National Information Assurance Partnership
Common Criteria Evaluation and Validation Scheme
Validation Report
SailPoint IdentityIQ
File Access Manager 8.1
Report Number: CCEVS-VR-VID11116-2020
Version 1.1
December 8, 2020
National Institute of Standards and Technology National Security Agency
Information Technology Laboratory Information Assurance Directorate
100 Bureau Drive 9800 Savage Road STE 6940
Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6940
®
TM
Validation Report SailPoint IdentityIQ FAM 8.1
II
ACKNOWLEDGEMENTS
Validation Team
Paul Bicknell, Senior Validator
John Butterworth, Lead Validator
Lisa Mitchell, ECR Team
The MITRE Corporation
Peter Kruus, ECR Team
Johns Hopkins University Applied Physics Laboratory
Common Criteria Testing Laboratory
Herbert Markle, CCTL Technical Director
Christopher Rakaczky
Noel Richards
Booz Allen Hamilton (BAH)
Laurel, Maryland
Validation Report SailPoint IdentityIQ FAM 8.1
III
Table of Contents
1 Executive Summary..............................................................................................................................5
2 Identification.........................................................................................................................................7
3 Assumptions and Clarification of Scope...............................................................................................8
3.1 Assumptions..................................................................................................................................8
3.2 Threats...........................................................................................................................................8
3.3 Clarification of Scope ...................................................................................................................8
4 Architectural Information .....................................................................................................................9
4.1 TOE Introduction..........................................................................................................................9
4.2 Physical Boundary ........................................................................................................................9
4.3 Security Policy............................................................................................................................11
4.3.1 Cryptographic Support....................................................................................................... 11
4.3.2 User Data Protection.......................................................................................................... 11
4.3.3 Security Management ........................................................................................................ 11
4.3.4 Privacy ............................................................................................................................... 11
4.3.5 Protection of the TSF......................................................................................................... 11
4.3.6 Trusted Path/Channel......................................................................................................... 14
5 Documentation....................................................................................................................................13
6 Evaluated Configuration .....................................................................................................................14
7 IT Product Testing ..............................................................................................................................15
7.1 Developer Testing.......................................................................................................................15
7.2 Evaluation Team Independent Testing .......................................................................................15
7.3 Evaluation Team Vulnerability Testing......................................................................................15
8 Results of the Evaluation ....................................................................................................................18
8.1 Evaluation of the Security Target (ASE) ....................................................................................18
8.2 Evaluation of the Development (ADV) ......................................................................................18
8.3 Evaluation of the Guidance Documents (AGD) .........................................................................18
8.4 Evaluation of the Life Cycle Support Activities (ALC) .............................................................19
8.5 Evaluation of the Test Documentation and the Test Activity (ATE)..........................................19
8.6 Vulnerability Assessment Activity (VAN).................................................................................19
8.7 Summary of Evaluation Results..................................................................................................19
Validation Report SailPoint IdentityIQ FAM 8.1
IV
9 Validator Comments ...........................................................................................................................20
10 Annexes...........................................................................................................................................21
11 Security Target................................................................................................................................22
12 List of Acronyms ............................................................................................................................23
13 Terminology....................................................................................................................................24
14 Bibliography ...................................................................................................................................25
List of Tables
Table 1 – Evaluation Identifiers....................................................................................................................7
Table 2 – Operational Environment Software Requirements .......................................................................9
Table 3 – Evaluated Components of the Operational Environment .............................................................9
Table 4 – Public Vulnerability Search Keywords.......................................................................................15
Validation Report SailPoint IdentityIQ FAM 8.1
5
1 Executive Summary
This report documents the assessment of the National Information Assurance Partnership (NIAP)
validation team of the evaluation of SailPoint IdentityIQ File Access Manager 8.1 provided by
SailPoint. It presents the evaluation results, their justifications, and the conformance results. This
Validation Report is not an endorsement of the Target of Evaluation by any agency of the U.S.
government, and no warranty is either expressed or implied.
