚· Microsoft Internet Explorer 9 and higher
ï‚· Mozilla Firefox 3 and higher
ï‚· Google Chrome 45 and higher
ï‚· Safari 6.28 and 9.03
The TOEâ€™s operational environment includes the following:
ï‚· PrinterLogic Web Stack Clients (PL Clients) that are used to facilitate the installation of print drivers and
execution of pull/cloud print functions
ï‚· Platforms (hardware and software) on which the TOE and PL Client applications are hosted
ï‚· Full disk encryption is required for all platforms to ensure adequate data-at-rest protection.
ï‚· Windows cryptographic libraries, used to provide cryptographic functionality to the TOE
ï‚· Web browser, used to access the TOE GUIs
ï‚· MySQL 5.7 database (installed on same local system as the TOE), used to store configuration settings and
security data
ï‚· Email server, used to hold messages that can be retrieved by a PL Client for pull printing
ï‚· Google Cloud print server, used to hold messages that can be retrieved by a PL Client for pull printing
ï‚· Active Directory, used for user authentication â€“ in the evaluated configuration, it is assumed that all users
belong to the organizationâ€™s Active Directory domain; however, the TOE does require the use of at least one
locally-defined administrator account to be used during initial setup of the TOE
ï‚· Mobile devices, used to initiate mobile print jobsâ€”the following mobile operating systems are supported:
Security Target Version 1.0, 11/27/2019
Page 12 of 52
o iOS 9+
o Android 4.4+
o Chrome OS (all versions)
ï‚· Printers, used to execute print jobs released by the userâ€”supported manufacturers include HP, Xerox,
Konica Minolta, and Ricoh. For the full list of compatible devices, refer to
http://docs.printerlogic.com/Content/B_GettingStarted/RequirementsAndSupportedEnvironments.htm?Hig
hlight=hardware.
2.4.2 Logical Boundary
This section summarizes the security functions provided by the TOE:
ï‚· Cryptographic Support
ï‚· User Data Protection
ï‚· Identification and authentication
ï‚· Security Management
ï‚· Privacy
ï‚· Protection of the TSF
ï‚· TOE access
ï‚· Trusted Path/Channels
2.4.2.1 Cryptographic Support
The TOE uses NIST-validated cryptographic algorithms to secure data in transit. The TOE relies on the FIPS-validated
cryptographic library cng.sys provided by Windows to perform cryptographic functionality. The TSF encrypts
credential data stored by the TOE in the environmental SQL database.
The TOE relies on its underlying OS platform to implement TLS/HTTPS server functionality. The TOE also relies on
its underlying OS platform to provide entropy used for key generation.
2.4.2.2 User Data Protection
The TSF leverages functionality provided by their underlying OS platform to secure sensitive data at rest. The TOE
uses network resources provided by the underlying platform. All platform services are invoked with user awareness
and authorization.
The TOE uses network connectivity to handle interactive user and administrator sessions and to communicate with
environmental PL Clients for the purpose of applying configuration changes and updating the status of held print jobs.
2.4.2.3 Security Management
The Web Server provides an Admin Console GUI for configuration of environmental PL Client activity. Specifically,
an administrator can designate a PL Client as a Service Host and configure it to work with email printing and mobile
printing, thus defining the trusted channels used by a PL Client.
The Web Server also provides Self-Service Portal and Release Portal GUIs that allow users to control printing activity.
The Release Portal is used to release print jobs, which prompts secure communications back to environmental PL
Clients (Service Hosts) to initiate the print operation.
Authentication to the Web Server is performed using locally-defined credentials. On initial installation, the
administrator is prompted to specify credentials to be used for the Admin Console.
TOE configuration data is stored locally in the Windows Registry.
2.4.2.4 Privacy
The TOE does not handle personally identifiable information (PII).
Security Target Version 1.0, 11/27/2019
Page 13 of 52
2.4.2.5 Protection of the TSF
The TOE includes measures to integrate securely with its underlying OS platform. The TOE does not perform explicit
memory mapping and it does not allocate any memory region with both write and execute permissions. Similarly, the
TSF does not write user-modifiable data to directories that contain executable files. The TOE is compatible with its
host OS platform when that platform is configured in a secure manner. The TOE is not written in a language that is
susceptible to stack-based buffer overflow attacks.
The TOE uses a well-defined set of platform APIs and third party libraries.
The TOE provides the ability for a user/administrator to check its version and to apply updates. Updates are delivered
in formats appropriate for the platform on which the TOE is installed. Application of an update removes all executable
code associated with the application; there is no way for the application to modify its own code. Updates the TOE are
digitally signed, and the signature is validated prior to installation.
2.4.2.6 Trusted Path/Channels
TOE components use trusted paths and channels to secure data in transit. The following interfaces are provided by
each TOE component:
ï‚· Web Server:
o TLS/HTTPS server for remote user/administrator access
o TLS/HTTPS server for changes to PL Client configuration data and pull printing status
2.5 TOE Documentation
PrinterLogic provides the following product documentation in support of the installation and secure use of the TOE:
ï‚· PrinterLogic Web Stack Common Criteria Evaluated Configuration Guide, Version 1.0
Additional information on installation, configuration and use of the TOE can be found in the PrinterLogic Web Stack
online help page, located at https://docs.printerlogic.com/.
Security Target Version 1.0, 11/27/2019
Page 14 of 52
3. Security Problem Definition
This Security Target includes by reference the Security Problem Definition, composed of threats and assumptions,
from the [App PP]. The Common Criteria also provides for organizational security policies to be part of a security
problem definition, but no such policies are defined in the [App PP].
In general, the threat model of the [App PP] is designed to protect against the following:
ï‚· Disclosure of sensitive data at rest or in transit that the user has a reasonable expectation of security for
ï‚· Excessive or poorly-implemented interfaces with the underlying platform that allow an application to be used
as an intrusion point to a system
This threat model is applicable to the TOE because information related to a userâ€™s interaction with printer resources
may contain sensitive data that a user expects will not be disclosed to anyone, and because the TOE runs on a general
purpose operating system that may contain other data, applications, or network services that enforce their security in
part through the assumption that the underlying operating system is trusted.
Security Target Version 1.0, 11/27/2019
Page 15 of 52
4. Security Objectives
Like the Security Problem Definition, this Security Target includes by reference the security objectives define in [App
PP]. This includes security objectives for the TOE (used to mitigate threats) and for its operational environment (used
to satisfy assumptions).
Security Target Version 1.0, 11/27/2019
Page 16 of 52
5. IT Security Requirements
This section defines the Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) that
serve to represent the security functional claims for the Target of Evaluation (TOE) and to scope the evaluation effort.
The SFRs have all been drawn from the following Protection Profile (PP):
ï‚· Protection Profile for Application Software, version 1.3, 21 March 2019 [App PP]
As a result, any selection/assignment/refinement operations already performed by that PP on the claimed SFRs are
not identified here (i.e., they are not for matted in accordance with the conventions specified in section 1.3 of this
Security Target). Formatting conventions are only applied on SFR text that was chosen at the ST authorâ€™s discretion.
5.1 Extended Requirements
All of the extended requirements in this ST have been drawn from the [App PP]. The PP defines the following extended
SAR and SFRs; since they have not been redefined in this ST, the [App PP] should be consulted for more information
regarding these extensions to CC Parts 2 and 3.
ï‚· ALC_TSU_EXT.1 (from [App PP]): Timely Security Updates
ï‚· FCS_CKM_EXT.1 (from [App PP]): Cryptographic Key Generation Services
ï‚· FCS_RBG_EXT.1 (from [App PP]): Random Bit Generation Services
ï‚· FCS_STO_EXT.1 (from [App PP]): Storage of Credentials
ï‚· FDP_DAR_EXT.1 (from [App PP]): Encryption of Sensitive Application Data
ï‚· FDP_DEC_EXT.1 (from [App PP]): Access to Platform Resources
ï‚· FDP_NET_EXT.1 (from [App PP]): Network Communications
ï‚· FMT_CFG_EXT.1 (from [App PP]): Secure by Default Configuration
ï‚· FMT_MEC_EXT.1 (from [App PP]): Supported Configuration Mechanism
ï‚· FPR_ANO_EXT.1 (from [App PP]): User Consent for Transmission of Personally Identifiable Information
ï‚· FPT_AEX_EXT.1 (from [App PP]): Anti-Exploitation Capabilities
ï‚· FPT_API_EXT.1 (from [App PP]): Use of Supported Services and APIs
ï‚· FPT_IDV_EXT.1 (from [App PP]): Software Identification and Versions
ï‚· FPT_LIB_EXT.1 (from [App PP]): Use of Third Party Libraries
ï‚· FPT_TUD_EXT.1 (from [App PP]): Integrity for Installation and Update
ï‚· FPT_TUD_EXT.2 (from [App PP]): Integrity for Installation and Update
ï‚· FTP_DIT_EXT.1 (from [App PP]): Protection of Data in Transit
Security Target Version 1.0, 11/27/2019
Page 17 of 52
5.2 TOE Security Functional Requirements
The following table identifies the SFRs that are satisfied by the TOE.
Table 1 TOE Security Functional Components
Requirement Class Requirement Component
FCS: Cryptographic
Support
FCS_CKM.1(1): Cryptographic Asymmetric Key Generation
FCS_CKM.2: Cryptographic Key Establishment
FCS_CKM_EXT.1: Cryptographic Key Generation Services
FCS_RBG_EXT.1: Random Bit Generation Services
FCS_STO_EXT.1: Storage of Credentials
FDP: User Data Protection FDP_DAR_EXT.1: Encryption of Sensitive Application Data
FDP_DEC_EXT.1: Access to Platform Resources
FDP_NET_EXT.1: Network Communications
FMT: Security
Management
FMT_CFG_EXT.1: Secure by Default Configuration
FMT_MEC_EXT.1: Supported Configuration Mechanism
FMT_SMF.1: Specification of Management Functions
FPR: Privacy FPR_ANO_EXT.1: User Consent for Transmission of Personally Identifiable
Information
FPT: Protection of the TSF FPT_AEX_EXT.1: Anti-Exploitation Capabilities
FPT_API_EXT.1: Use of Supported Services and APIs
FPT_IDV_EXT.1: Software Identification and Versions
FPT_LIB_EXT.1: Use of Third Party Libraries
FPT_TUD_EXT.1: Integrity for Installation and Update
FPT_TUD_EXT.2: Integrity for Installation and Update
FTP: Trusted
Path/Channels
FTP_DIT_EXT.1: Protection of Data in Transit
5.2.1 Cryptographic Support (FCS)
FCS_CKM.1(1) Cryptographic Asymmetric Key Generation
FCS_CKM.1.1(1) The application shall [invoke platform-provided functionality] to generate asymmetric
cryptographic keys in accordance with a specified cryptographic key generation
algorithm [
[ECC schemes] using [â€œNIST curvesâ€ P-256, P-384 and [no other curves]] that meet the
following: [FIPS PUB 186-4, â€œDigital Signature Standard (DSS)â€, Appendix B.4]
].
FCS_CKM.2 Cryptographic Key Establishment
FCS_CKM.2.1 The application shall [invoke platform-provided functionality] to perform cryptographic
key establishment in accordance with a specified cryptographic key establishment
method: [
Security Target Version 1.0, 11/27/2019
Page 18 of 52
[Elliptic curve-based key establishment schemes] that meet the following: [NIST Special
Publication 800-56A, â€œRecommendation for Pair-Wise Key Establishment Schemes
Using Discrete Logarithm Cryptographyâ€]
].
FCS_CKM_EXT.1 Cryptographic Key Generation Services
FCS_CKM_EXT.1.1 The application shall [invoke platform-provided functionality for asymmetric key
generation].
FCS_RBG_EXT.1 Random Bit Generation Services
FCS_RBG_EXT.1.1 The application shall [invoke platform-provided DRBG functionality] for its cryptographic
functions.
FCS_STO_EXT.1 Storage of Credentials
FCS_STO_EXT.1.1 The application shall [invoke the functionality provided by the platform to securely store
[local user, local administrator, and Console Print Application credentials]] to non-
volatile memory.
Application Note: Credentials are stored by the platform through invocation of platform-provided AES (i.e.,
the same mechanism that the TSF would use if it was the component responsible for the
secure storage).
5.2.2 User Data Protection (FDP)
FDP_DAR_EXT.1 Encryption of Sensitive Application Data
FDP_DAR_EXT.1.1 The application shall [[leverage platform-provided functionality to encrypt sensitive
data]] in non-volatile memory.
FDP_DEC_EXT.1 Access to Platform Resources
FDP_DEC_EXT.1.1 The application shall restrict its access to [network connectivity].
FDP_DEC_EXT.1.2 The application shall restrict its access to [[SQL database]].
FDP_NET_EXT.1 Network Communications
FDP_NET_EXT.1.1 The application shall restrict network communication to [user-initiated communication
for [remote interaction with GUI], respond to [remotely-initiated status communication
with PL Client], [application-initiated status communication with PL Client, application-
initiated status communication with PL Client]].
5.2.3 Security Management (FMT)
FMT_CFG_EXT.1 Secure by Default Configuration
FMT_CFG_EXT.1.1 The application shall only provide enough functionality to set new credentials when
configured with default credentials or no credentials.
FMT_CFG_EXT.1.2 The application shall be configured by default with file permissions which protect the
applicationâ€™s binaries and data files from modification by normal unprivileged users.
FMT_MEC_EXT.1 Supported Configuration Mechanism
FMT_MEC_EXT.1.11
The application shall [invoke the mechanisms recommended by the platform vendor for
storing and setting configuration options].
1
This SFR has been modified as per NIAP TD0437
Security Target Version 1.0, 11/27/2019
Page 19 of 52
FMT_SMF.1 Specification of Management Functions
FMT_SMF.1.1 The TSF shall be capable of performing the following management functions
[[specification of endpoints for trusted channels, release of print jobs, configuration of
client settings]].
5.2.4 Privacy (FPR)
FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information
FPR_ANO_EXT.1.1 The application shall [not transmit PII over a network].
5.2.5 Protection of the TSF (FPT)
FPT_AEX_EXT.1 Anti-Exploitation Capabilities
FPT_AEX_EXT.1.1 The application shall not request to map memory at an explicit address except for [no
exceptions].
FPT_AEX_EXT.1.2 The application shall [not allocate any memory region with both write and execute
permissions].
FPT_AEX_EXT.1.3 The application shall be compatible with security features provided by the platform
vendor.
FPT_AEX_EXT.1.4 The application shall not write user-modifiable files to directories that contain executable
files unless explicitly directed by the user to do so.
FPT_AEX_EXT.1.5 The application shall be compiled with stack-based buffer overflow protection enabled.
FPT_API_EXT.1 Use of Supported Services and APIs
FPT_API_EXT.1.1 The application shall only use documented platform APIs.
FPT_IDV_EXT.1 Software Identification and Versions
FPT_IDV_EXT.1.1 The application shall be versioned with [[other version information]].
FPT_LIB_EXT.1 Use of Third Party Libraries
FPT_LIB_EXT.1.1 The application shall be packaged with only [third-party libraries listed in Appendix A.2].
Application Note: The TOE uses a large number of third-party libraries so this information has been provided
in an Appendix for readability purposes.
FPT_TUD_EXT.1 Integrity for Installation and Update
FPT_TUD_EXT.1.1 The application shall [provide the ability] to check for updates and patches to the
application software.
FPT_TUD_EXT.1.2 The application shall [provide the ability] to query the current version of the application
software.
FPT_TUD_EXT.1.3 The application shall not download, modify, replace or update its own binary code..
FPT_TUD_EXT.1.4 The application installation package and its updates shall be digitally signed such that its
platform can cryptographically verify them prior to installation.
FPT_TUD_EXT.1.5 The application is distributed [as an additional software package to the platform OS].
FPT_TUD_EXT.2 Integrity for Installation and Update
FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package
manager.
Security Target Version 1.0, 11/27/2019
Page 20 of 52
FPT_TUD_EXT.2.2 The application shall be packaged such that its removal results in the deletion of all traces
of the application, with the exception of configuration settings, output files, and audit/log
events.
5.2.6 Trusted Path/Channels (FTP)
FTP_DIT_EXT.1 Protection of Data in Transit
FTP_DIT_EXT.1.1 The application shall [
ï‚· invoke platform-provided functionality to encrypt all transmitted sensitive data with
[HTTPS, TLS]
] between itself and another trusted IT product.
5.3 TOE Security Assurance Requirements
The security assurance requirements for the TOE are included by reference to [App PP].