The evaluation was performed by the Booz Allen Hamilton Inc. Common Criteria Testing
Laboratory (CCTL) in Laurel, Maryland, United States of America, and was completed in
December 2020. The information in this report is largely derived from the evaluation sensitive
Evaluation Technical Report (ETR) and associated test reports, all written by Booz Allen. The
evaluation determined that the product is both Common Criteria Part 2 Extended and Part 3
Conformant and meets the assurance requirements set forth in the Protection Profile for
Application Software Version 1.3 (APP_PP), March 1, 2019.
The Target of Evaluation (TOE) is the SailPoint Identity File Access Manager (FAM) version 8.1
(“IdentityIQ FAM”) application executing on Microsoft Windows Server 2019 operating system
(OS). The primary function of IdentityIQ FAM is to allow its users to review and manage the
governed data created by IdentityIQ FAM for the monitoring of enterprise data stored on one or
more managed resources. The governed data allows IdentityIQ FAM users to identify and classify
data, understand on which managed resources within the network the data is stored, and
understand which enterprise users have access to the data. IdentityIQ FAM’s primary
functionality of monitoring enterprise data was not evaluated, except where the product’s
functionality relates to the Security Functional Requirements (SFRs) included within the scope of
the evaluation.
The TOE is installed on a Windows Server 2019 and through APIs the TOE utilizes several
functions of the operating system to perform its operations. Specifically, the TOE relies on .NET
Framework to function and Internet Information Services (IIS) to host its GUI web pages. The
TOE also uses the Windows operating system’s Server Message Block component to receive
information about data on managed resources which IdentityIQ FAM runs into governed data.
The TOE identified in this Validation Report has been evaluated at a NIAP approved Common
Criteria Testing Laboratory using the Common Methodology for IT Security Evaluation (Version
3.1, Rev 5) for conformance to the Common Criteria for IT Security Evaluation (Version 3.1, Rev
5), as interpreted by the Assurance Activities contained in the APP_PP. This Validation Report
applies only to the specific version of the TOE as evaluated. The evaluation has been conducted
in accordance with the provisions of the NIAP Common Criteria Evaluation and Validation
Scheme and the conclusions of the testing laboratory in the evaluation technical report is
consistent with the evidence provided.
The validation team provided guidance on technical issues and evaluation processes and reviewed
the individual work units of the ETR for the APP_PP Assurance Activities. The validation team
found that the evaluation showed that the product satisfies all of the functional requirements and
assurance requirements stated in the Security Target (ST). Therefore, the validation team
Validation Report SailPoint IdentityIQ FAM 8.1
6
concludes that the testing laboratory’s findings are accurate, the conclusions justified, and the
conformance results are correct. The conclusions of the testing laboratory in the evaluation
technical report are consistent with the evidence produced.
The technical information included in this report was obtained from the SailPoint IdentityIQ File
Access Manager 8.1 Security Target v1.1, dated November 30, 2020 and analysis performed by
the Validation Team.
Validation Report SailPoint IdentityIQ FAM 8.1
7
2 Identification
The CCEVS is a joint National Security Agency (NSA) and National Institute of Standards effort
to establish commercial facilities to perform trusted product evaluations. Under this program,
security evaluations are conducted by commercial testing laboratories called Common Criteria
Testing Laboratories (CCTLs). CCTLs evaluate products against Protection Profile containing
Assurance Activities, which are interpretation of CEM work units specific to the technology
described by the PP.
The NIAP Validation Body assigns Validators to monitor the CCTLs to ensure quality and
consistency across evaluations. Developers of information technology products desiring a
security evaluation contract with a CCTL and pay a fee for their product’s evaluation. Upon
successful completion of the evaluation, the product is added to NIAP’s Product Compliant List.
Table 1 provides information needed to completely identify the product, including:
 The Target of Evaluation (TOE): the fully qualified identifier of the product as evaluated.
 The Security Target (ST), describing the security features, claims, and assurances of the
product.
 The conformance result of the evaluation.
 The Protection Profile to which the product is conformant.
 The organizations and individuals participating in the evaluation.