Table 2 Assurance Components
Requirement Class Requirement Component
ADV: Development ADV_FSP.1 Basic Functional Specification
AGD: Guidance Documents AGD_OPE.1: Operational User Guidance
AGD_PRE.1: Preparative Procedures
ALC: Life-Cycle Support ALC_CMC.1: Labelling of the TOE
ALC_CMS.1: TOE CM coverage
ALC_TSU_EXT.1: Timely Security Updates
ATE: Tests ATE_IND.1 Independent Testing â€“ Conformance
AVA: Vulnerability Assessment AVA_VAN.1 Vulnerability Survey
Consequently, the assurance activities specified in the [App PP] apply to the TOE evaluation, including any changes
made to them by subsequent NIAP Technical Decisions as summarized in section 1.2 above.
Security Target Version 1.0, 11/27/2019
Page 21 of 52
6. TOE Summary Specification
This chapter describes the security functions of the TOE:
ï‚· Cryptographic Support
ï‚· User Data Protection
ï‚· Identification and Authentication
ï‚· Security Management
ï‚· Privacy
ï‚· Protection of the TSF
ï‚· Trusted Path/Channels
It also describes the process put in place by the TOE vendor to provide timely security updates to the TOE as per the
ALC_TSU_EXT.1 requirements of the [App PP].
6.1 Timely Security Updates
PrinterLogic provides maintenance releases as needed in between major releases. The purpose of the maintenance
release is to provide bug fixes and security updates for the PrinterLogic Web Stack Server. Additionally, when
updates are made to the bundled third-party capabilities (MySQL, PHP), they are obtained by PrinterLogic and
pushed to customers. Customers are notified by the Customer Support team when a maintenance release is made
available. Maintenance release notes identify the security vulnerabilities that are fixed in the release. The only
mechanism to deploy security updates is through maintenance releases. Upon discovery of a vulnerability, the
impact will be assessed for priority. Any critical security fixes are immediately implemented, with a target release of
72 hours from discovery. Lower-risk items are targeted for resolution in 30-45 days depending on priority and
severity. All security reports are communicated from customers to Customer Support via live phone support or
through an HTTPS form on the printerlogic.com website.
6.2 Cryptographic Support
TOE components use cryptography to secure data in transit to and from each application instance. The following
cryptographic interfaces are used by each component when the TOE is configured to be in its evaluated configuration:
ï‚· TLS/HTTPS server (for remote user/administrator authentication using the Self-Service Portal and the
Release Portal)
ï‚· TLS/HTTPS server (for communication of configuration settings to individual PL Client applications at the
request of those applications)
The TOE relies on the underlying OS platform cryptography (via the FIPS-validated cryptographic module cng.sys)
to implement the cryptographic primitives for TLS/HTTPS communications. The TOE relies on IIS to provide the
TLS/HTTPS protocol stack for these communications.
The TOE relies on its operational environment to generate asymmetric keys in support of trusted communications.
The TSF generates ECC keys using P-256 and P-384. These keys are generated in support of the ECDHE key
establishment schemes that are used for TLS/HTTPS communications. To ensure sufficient key strength, the TOE
invokes environmental DRBG functionality for key generation. The proprietary Entropy Analysis Report (EAR)
describes how the TSF extracts random data from software-based sources to ensure that an amount of entropy that is
at least equal to the strength of the generated keys is present (i.e., at least 256 bits when the largest supported keys are
generated) when seeding the DRBG for key generation purposes. The TOE relies on the third-party entropy sources
provided by the platform vendor (Microsoft); in this case, it is assumed that this platform provides at least 256 bits of
entropy. Key generation is the only TOE function that requires the use of random numbers. Random numbers are
obtained from the BCryptGenRandom platform API. The TOE relies on IIS to implement all TLS functionality, so
the platform API is itself invoked by the platform.
The TOE uses TLS 1.2 implemented by the OS platform for protection of data in transit. The TOE stores local
user/administrator credentials (to the Admin, Self-Service, and Release Portals) and credentials for environmental
control panel applications (CPAs) in the MySQL database that is bundled with the TOE installation. This data is
protected from unauthorized access using AES encryption of the database itself by the TOE platformâ€™s cryptographic
Security Target Version 1.0, 11/27/2019
Page 22 of 52
module as well as full disk encryption of the entire platform on which the Web Server and MySQL database are
installed (see FDP_DAR_EXT.1).
The Cryptographic Support security function is designed to satisfy the following security functional requirements:
ï‚· FCS_CKM.1(1) â€“ The TOE platform generates ECC keys for the purpose of TLS key establishment.
ï‚· FCS_CKM.2 â€“ The TOE platform performs ECC key establishment for TLS.
ï‚· FCS_CKM_EXT.1 â€“ the TSF relies on the underlying OS platform to provide key generation functionality.
ï‚· FCS_RBG_EXT.1 â€“ The TSF relies on the underlying OS platform to provide random bit generation
functionality.
ï‚· FCS_STO_EXT.1 â€“ TOE components use platform-provided services to store all credential data.
6.3 User Data Protection
The [App PP] defines â€˜sensitive dataâ€™ as follows: â€œSensitive data may include all user or enterprise data or may be
specific application data such as emails, messaging, documents, calendar items, and contacts. Sensitive data must
minimally include PII, credentials, and keys. Sensitive data shall be identified in the applicationâ€™s TSS by the ST
author.â€
The table below lists the data that is considered to be â€˜sensitive dataâ€™ for this TOE along with where that data resides.
Note that while CPA credentials are not used by the TSF to fulfill any security functions in the claimed PP, they are
stored by the TOE for non-TSF functions. As a result, user/administrator will have a reasonable expectation that the
TSF can protect this data. The TSF does not examine printed documents for content so they are all considered to be
sensitive data since a user has a reasonable expectation that if they print a document, it will not be stored on a separate
server for others to view.
Table 3 Sensitive Data
Sensitive Data
Stored
On
Exchange Protection At Rest
Protection
In Transit
Database key TOE Inter-process
communication
Platform encryption (full
disk)
N/A
Admin Console
Credentials (Local)
TOE Adminâ€™s browser to Web
Server over browser
connection
Platform encryption (full
disk + FCS_STO_EXT.1
AES)
HTTPS
Self-Service/Release
Portal User Credentials
(Local)
TOE Userâ€™s browser to Web
Server over browser
connection
Platform encryption (full
disk + FCS_STO_EXT.1
AES)
HTTPS
CPA credential TOE Queried by remote printer Platform encryption (full
disk + FCS_STO_EXT.1
AES)
HTTPS
PL Client configuration
settings
TOE Pulled by PL Client
instances as needed
Platform encryption (full
disk + FCS_STO_EXT.1
AES)
HTTPS
Instructions to
hold/release print jobs
N/A Issued from Web Server
to Service Host at user
direction
N/A HTTPS
In the evaluated configuration, the TOE will be installed on a platform that has full disk encryption enabled. All data
at rest is ultimately secured by the operational environmentâ€™s platform encryption functionality, including credential
data that is stored in the environmental database and encrypted.
Security Target Version 1.0, 11/27/2019
Page 23 of 52
The underlying platform functionality that the TOE interacts with is the systemâ€™s network connectivity. Network usage
of the TOE is authorized implicitly through user guidance; it does not make any specific requests on its own to use
network services once installed. The TOE restricts network connectivity to the following uses only:
ï‚· User-initiated: accessing the Web Server from a remote web browser
ï‚· Remotely-initiated: initiation of cloud/email printing that a Service Host is configured to handle, remotely-
initiated status communication with environmental PL Client (e.g. notification from PL Client that a print
job is being held by a user)
ï‚· TSF-initiated: status communication with environmental PL Client (e.g. notification to PL Client that a held
print job has been released by a user)
The TOE also interacts with the SQL database residing on its local system when user actions requiring access to it are
performed.
The User Data Protection security function is designed to satisfy the following security functional requirements:
ï‚· FDP_DAR_EXT.1 â€“ Sensitive data at rest is protected by full disk encryption of the underlying OS platforms
for each TOE component.
ï‚· FDP_DEC_EXT.1 â€“ The TOEâ€™s use of platform services is well understood by users prior to authorizing the
TOE activity.
ï‚· FDP_NET_EXT.1 â€“ The TOE communicates over the network for well-defined purposes. Depending on the
function, the use of network resources is user-initiated directly through the TSF, remotely initiated by a user
performing an action in the operational environment, or initiated by the TOE itself.
6.4 Security Management
The TOE provides a graphical user interface (GUI) that requires user authentication to access. As part of initial setup,
the user must specify the username/password of an administrator account before any additional access is granted.
The TOE is protected from unauthorized access via the host platformâ€™s file system. By default, the binaries and
application data for the TOE are owned by Administrators.
The TOE enforces its security functionality by default upon initial installation and configuration. Configuration
settings are defined on the Web Serverâ€™s local system and stored in the Windows registry.
The TOE can be used to specify the endpoints for trusted channels through configuration of environmental PL Clients.
Specifically, a user can specify one or more email servers that a Service Host will retrieve data from for email printing.
A user can also designate a Service Host to receive and hold print jobs for AirPrint and Google cloud printing. The
TOE specifies this behavior by saving settings in its SQL database. When an environmental PL Client communicates
with the TOE, it will be notified if it has been designated as a Service Host; in response to this, it will spawn a process
to provide that functionality. The behavior of that process (e.g., what mailbox to monitor for email printing, whether
to print or discard email printing requests that come from guest users, what Active Directory repository to use when
doing reverse lookups for user identities) is controlled by the TOE settings as well. As this configuration data is stored
remotely from the PL Client, it isstored as sensitive data in the SQL database and so it is not subject to unauthorized
manipulation.
The TOE provides a mechanism for a user to complete a pull print or cloud print through release of the print job. The
release method differs based on the print method, as follows:
ï‚· Pull print: PL Client (on userâ€™s host system) prompts user to hold or release print job
o If print job is held, user will use the TOE to release the job at a later time
o If print job is released, PL Client will release the job
ï‚· Cloud print:
o User can use the TOE to release the job
In the Admin Console, an administrator may also configure the following PL Client settings:
Security Target Version 1.0, 11/27/2019
Page 24 of 52
ï‚· Time interval for client check-in (default 240 minutes)
ï‚· Enable/disable server initiation of client updates
ï‚· Enable/disable designation of individual client as Service Host
ï‚· Specify use of HTTPS for client-server communications (Service Host communications are not configurable
and use TLS/HTTPS by default)
All other management functionality provided by the product is non-TSF and all other security-relevant settings are
established during TOE installation and are non-configurable.
The Security Management security function is designed to satisfy the following security functional requirements:
ï‚· FMT_CFG_EXT.1 â€“ The TOE requires credentials to be defined before use. It is also prevented from direct
modification by untrusted users via their host OS platform.
ï‚· FMT_MEC_EXT.1 â€“ Locally-modifiable configuration settings for the TOE are stored in an appropriate
location.
ï‚· FMT_SMF.1 â€“ The TOE can be used by administrators to configure environmental PL Client settings
including configuring individual clients to act as Service Hosts and configuring trusted channel endpoints by
identifying where Service Hosts will retrieve print jobs. The TOE can also be used by end users to authorize
the release of print jobs that are held by Service Hosts.
6.5 Privacy
The TOE does not handle personally identifiable information (PII). The TOE facilitates interaction between users and
printer resources but does not directly accept Active Directory credentials or handle print spool data.
The Privacy security function is designed to satisfy the following security functional requirements:
ï‚· FPR_ANO_EXT.1 â€“ the TOE does not handle personally identifiable information.
6.6 Protection of the TSF
The TOE implements several mechanisms to protect against exploitation. The TOE implement address space layout
randomization (ASLR) and relies fully on its underlying host platform to perform memory mapping. There is no
situation where the TSF maps memory to an explicit address. The TOE (PHP) is interpreted code that does not use
just-in-time compilation. It also does not use both PROT_WRITE and PROT_EXEC on the same memory regions.
The TOE writes data to the underlying OS platform; however, no data is considered to be user-modifiable. The
following directories are used to write and store data:
ï‚· web application resides in IIS node of administratorâ€™s choosing (e.g., C:\inetpub); PHP writes log data to
%TMP% directory on OS platform; configuration data is stored in SQL database installed at location of
administratorâ€™s choosing.
The TOE is written in interpreted language that relies on the runtime environment to dynamically allocate memory
and is therefore not subject to stack-based buffer overflows.
The TOE is designed to run on a host OS platform where platform security features have been enabled (e.g. Windows
Defender Export Guard). The TOE uses only documented platform APIs. Appendix A.1 lists the APIs used by the
TOE. The TOE also makes use of third-party libraries. Appendix A.2 lists the libraries used by the TOE. The TOE is
versioned in the format â€˜x.yâ€™ where x is the year of release and y is the nth release of that year (e.g. in the case of
version 18.3, itâ€™s the 3rd version released in 2018).
The TOE provides the means to check for, apply, and verify software updates. This is implemented as follows:
A user can check for updates by visiting a link in the Admin Console to check for the latest release. Updates are
packaged as .exe files. There is no method to uninstall the application; application of an update will modify existing
components as opposed to removing and re-installing components. The current version of the application can be
queried by navigating to About PrinterLogic Web Stack in the Admin Console. All updates are digitally signed by
Security Target Version 1.0, 11/27/2019
Page 25 of 52
PrinterLogic using 2048-bit RSA signatures. The digital signature is verified automatically by Windows APIs prior
to installation.
The TOE is made available as a stand-alone installer that can be obtained from PrinterLogicâ€™s website, and can be
distribed by any variety of methods (e.g. pushed out through AD or made available in the Software Center). Updating
the TOE software is the only method of changing its executable code; it does not change its own code. Removal of
the application will result in the deletion of all traces of the application except for any related configuration settings,
log events, or output files.
The Protection of the TSF security function is designed to satisfy the following security functional requirements:
ï‚· FPT_AEX_EXT.1 â€“ The TOE interacts with its host OS platform in a manner that does not expose the system
to memory-related exploitation.
ï‚· FPT_API_EXT.1 â€“ The TOE uses documented platform APIs.
ï‚· FPT_IDV_EXT. 1 â€“ The TOE is versioned with the year and month of release.
ï‚· FPT_LIB_EXT.1 â€“ The set of third-party libraries used by the TOE is well-defined.
ï‚· FPT_TUD_EXT.1 â€“ The TOE can be updated through installation packages. Updates are signed by the
vendor and validated by the host OS platform prior to installation.
ï‚· FPT_TUD_EXT.2 â€“ Updates to the TOE are packaged using formats native to the supported OS platform
and removal of the TOE does not preserve any executable code on the platform.
6.7 Trusted Path/Channels
The TOE uses HTTPS / TLSv1.2 to secure sensitive data in transit over trusted channels and paths. The channels and
paths supported by the TOE and the protocols used to establish them are listed in section 6.2. All trusted channel
communications are provided by the TOE platform.
The following data is considered by the TOE to be â€˜sensitiveâ€™ and is therefore protected in transit to/from the system
on which a TOE component resides:
ï‚· User and administrator credential data (from user to TOE)
ï‚· Configuration information (from user to TOE and between TOE and PL Client)
ï‚· Credential data for environmental components (CPA) (from TOE to/from environmental components)
ï‚· Authorizations to hold/release print jobs (between TOE and PL Client)
The secure protocols are supported by NIST-validated cryptographic mechanisms provided by the operational
environment. The administrator must configure the interfaces to use the trusted channels before the TOE has been
placed into its evaluated configuration.
The TOE can also interact with printers in the operational environment to query status information using SNMPv3,
but this is not considered to be sensitive data as per section 6.2 and is therefore not protected with any of the trusted
protocols specified in FTP_DIT_EXT.1.
The Trusted Path/Channels security function is designed to satisfy the following security functional requirements:
ï‚· FTP_DIT_EXT.1 â€“ The TOE relies on platform-provided functionality to secure sensitive data in transit
using TLS and HTTPS.
Security Target Version 1.0, 11/27/2019
Page 26 of 52
7. Protection Profile Claims
This ST is conformant to the Protection Profile for Application Software, Version 1.3, 1 March 2019 [App PP] along
with all applicable errata and interpretations from the certificate issuing scheme.
As explained in section 3, Security Problem Definition, the Security Problem Definition of [App PP] has been included
by reference into this ST.
As explained in section 4, Security Objectives, the Security Objectives of [App PP] has been included by reference
into this ST.
All claimed SFRs are defined in [App PP]. All mandatory SFRs are claimed. No optional or objective SFRs are
claimed. Selection-based SFR claims are consistent with the selections made in the mandatory SFRs that prompt their
inclusion.