Table 1 – Evaluation Identifiers
Item Identifier
Evaluation
Scheme
United States NIAP Common Criteria Evaluation and Validation
Scheme
TOE SailPoint IdentityIQ File Access Manager 8.1
Protection
Profile
Protection Profile for Application Software Version 1.3 [APP_PP],
including all applicable NIAP Technical Decisions and Policy Letters
Security Target SailPoint IdentityIQ File Access Manager 8.1 Security Target v1.1
dated November 30, 2020
Evaluation
Technical Report
Evaluation Technical Report for a Target of Evaluation “SailPoint
Technologies, Inc. IdentityIQ File Access Manager 8.1” Evaluation
Technical Report (ETR) v1.1 dated November 30, 2020
CC Version Common Criteria for Information Technology Security Evaluation,
Version 3.1 Revision 5
Conformance Result CC Part 2 extended, CC Part 3 conformant
Sponsor SailPoint Technologies, Inc.
Developer SailPoint Technologies, Inc.
Common Criteria
Testing Lab (CCTL)
Booz Allen Hamilton, Laurel, Maryland
CCEVS Validators Paul Bicknell, John Butterworth, Lisa Mitchell, Peter Kruus
Validation Report SailPoint IdentityIQ FAM 8.1
8
3 Assumptions and Clarification of Scope
3.1 Assumptions
The assumptions are drawn directly from the APP_PP.
3.2 Threats
The threats are drawn directly from the APP_PP.
3.3 Clarification of Scope
All evaluations (and all products) have limitations, as well as potential misconceptions that might
benefit from additional clarification. This text covers some of the more important limitations and
clarifications of this evaluation. Note that:
 As with any evaluation, this evaluation only shows that the evaluated configuration meets
the security claims made, with a certain level of assurance. The level of assurance for this
evaluation is defined within the Protection Profile for Application Software Version 1.3,
including all relevant NIAP Technical Decisions. A subset of the “optional” and
“selection-based” security requirements defined in the APP_PP are claimed by the TOE
and documented in the ST.
 This evaluation covers only the specific device model and software version identified in
this document, and not any earlier or later versions released or in process.
 Consistent with the expectations of the Protection Profile, this evaluation did not
specifically search for, nor seriously attempt to counter vulnerabilities that were not
“obvious” or vulnerabilities to security functionality not claimed in the ST. The CEM
defines an “obvious” vulnerability as one that is easily exploited with a minimum of
understanding of the TOE, technical sophistication and resources.
 The functionality evaluated is scoped exclusively to the security functional requirements
specified in the Security Target. All other functionality provided by these devices, needs
to be assessed separately and no further conclusions can be drawn about their
effectiveness. In particular, the SailPoint IdentityIQ FAM 8.1 support for collecting
system-generated data from the general-purpose computer that it resides on and receiving
data feeds from external sources such as databases, web services, and one or more
additional instances of IdentityIQ FAM configured as a forwarder, described in Section
1.3 of the Security Target were not assessed as part of this evaluation. Further
information of excluded functionality can be found in Section 2.3 of the Security Target.
Validation Report SailPoint IdentityIQ FAM 8.1
9
4 Architectural Information
Note: The following architectural description is based on the description presented in the
Security Target.
4.1 TOE Introduction
The TOE type for SailPoint IdentityIQ FAM 8.1 is Application Software. The Protection Profile
for Application Software [APP_PP] specifies several use cases that conformant TOEs may
implement. In particular the TOE supports:
Use Case 2, Content Consumption, is defined as follows: “The application allows a user to
consume content, retrieving it from either local or remote storage.”
SailPoint IdentityIQ FAM 8.1 meets the expectations of Use Case 2 because it
implements content consumption by allowing its users to review and manage governed
data created by IdentityIQ FAM for the monitoring of enterprise data stored on one or
more managed resources.
4.2 Physical Boundary
SailPoint IdentityIQ FAM 8.1 is a software-only TOE and therefore its physical boundary is its
software. The TOE does not include the hardware or operating system of the system on which it
is installed. It also does not include the third-party software which is required for the TOE to run.
The following table lists the software components that are required for the TOE’s use in the
evaluated configuration. These Operational Environment components are expected to be patched
to include the latest security fixes for each component.