Security Target Version 1.0, 11/27/2019
Page 27 of 52
8. Rationale
This Security Target includes by reference the [App PP] Security Problem Definition, Security Objectives, and
Security Assurance Requirements. The Security Target does not add, remove, or modify any of these items. Security
Functional Requirements have been reproduced with the Protection Profile operations completed. All selections,
assignments, and refinements made on the claimed Security Functional Requirements have been performed in a
manner that is consistent with what is permitted by the [App PP]. The proper set of selection-based requirements have
been claimed based on the selections made in the mandatory requirements. Consequently, the claims made by this
Security Target are sufficient to address the TOEâ€™s security problem. Rationale for the sufficiency of the TOE
Summary Specification is provided below.
8.1 TOE Summary Specification Rationale
Each subsection in Section 6, the TOE Summary Specification, describes a security function of the TOE. Each
description is followed with rationale that indicates which requirements are satisfied by aspects of the corresponding
security function. The set of security functions work together to satisfy all of the security functions and assurance
requirements. Furthermore, all of the security functions are necessary in order for the TSF to provide the required
security functionality.
This section in conjunction with Section 6, the TOE Summary Specification, provides evidence that the security
functions are suitable to meet the TOE security requirements. The collection of security functions work together to
provide all of the security requirements. The security functions described in the TOE summary specification are all
necessary for the required security functionality in the TSF. The table below demonstrates the relationship between
security requirements and security functions.
Security Target Version 1.0, 11/27/2019
Page 28 of 52
Table 4 Security Functions vs Requirements Mapping
Cryptographic
Support
User
Data
Protection
Identification
and
Authentication
Security
Management
Privacy
Protection
of
the
TSF
Trusted
Path/Channels
FCS_CKM.1(1) X
FCS_CKM.2 X
FCS_CKM_EXT.1 X
FCS_RBG_EXT.1 X
FCS_STO_EXT.1 X
FDP_DAR_EXT.1 X
FDP_DEC_EXT.1 X
FDP_NET_EXT.1 X
FMT_CFG_EXT.1 X
FMT_MEC_EXT.1 X
FMT_SMF.1 X
FPR_ANO_EXT.1 X
FPT_AEX_EXT.1 X
FPT_API_EXT.1 X
FPT_IDV_EXT.1 X
FPT_LIB_EXT.1 X
FPT_TUD_EXT.1 X
FPT_TUD_EXT.2 X
FTP_DIT_EXT.1 X
Security Target Version 1.0, 11/27/2019
Page 29 of 52
Appendix A: TOE Usage of Third-Party Components
This Appendix lists the platform APIs and third-party libraries that are used by the TOE.
A.1 Platform APIs
The Windows platform APIs used by the Web Server are listed below. The Web Server also relies on the standalone
IIS and MySQL components referenced in section 2.4.1.
ï‚· COM controls
o Microsoft XMLDOM (COM control)
o NameTranslate
ï‚· APIs in the following platform libraries:
o activeds.dll
o advapi32.dll
o bcrypt.dll
o comctl32.dll
o comdig32.dll
o cryp32.dll
o fbwflib.dll
o gdi32.dll
o iphlpapi.dll
o kernel32.dll
o mpr.dll
o msvcrt.dll
o netapi32.dll
o ole32.dll
o oleaut32.dll
o shell32.dll
o user32.dll
o userenv.dll
o version.dll
o winhttp.dll
o wintrust.dll
o wsock32.dll
o wtsapi32.dll
ï‚· APIs in the following platform drivers:
o winspool.drv
Security Target Version 1.0, 11/27/2019
Page 30 of 52
A.2 Third-Party Libraries
The following section lists the third-party libraries used by the TOE:
ï‚· calwin32.dll
ï‚· netwin32.dll
ï‚· locwin32.dll
ï‚· clxwin32.dll
ï‚· nwcalls.dll
ï‚· nwnet.dll
ï‚· nwlocale.dll
The Web Server component also uses the following third-party libraries for PHP and Javascript, with applicable
version information:
ï‚· PHP libraries:
o adambrett/shell-wrapper 0.8
o aws/aws-sdk-php 3.19.17
o aws/aws-sdk-php-laravel 3.1.0
o barryvdh/laravel-async-queue dev-master de900c0
o barryvdh/laravel-ide-helper 2.3.2
o barryvdh/laravel-snappy 0.3.1
o barryvdh/reflection-docblock 2.0.4
o bosnadev/repositories 0.9
o classpreloader/classpreloader 3.0.0
o danielstjules/stringy 2.3.2
o dnoegel/php-xdg-base-dir 0.1
o doctrine/annotations 1.2.7
o doctrine/cache 1.6.0
o doctrine/collections 1.3.0
o doctrine/common 2.6.1
o doctrine/dbal 2.5.5
o doctrine/inflector 1.1.0
o doctrine/instantiator 1.0.5
o doctrine/lexer 1.0.1
o evenement/evenement 2.0.1
o fzaninotto/faker 1.7.0
o guzzlehttp/guzzle 6.2.2
o guzzlehttp/promises 1.2.0
o guzzlehttp/psr7 1.3.1
o h4cc/wkhtmltoimage-amd64 0.12.3
Security Target Version 1.0, 11/27/2019
Page 31 of 52
o h4cc/wkhtmltopdf-amd64 0.12.3
o hamcrest/hamcrest-php 1.2.2
o intervention/image 2.3.8
o jakub-onderka/php-console-color 0.1
o jakub-onderka/php-console-highlighter 0.3.2
o jakub-onderka/php-parallel-lint 0.9.2
o jeremeamia/SuperClosure 2.2.0
o jeroen-g/laravel-packager 1.5
o knplabs/knp-snappy 0.4.3
o laravel/framework 5.2.45
o laravelcollective/html 5.2
o league/event 2.1.2
o league/flysystem 1.0.30
o league/fractal 0.13.0
o league/oauth2-server 4.1.6
o lucadegasperi/oauth2-server-laravel 5.1.4
o mockery/mockery 0.9.5
o monolog/monolog 1.21.0
o mtdowling/cron-expression 1.1.0
o mtdowling/jmespath.php 2.3.0
o myclabs/deep-copy 1.5.4
o nesbot/carbon 1.21.0
o nikic/php-parser 2.1.1
o paragonie/random_compat 1.4.1
o phpdocumentor/reflection-common 1.0
o phpdocumentor/reflection-docblock 3.1.1
o phpdocumentor/type-resolver 0.2
o phpspec/php-diff 1.0.2
o phpspec/phpspec 2.5.3
o phpspec/prophecy 1.6.1
o phpunit/php-code-coverage 4.0.1
o phpunit/php-file-iterator 1.4.1
o phpunit/php-text-template 1.2.1
o phpunit/php-timer 1.0.8
o phpunit/php-token-stream 1.4.8
o phpunit/phpunit 5.6.1
o phpunit/phpunit-mock-objects 3.4.0
Security Target Version 1.0, 11/27/2019
Page 32 of 52
o predis/predis 1.1.1
o printerlogic/copy-scan-tracking-pkg 1.0.3
o printerlogic/ms-auth-key-pkg 1.3
o printerlogic/php-coding-standards-pkg 1.1.0
o printerlogic/queuecommber 2.1.2
o printerlogic/site-id-pkg 1.0.0