Table 2 – Operational Environment Software Requirements
OE Component Requirement
Host Platform
Microsoft Windows Server 2019 Datacenter (1809)
(includes: IIS, .NET, and SMB services)
Host Platform OS Type 64-bit
Host Server’s Processor Intel Xeon Gold 6230 (Cascade Lake)
SQL Database SQL Server 2016
LDAP Server Microsoft Windows Server 2019 Active Directory
The following table lists components and applications in the TOE’s operational environment that
must be present for the TOE to be operating in its evaluated configuration:
Table 3 – Evaluated Components of the Operational Environment
Component Definition
Activity Monitor
A SailPoint software application which optionally can be installed on a Windows File
Server (managed resource) to collect additional information to create governed data
for the IdentityIQ FAM product’s primary functionality. Although this software is
produced by the same vendor as the TOE, the Activity Monitor is not part of the TOE
and is not required for IdentityIQ FAM to perform its primary functionality.
Host Server Physical system on which the IdentityIQ FAM software is installed.
Host Platform The Microsoft Windows Server 2019 operating system on which the IdentityIQ FAM
Validation Report SailPoint IdentityIQ FAM 8.1
10
software is installed. This includes the required Windows Server components:
Internet Information Services (IIS), .NET Framework (.NET), and Server Message
Block (SMB).
LDAP Server
Stores enterprise user data which IdentityIQ FAM uses to authenticate users to its fat
client and to query for the product’s primary functionality. IIS uses the LDAP server
to authenticate users for access to the TOE’s GUI interface.
SQL Database
Stores a variety of configuration, operation, and governed data for the IdentityIQ
FAM product. The connection to the SQL database is required in order for the TOE
to function.
Management
Workstation
Any general-purpose computer that is used by an administrator to manage the TOE
remotely via a web browser. Note that the fat client can also be used to administer the
TOE locally.
Windows File Server(s)
One or more Windows Servers which the IdentityIQ FAM product monitors as a
managed resource to create governed data for its primary functionality. Each
Windows Server may optionally have an Activity Monitor installed on it to collect
additional data for the IdentityIQ FAM product’s primary functionality.
Validation Report SailPoint IdentityIQ FAM 8.1
11
4.3 Security Policy
4.3.1 Cryptographic Support
4.3.2 The TOE invokes the Windows platform’s cryptographic services to secure data in transit
communication. Due to this, the TOE does not directly invoke any DRBG functionality
nor does the TOE perform generation of asymmetric cryptographic keys. The TOE also
uses the Windows platform’s Data Protection API to store the credentials for accessing
the SQL database.
4.3.3 User Data Protection
The TOE relies on the Windows platform to handle the following network connections, to include
all of their cryptographic operations:
 respond to TLS connection requests from an Activity Monitor to receive managed
resource data,
 initiate a TLS connection to an LDAP server to perform authentication requests and
query enterprise user account information, and
 initiate a TLS connection to read and write TOE configuration data and governed data to
the SQL database.
4.3.4 Security Management
The administrator that installs the TOE will set the initial credentials for accessing the TOE and
will also be assigned the owner permissions for the TOE’s software by the Windows platform.
Due to the Windows platform’s access permissions and the TOE’s install directory being
C:\Program Files, the TOE’s binaries and data files are protected from unprivileged modification.
The TOE’s administrators are able to configure the TOE and perform tasks via the TOE’s GUI
and fat client. All TOE configuration options are stored in the remote SQL database.
4.3.5 Privacy
The TOE ensures the privacy of its administrators and users by not providing any ability to
collect or transmit personally identifiable information (PII) over the network.
4.3.6 Protection of the TSF
The TOE relies on the Windows platform to request memory and will not request an explicit
memory address. The TOE does not allocate any memory region with both write and execute
permissions. As a .NET framework application, the TOE has stack-based buffer overflow
protections. The TOE uses a number of Windows platform APIs and third party libraries as part
of its operation.