o psr/http-message 1.0.1
o psr/log 1.0.2
o psy/psysh 0.7.2
o react/cache 0.4.2
o react/dns 0.4.13
o react/event-loop 0.5.2
o react/http 0.8.3
o react/promise 2.5.1
o react/promise-stream 1.1.1
o react/promise-timer 1.3.0
o react/socket 0.8.11
o react/stream 0.7.7
o ringcentral/psr7 1.2.2
o rlerdorf/opcache-status dev-master 4867346
o sebastian/code-unit-reverse-lookup 1.0.0
o sebastian/comparator 1.2.0
o sebastian/diff 1.4.1
o sebastian/environment 1.3.8
o sebastian/exporter 1.2.2
o sebastian/global-state 1.1.1
o sebastian/object-enumerator 1.0.0
o sebastian/recursion-context 1.0.2
o sebastian/resource-operations 1.0.0
o sebastian/version 2.0.0
o spatie/laravel-fractal 1.9.1
o squizlabs/php_codesniffer 3.0.2
o swiftmailer/swiftmailer 5.4.3
o symfony/class-loader 3.2.7
o symfony/console 3.0.9
o symfony/css-selector 3.1.5
o symfony/debug 3.0.9
Security Target Version 1.0, 11/27/2019
Page 33 of 52
o symfony/dom-crawler 3.1.5
o symfony/event-dispatcher 3.1.6
o symfony/finder 3.0.9
o symfony/http-foundation 3.0.9
o symfony/http-kernel 3.0.9
o symfony/polyfill-mbstring 1.3.0
o symfony/polyfill-php56 1.2.0
o symfony/polyfill-util 1.2.0
o symfony/process 3.0.9
o symfony/routing 3.0.9
o symfony/translation 3.0.9
o symfony/var-dumper 3.0.9
o symfony/yaml 3.1.5
o vlucas/phpdotenv 2.4.0
o webmozart/assert 1.1.0
o webpatser/laravel-uuid 2.2.1
o wemersonjanuario/wkhtmltopdf-windows 0.12.2.3
o wimg/php-compatibility 8.0.1
ï‚· Javascript libraries:
o JSONStream 1.3.2
o abbrev 1.1.1
o accounting 0.4.1
o acorn 4.0.13
o ajv 5.5.2
o ajv-keywords 2.1.1
o align-text 0.1.4
o amdefine 1.0.1
o ansi-gray 0.1.1
o ansi-regex 2.1.1
o ansi-styles 2.2.1
o ansi-wrap 0.1.0
o aproba 1.2.0
o archy 1.0.0
o are-we-there-yet 1.1.4
o argparse 1.0.9
o arr-diff 4.0.0
o arr-flatten 1.1.0
Security Target Version 1.0, 11/27/2019
Page 34 of 52
o arr-union 3.1.0
o array-differ 1.0.0
o array-each 1.0.1
o array-filter 0.0.1
o array-find-index 1.0.2
o array-map 0.0.0
o array-reduce 0.0.0
o array-slice 1.1.0
o array-union 1.0.2
o array-uniq 1.0.3
o array-unique 0.3.2
o arrify 1.0.1
o asap 2.0.6
o asn1 0.2.3
o asn1.js 4.9.2
o assert 1.4.1
o assert-plus 1.0.0
o assertion-error 1.1.0
o assign-symbols 1.0.0
o ast-types 0.9.6
o astw 2.2.0
o async 1.5.2
o async-foreach 0.1.3
o asynckit 0.4.0
o atob 2.0.3
o autoprefixer 7.2.5
o aws-sign2 0.7.0
o aws4 1.6.0
o babel-code-frame 6.26.0
o babel-core 6.24.0
o babel-generator 6.26.0
o babel-helper-builder-react-jsx 6.26.0
o babel-helper-call-delegate 6.24.1
o babel-helper-define-map 6.26.0
o babel-helper-function-name 6.24.1
o babel-helper-get-function-arity 6.24.1
o babel-helper-hoist-variables 6.24.1
Security Target Version 1.0, 11/27/2019
Page 35 of 52
o babel-helper-optimise-call-expression 6.24.1
o babel-helper-regex 6.26.0
o babel-helper-replace-supers 6.24.1
o babel-helpers 6.24.1
o babel-messages 6.23.0
o babel-plugin-check-es2015-constants 6.22.0
o babel-plugin-syntax-flow 6.18.0
o babel-plugin-syntax-jsx 6.18.0
o babel-plugin-transform-es2015-arrow-functions 6.22.0
o babel-plugin-transform-es2015-block-scoped-functions 6.22.0
o babel-plugin-transform-es2015-block-scoping 6.26.0
o babel-plugin-transform-es2015-classes 6.23.0
o babel-plugin-transform-es2015-computed-properties 6.24.1
o babel-plugin-transform-es2015-destructuring 6.23.0
o babel-plugin-transform-es2015-duplicate-keys 6.24.1
o babel-plugin-transform-es2015-for-of 6.23.0
o babel-plugin-transform-es2015-function-name 6.24.1
o babel-plugin-transform-es2015-literals 6.22.0
o babel-plugin-transform-es2015-modules-amd 6.24.1
o babel-plugin-transform-es2015-modules-commonjs 6.26.0
o babel-plugin-transform-es2015-modules-systemjs 6.24.1
o babel-plugin-transform-es2015-modules-umd 6.24.1
o babel-plugin-transform-es2015-object-super 6.24.1
o babel-plugin-transform-es2015-parameters 6.24.1
o babel-plugin-transform-es2015-shorthand-properties 6.24.1
o babel-plugin-transform-es2015-spread 6.22.0
o babel-plugin-transform-es2015-sticky-regex 6.24.1
o babel-plugin-transform-es2015-template-literals 6.22.0
o babel-plugin-transform-es2015-typeof-symbol 6.23.0
o babel-plugin-transform-es2015-unicode-regex 6.24.1
o babel-plugin-transform-flow-strip-types 6.22.0
o babel-plugin-transform-react-display-name 6.25.0
o babel-plugin-transform-react-jsx 6.23.0
o babel-plugin-transform-react-jsx-self 6.22.0
o babel-plugin-transform-react-jsx-source 6.22.0
o babel-plugin-transform-regenerator 6.26.0
o babel-plugin-transform-strict-mode 6.24.1
Security Target Version 1.0, 11/27/2019
Page 36 of 52
o babel-preset-es2015 6.24.0
o babel-preset-flow 6.23.0
o babel-preset-react 6.23.0
o babel-register 6.26.0
o babel-runtime 6.26.0
o babel-template 6.26.0
o babel-traverse 6.23.1
o babel-types 6.26.0
o babelify 7.3.0
o babylon 6.18.0
o balanced-match 1.0.0
o base 0.11.2
o base62 0.1.1
o base64-js 1.2.1
o bcrypt-pbkdf 1.0.1
o beeper 1.1.1
o bl 0.9.5
o block-stream 0.0.9
o bn.js 4.11.8
o boom 4.3.1
o bower 1.8.2
o brace-expansion 1.1.8
o braces 2.3.0
o brorand 1.1.0
o browser-pack 6.0.3
o browser-resolve 1.11.2
o browser-stdout 1.3.0
o browserify 14.3.0
o browserify-aes 1.1.1
o browserify-cipher 1.0.0
o browserify-des 1.0.0
o browserify-rsa 4.0.1
o browserify-sign 4.0.4
o browserify-zlib 0.1.4
o browserslist 2.11.3
o buffer 5.0.8
o buffer-xor 1.0.3
Security Target Version 1.0, 11/27/2019
Page 37 of 52
o builtin-modules 1.1.1
o builtin-status-codes 3.0.0
o cache-base 1.0.1
o cached-path-relative 1.0.1
o camelcase 2.1.1
o camelcase-keys 2.1.0
o caniuse-lite 1.0.30000792
o capitalize 1.0.0
o caseless 0.12.0
o center-align 0.1.3
o chai 3.5.0
o chalk 1.1.3
o cipher-base 1.0.4
o circular-json 0.3.3
o class-utils 0.3.6
o classnames 2.2.5
o cliui 3.2.0
o clone 1.0.3
o clone-buffer 1.0.0
o clone-regexp 1.0.0
o clone-stats 0.0.1
o cloneable-readable 1.0.0
o co 4.6.0
o code-point-at 1.1.0
o collection-visit 1.0.0
o color-convert 1.9.1
o color-name 1.1.3
o color-support 1.1.3
o combine-source-map 0.8.0
o combined-stream 1.0.5
o commander 2.9.0
o commoner 0.10.8
o component-emitter 1.2.1
o concat-map 0.0.1
o concat-stream 1.5.2
o concat-with-sourcemaps 1.0.5
o console-browserify 1.1.0
Security Target Version 1.0, 11/27/2019
Page 38 of 52
o console-control-strings 1.1.0
o constants-browserify 1.0.0
o convert-source-map 1.5.1
o copy-descriptor 0.1.1
o core-js 1.2.7
o core-util-is 1.0.2
o cosmiconfig 2.2.2
o create-ecdh 4.0.0
o create-hash 1.1.3
o create-hmac 1.1.6
o create-react-class 15.6.2
o cross-spawn 3.0.1
o cryptiles 3.1.2
o crypto-browserify 3.12.0
o css 2.2.1
o currently-unhandled 0.4.1
o dashdash 1.14.1
o date-now 0.1.4
o dateformat 2.0.0
o debug 2.6.9
o debug-fabulous 0.0.4
o decamelize 1.2.0
o decode-uri-component 0.2.0
o deep-eql 0.1.3
o deep-is 0.1.3
o defaults 1.0.3
o define-property 1.0.0
o defined 1.0.0
o del 2.2.2
o delayed-stream 1.0.0
o delegates 1.0.0
o deprecated 0.0.1
o deps-sort 2.0.0
o des.js 1.0.0
o detect-file 1.0.0
o detect-indent 4.0.0
o detect-newline 2.1.0
Security Target Version 1.0, 11/27/2019
Page 39 of 52
o detective 4.7.1
o diff 1.4.0
o diffie-hellman 5.0.2
o dom-helpers 3.3.1
o domain-browser 1.1.7
o duplexer 0.1.1
o duplexer2 0.1.4
o ecc-jsbn 0.1.1
o electron-to-chromium 1.3.31
o element-class 0.2.2
o elliptic 6.4.0
o encoding 0.1.12
o end-of-stream 0.1.5
o error-ex 1.3.1
o escape-string-regexp 1.0.5
o escodegen 1.8.1
o esprima 2.7.3
o estraverse 1.9.3
o esutils 2.0.2
o event-stream 3.3.4
o events 1.1.1
o evp_bytestokey 1.0.3
o execall 1.0.0
o exenv 1.2.0
o expand-brackets 2.1.4
o expand-range 1.8.2
o expand-tilde 2.0.2
o extend 3.0.1
o extend-shallow 2.0.1
o extglob 2.0.4
o extsprintf 1.3.0
o faker 4.1.0
o fancy-log 1.3.2
o fast-deep-equal 1.0.0
o fast-json-stable-stringify 2.0.0
o fast-levenshtein 2.0.6
o fbjs 0.8.16
Security Target Version 1.0, 11/27/2019
Page 40 of 52
o file-entry-cache 2.0.0
o filename-regex 2.0.1
o fill-range 4.0.0
o find-index 0.1.1
o find-up 1.1.2
o findup-sync 2.0.0
o fined 1.1.0
o first-chunk-stream 1.0.0
o flagged-respawn 1.0.0
o flat-cache 1.3.0
o flatten 1.0.2
o for-in 1.0.2
o for-own 1.0.0
o forever-agent 0.6.1
o form-data 2.3.1
o fragment-cache 0.2.1
o from 0.1.7
o fs.realpath 1.0.0
o fstream 1.0.11
o function-bind 1.1.1
o gauge 2.7.4
o gaze 0.5.2
o get-caller-file 1.0.2
o get-stdin 4.0.1
o get-value 2.0.6
o getpass 0.1.7
o glob 7.1.1
o glob-base 0.3.0
o glob-parent 2.0.0
o glob-stream 3.1.18
o glob-watcher 0.0.6
o glob2base 0.0.12
o global-modules 1.0.0
o global-prefix 1.0.2
o globals 9.18.0
o globby 5.0.0
o globjoin 0.1.4
Security Target Version 1.0, 11/27/2019
Page 41 of 52
o globule 0.1.0
o glogg 1.0.1
o graceful-fs 3.0.11
o graceful-readlink 1.0.1
o growl 1.9.2
o gulp 3.9.1
o gulp-babel 6.1.2
o gulp-clean 0.3.2
o gulp-concat 2.6.1
o gulp-rename 1.2.2
o gulp-sass 3.1.0
o gulp-sourcemaps 2.5.1
o gulp-util 3.0.8
o gulplog 1.0.0
o handlebars 4.0.11
o har-schema 2.0.0
o har-validator 5.0.3
o has 1.0.1
o has-ansi 2.0.0
o has-flag 1.0.0
o has-gulplog 0.1.0
o has-unicode 2.0.1
o has-value 1.0.0
o has-values 1.0.0
o hash-base 2.0.2
o hash.js 1.1.3
o hawk 6.0.2
o hmac-drbg 1.0.1
o hoek 4.2.0
o home-or-tmp 2.0.0
o homedir-polyfill 1.0.1
o hosted-git-info 2.5.0
o html-tags 2.0.0
o htmlescape 1.1.1
o http-signature 1.2.0
o https-browserify 1.0.0
o iconv-lite 0.4.19
Security Target Version 1.0, 11/27/2019
Page 42 of 52
o ieee754 1.1.8
o ignore 3.3.7
o imurmurhash 0.1.4
o in-publish 2.0.0
o indent-string 2.1.0
o indexes-of 1.0.1
o indexof 0.0.1
o inflight 1.0.6
o inherits 2.0.3
o ini 1.3.5
o inline-source-map 0.6.2
o insert-module-globals 7.0.1
o interpret 1.1.0
o invariant 2.2.2
o invert-kv 1.0.0
o is-absolute 1.0.0
o is-accessor-descriptor 1.0.0
o is-arrayish 0.2.1
o is-buffer 1.1.6
o is-builtin-module 1.0.0
o is-data-descriptor 1.0.0
o is-descriptor 1.0.2
o is-directory 0.3.1
o is-dotfile 1.0.3
o is-equal-shallow 0.1.3
o is-extendable 0.1.1
o is-extglob 2.1.1
o is-finite 1.0.2
o is-fullwidth-code-point 1.0.0
o is-glob 3.1.0
o is-number 3.0.0
o is-odd 1.0.0
o is-path-cwd 1.0.0
o is-path-in-cwd 1.0.0
o is-path-inside 1.0.1
o is-plain-object 2.0.4
o is-posix-bracket 0.1.1
Security Target Version 1.0, 11/27/2019
Page 43 of 52
o is-primitive 2.0.0
o is-regexp 1.0.0
o is-relative 1.0.0
o is-stream 1.1.0
o is-supported-regexp-flag 1.0.0
o is-typedarray 1.0.0
o is-unc-path 1.0.0
o is-utf8 0.2.1
o is-windows 1.0.1
o isarray 1.0.0
o isexe 2.0.0
o isobject 3.0.1
o isomorphic-fetch 2.2.1
o isstream 0.1.2
o istanbul 0.4.5
o js-base64 2.4.3
o js-tokens 3.0.2
o js-yaml 3.10.0
o jsbn 0.1.1
o jsesc 1.3.0
o json-schema 0.2.3
o json-schema-traverse 0.3.1
o json-stable-stringify 0.0.1
o json-stringify-safe 5.0.1
o json3 3.3.2
o json5 0.5.1
o jsonify 0.0.0
o jsonparse 1.3.1
o jsprim 1.4.1
o jstransform 10.1.0
o keycode 2.1.9
o kind-of 6.0.2
o known-css-properties 0.3.0
o labeled-stream-splicer 2.0.0
o lazy-cache 2.0.2
o lazy-debug-legacy 0.0.1
o lcid 1.0.0
Security Target Version 1.0, 11/27/2019
Page 44 of 52
o levn 0.3.0
o lexical-scope 1.2.0
o liftoff 2.5.0
o load-json-file 1.1.0
o lodash 4.17.4
o lodash._baseassign 3.2.0
o lodash._basecopy 3.0.1
o lodash._basecreate 3.0.3
o lodash._basetostring 3.0.1
o lodash._basevalues 3.0.0
o lodash._escapehtmlchar 2.4.1
o lodash._escapestringchar 2.4.1
o lodash._getnative 3.9.1
o lodash._htmlescapes 2.4.1
o lodash._isiterateecall 3.0.9
o lodash._isnative 2.4.1
o lodash._objecttypes 2.4.1
o lodash._reescape 3.0.0
o lodash._reevaluate 3.0.0
o lodash._reinterpolate 3.0.0
o lodash._reunescapedhtml 2.4.1
o lodash._root 3.0.1
o lodash._shimkeys 2.4.1
o lodash.assign 4.2.0
o lodash.clonedeep 4.5.0
o lodash.create 3.1.1
o lodash.defaults 2.4.1
o lodash.escape 3.2.0
o lodash.isarguments 3.1.0
o lodash.isarray 3.0.4
o lodash.isobject 2.4.1
o lodash.keys 3.1.2
o lodash.memoize 3.0.4
o lodash.mergewith 4.6.0
o lodash.restparam 3.6.1
o lodash.template 3.6.2
o lodash.templatesettings 3.1.1
Security Target Version 1.0, 11/27/2019
Page 45 of 52
o lodash.values 2.4.1