Administrators can verify the TOE’s version by checking any of the TOE’s binary files or by
authenticating to the fat client. The TOE automatically checks its software version against the
latest available software version provided by SailPoint. TOE software, including patch updates, is
signed with a DigiCert certificate. Administrators can initiate the software update process through
the fat client. The TOE’s uninstallation process results in the deletion of all traces of the
Validation Report SailPoint IdentityIQ FAM 8.1
12
application, with the exception of configuration settings, output files, and audit/log events.
4.3.7 Trusted Path/Channel
The TOE invokes the Windows platform to encrypt all data-in-transit communications between
itself and another trusted IT product. The trusted IT products, encryption protocols used, and the
purpose of the connection have been described under the “User Data Protection” section above.
Validation Report SailPoint IdentityIQ FAM 8.1
13
5 Documentation
The vendor provided the following guidance documentation in support of the evaluation:
 SailPoint IdentityIQ File Access Manager 8.1 Supplemental Administrative Guidance for
Common Criteria – v1.0, October 21, 2020
Any additional customer documentation provided with the product, or that which may be
available online, was not included in the scope of the evaluation and therefore should not be
relied upon to configure or operate the device as evaluated.
Validation Report SailPoint IdentityIQ FAM 8.1
14
6 Evaluated Configuration
The TOE is the SailPoint IdentityIQ File Access Manager (FAM) 8.1 (“IdentityIQ FAM”)
application executing on a Windows OS. In the evaluated configuration, SailPoint IdentityIQ
FAM 8.1 is installed on a Windows Server 2019 and through APIs the TOE utilizes several
functions of the operating system to perform its operations. the TOE relies on .NET Framework
to function and IIS to host its GUI web pages. The TOE is configured to securely communicate
with the following external IT entities: LDAP Server (receiving and transmitting), SQL Database
(receiving and transmitting), and Windows File Server(s) (receiving and transmitting).
Section 4.2 describes the TOE’s physical configuration as well as the operational environment
components to which it communicates. In its evaluated configuration, the TOE is configured to
communicate with the following environment components:
 Host Server
 Host Platform
 LDAP Server
 SQL Database
 Management Workstation
 Windows File Server(s)
To use the product in the evaluated configuration, the product must be configured as specified in
the SailPoint IdentityIQ File Access Manager 8.1 Supplemental Administrative Guidance for
Common Criteria Version 1.0, October 21, 2020 document.
Validation Report SailPoint IdentityIQ FAM 8.1
15
7 IT Product Testing
This section describes the testing efforts of the developer and the evaluation team. It is derived
from information contained in the Assurance Activity Report for a Target of Evaluation
“SailPoint IdentityIQ File Access Manager 8.1” Assurance Activities Report v1.1, November 30,
2020.
7.1 Developer Testing
No evidence of developer testing is required in the Evaluation Activities for this product.
7.2 Evaluation Team Independent Testing
The test team's test approach was to test the security mechanisms of the TOE by exercising the
external interfaces to the TOE and viewing the TOE behavior on the platform. The ST and the
independent test plan were used to demonstrate test coverage of all SFR testing assurance activities
as defined by the APP_PP for all security relevant TOE external interfaces. TOE external interfaces
that will be determined to be security relevant are interfaces that:
 change the security state of the product,
 permit an object access or information flow that is regulated by the security policy,
 are restricted to subjects with privilege or behave differently when executed by subjects
with privilege, or
 invoke or configure a security mechanism.
Security functional requirements were determined to be appropriate to a particular interface if the
behavior of the TOE that supported the requirement could be invoked or observed through that
interface. The evaluation team tested each interface for all relevant behavior of the TOE that
applied to that interface.
7.3 Evaluation Team Vulnerability Testing
The evaluation team reviewed vendor documentation, formulated hypotheses, performed
vulnerability analysis, and documented the hypotheses and analysis in accordance with the
APP_PP requirements. Keywords were identified based upon review of the Security Target and
AGD. The following keywords were identified:
Table 4 – Public Vulnerability Search Keywords
Keyword Description
SailPoint This is a generic term for searching for known vulnerabilities for the
overall company that authored the TOE product.