o log-symbols 2.2.0
o longest 1.0.1
o loose-envify 1.3.1
o loud-rejection 1.6.0
o lru-cache 2.7.3
o make-iterator 1.0.0
o map-cache 0.2.2
o map-obj 1.0.1
o map-stream 0.1.0
o map-visit 1.0.0
o mathml-tag-names 2.0.1
o md5.js 1.3.4
o meow 3.7.0
o micromatch 3.1.5
o miller-rabin 4.0.1
o mime-db 1.30.0
o mime-types 2.1.17
o minimalistic-assert 1.0.0
o minimalistic-crypto-utils 1.0.1
o minimatch 3.0.4
o minimist 0.0.8
o mixin-deep 1.3.0
o mkdirp 0.5.1
o mocha 3.2.0
o module-deps 4.1.1
o ms 2.0.0
o multipipe 0.1.2
o nan 2.8.0
o nanomatch 1.2.7
o natives 1.1.1
o node-fetch 1.7.3
o node-gyp 3.6.2
o node-sass 4.5.3
o nopt 3.0.6
o normalize-package-data 2.4.0
o normalize-path 2.1.1
Security Target Version 1.0, 11/27/2019
Page 46 of 52
o normalize-range 0.1.2
o normalize-selector 0.2.0
o npmlog 4.1.2
o num2fraction 1.2.2
o number-is-nan 1.0.1
o oauth-sign 0.8.2
o object-assign 4.1.1
o object-copy 0.1.0
o object-keys 0.4.0
o object-visit 1.0.1
o object.defaults 1.1.0
o object.map 1.0.1
o object.omit 2.0.1
o object.pick 1.3.0
o once 1.4.0
o optimist 0.6.1
o optionator 0.8.2
o orchestrator 0.3.8
o ordered-read-streams 0.1.0
o os-browserify 0.1.2
o os-homedir 1.0.2
o os-locale 1.4.0
o os-tmpdir 1.0.2
o osenv 0.1.4
o pako 0.2.9
o parents 1.0.1
o parse-asn1 5.1.0
o parse-filepath 1.0.2
o parse-glob 3.0.4
o parse-json 2.2.0
o parse-passwd 1.0.0
o pascalcase 0.1.1
o path-browserify 0.0.0
o path-exists 2.1.0
o path-is-absolute 1.0.1
o path-is-inside 1.0.2
o path-parse 1.0.5
Security Target Version 1.0, 11/27/2019
Page 47 of 52
o path-platform 0.11.15
o path-root 0.1.1
o path-root-regex 0.1.2
o path-type 1.1.0
o pause-stream 0.0.11
o pbkdf2 3.0.14
o performance-now 2.1.0
o pi-observer
o pi-react-components
o pify 2.3.0
o pinkie 2.0.4
o pinkie-promise 2.0.1
o posix-character-classes 0.1.1
o postcss 6.0.16
o postcss-less 1.1.3
o postcss-media-query-parser 0.2.3
o postcss-reporter 5.0.0
o postcss-resolve-nested-selector 0.1.1
o postcss-scss 1.0.3
o postcss-selector-parser 2.2.3
o postcss-sorting 3.1.0
o postcss-value-parser 3.3.0
o prelude-ls 1.1.2
o preserve 0.2.0
o pretty-hrtime 1.0.3
o private 0.1.8
o process 0.11.10
o process-nextick-args 1.0.7
o promise 7.3.1
o prop-types 15.6.0
o prop-types-extra 1.0.1
o pseudomap 1.0.2
o public-encrypt 4.0.0
o punycode 1.4.1
o q 1.5.1
o qs 6.5.1
o querystring 0.2.0
Security Target Version 1.0, 11/27/2019
Page 48 of 52
o querystring-es3 0.2.1
o randomatic 1.1.7
o randombytes 2.0.6
o randomfill 1.0.3
o react 15.4.2
o react-bootstrap 0.31.5
o react-bootstrap-table 4.3.1
o react-dom 15.4.2
o react-list-select 0.3.0
o react-modal 1.7.3
o react-overlays 0.7.4
o react-s-alert 1.4.1
o react-tools 0.13.3
o reactify 1.1.1
o read-only-stream 2.0.0
o read-pkg 1.1.0
o read-pkg-up 1.0.1
o readable-stream 2.3.3
o recast 0.11.23
o rechoir 0.6.2
o redent 1.0.0
o regenerate 1.3.3
o regenerator-runtime 0.11.1
o regenerator-transform 0.10.1
o regex-cache 0.4.4
o regex-not 1.0.0
o regexpu-core 2.0.0
o regjsgen 0.2.0
o regjsparser 0.1.5
o remove-trailing-separator 1.1.0
o repeat-element 1.1.2
o repeat-string 1.6.1
o repeating 2.0.1
o replace-ext 0.0.1
o request 2.83.0
o require-dir 0.3.2
o require-directory 2.1.1
Security Target Version 1.0, 11/27/2019
Page 49 of 52
o require-from-string 1.2.1
o require-main-filename 1.0.1
o resolve 1.5.0
o resolve-dir 1.0.1
o resolve-from 3.0.0
o resolve-url 0.2.1
o riek 1.1.0
o right-align 0.1.3
o rimraf 2.6.2
o ripemd160 2.0.1
o run-sequence 1.2.2
o safe-buffer 5.1.1
o sass-graph 2.2.4
o scss-tokenizer 0.2.3
o semver 4.3.6
o sequencify 0.0.7
o set-blocking 2.0.0
o set-getter 0.1.0
o set-value 2.0.0
o setimmediate 1.0.5
o sha.js 2.4.10
o shasum 1.0.2
o shell-quote 1.6.1
o sigmund 1.0.1
o signal-exit 3.0.2
o slash 1.0.0
o slice-ansi 1.0.0
o snapdragon 0.8.1
o snapdragon-node 2.1.1
o snapdragon-util 3.0.1
o sntp 2.1.0
o source-map 0.5.7
o source-map-resolve 0.5.1
o source-map-support 0.4.18
o source-map-url 0.4.0
o sparkles 1.0.0
o spdx-correct 1.0.2
Security Target Version 1.0, 11/27/2019
Page 50 of 52
o spdx-expression-parse 1.0.4
o spdx-license-ids 1.2.2
o specificity 0.3.2
o split 0.3.3
o split-string 3.1.0
o sprintf-js 1.0.3
o sshpk 1.13.1
o static-extend 0.1.2
o stdout-stream 1.4.0
o stream-browserify 2.0.1
o stream-combiner 0.0.4
o stream-combiner2 1.1.1
o stream-consume 0.1.0
o stream-http 2.8.0
o stream-splicer 2.0.0
o string-width 1.0.2
o string_decoder 0.10.31
o stringstream 0.0.5
o strip-ansi 3.0.1
o strip-bom 1.0.0
o strip-bom-string 1.0.0
o strip-indent 1.0.1
o style-search 0.1.0
o stylelint 8.1.1
o stylelint-order 0.7.0
o subarg 1.0.0
o sugarss 1.0.1
o supports-color 2.0.0
o svg-tags 1.0.0
o syntax-error 1.3.0
o table 4.0.2
o tar 2.2.1
o through 2.3.8
o through2 2.0.3
o tildify 1.2.0
o time-stamp 1.1.0
o timers-browserify 1.4.2
Security Target Version 1.0, 11/27/2019
Page 51 of 52
o to-arraybuffer 1.0.1
o to-fast-properties 1.0.3
o to-object-path 0.3.0
o to-regex 3.0.1
o to-regex-range 2.1.1
o tough-cookie 2.3.3
o trim-newlines 1.0.0
o trim-right 1.0.1
o tty-browserify 0.0.1
o tunnel-agent 0.6.0
o tweetnacl 0.14.5
o type-check 0.3.2
o type-detect 1.0.0
o typedarray 0.0.6
o ua-parser-js 0.7.17
o uglify-js 2.8.29
o uglify-to-browserify 1.0.2
o umd 3.0.1
o unc-path-regex 0.1.2
o uncontrollable 4.1.0
o union-value 1.0.0
o uniq 1.0.1
o unique-stream 1.0.0
o unset-value 1.0.0
o urix 0.1.0
o url 0.11.0
o use 2.0.2
o user-home 1.1.1
o utf8 2.1.2
o util 0.10.3
o util-deprecate 1.0.2
o uuid 3.2.1
o v8flags 2.1.1
o validate-npm-package-license 3.0.1
o verror 1.10.0
o vinyl 0.5.3
o vinyl-buffer 1.0.0
Security Target Version 1.0, 11/27/2019
Page 52 of 52
o vinyl-fs 0.3.14
o vinyl-source-stream 1.1.0
o vinyl-sourcemaps-apply 0.2.1
o vm-browserify 0.0.4
o warning 3.0.0
o whatwg-fetch 2.0.3
o which 1.3.0
o which-module 1.0.0
o wide-align 1.1.2
o window-size 0.1.0
o wordwrap 1.0.0
o wrap-ansi 2.1.0
o wrappy 1.0.2
o write 0.2.1
o xtend 4.0.1
o y18n 3.2.1
o yallist 2.1.2
o yargs 7.1.0
o yargs-parser 5.0.0