IdentityIQ This is a generic term for searching for known vulnerabilities for the
overall product line that authored the TOE product.
Validation Report SailPoint IdentityIQ FAM 8.1
16
Keyword Description
File Access Manager This is a generic term for searching for known vulnerabilities for the
specific product type.
Elasticsearch (5.1.1) Third party component that comes with FAM.
These keywords were used individually and as part of various permutations and combinations to
search for vulnerabilities on public vulnerability sources (updated November 30, 2020). The
following public vulnerability sources were searched:
 Common Vulnerabilities and Exposures:
http://cve.mitre.org/cve/
https://www.cvedetails.com/vulnerability-search.php
 NIST National Vulnerabilities Database (can be used to access CVE and US-CERT
databases identified below):
https://web.nvd.nist.gov/view/vuln/search
http://www.kb.cert.org/vuls/html/search
 Security Focus:
http://www.securityfocus.com/vulnerabilities/
 SecurITeam Exploit Search:
www.securiteam.com
 Tenable Network Security:
http://nessus.org/plugins/index.php?view=search
 Tipping Point Zero Day Initiative:
http://www.zerodayinitiative.com/advisories
 Offensive Security Exploit Database:
https://www.exploit-db.com/
 Rapid7 Vulnerability Database:
https://www.rapid7.com/db/vulnerabilities
Upon the completion of the vulnerability analysis research, the team had identified several
generic vulnerabilities upon which to build a test suite. These tests were created specifically with
the intent of exploiting these vulnerabilities within the TOE or its configuration. Testing that was
conducted under the functional testing that would have been duplication of a vulnerability tests
were not re-run. This left one remaining exploit to further explore: malicious binary.
The team tested the following areas:
Validation Report SailPoint IdentityIQ FAM 8.1
17
 Virus Scan
This test scans the TOE binary with a virus scanner using the most current virus
definitions against the application files and then the evaluator verifies that no files are
flagged as malicious.
The evaluation team determined that no residual vulnerabilities exist that are exploitable by
attackers with Basic Attack Potential.
Validation Report SailPoint IdentityIQ FAM 8.1
18
8 Results of the Evaluation
The results of the assurance requirements are generally described in this section and are presented
in detail in the proprietary ETR. The reader of this document can assume that all Evaluation
Activities and work units received a passing verdict.
A verdict for an assurance component is determined by the resulting verdicts assigned to the
corresponding evaluator action elements. The evaluation was conducted based upon CC version
3.1 rev 5 and CEM version 3.1 rev 5. The evaluation determined the TOE to be Part 2 extended,
and meets the SARs contained the PP. Additionally, the evaluator performed the Evaluation
Activities specified in the APP_PP.
The following evaluation results are extracted from the non-proprietary Evaluation Technical
Report provided by the CCTL and are augmented with the validator’s observations thereof.
The Validators reviewed all the work of the evaluation team and agreed with their practices and
findings.
8.1 Evaluation of the Security Target (ASE)
The evaluation team applied each ASE CEM work unit. The ST evaluation ensured the ST
contains a description of the environment in terms of policies and assumptions, a statement of
security requirements claimed to be met by the SailPoint IdentityIQ File Access Manager 8.1
product that is consistent with the Common Criteria, and product security function descriptions
that support the requirements. Additionally, the evaluator performed an assessment of the
Evaluation Activities specified in the APP_PP in order to verify that the specific required content
of the TOE Summary Specification is present, consistent, and accurate.
8.2 Evaluation of the Development (ADV)
The evaluation team applied each ADV CEM work unit. The evaluation team assessed the design
documentation and found it adequate to aid in understanding how the TSF provides the security
functions. The design documentation consists of a functional specification contained in the
Security Target’s TOE Summary Specification. Additionally, the evaluator performed the
Evaluation Activities specified in the APP_PP related to the examination of the information
contained in the TOE Summary Specification.
8.3 Evaluation of the Guidance Documents (AGD)
The evaluation team applied each AGD CEM work unit. The evaluation team ensured the
adequacy of the user guidance in describing how to use the operational TOE. Additionally, the
evaluation team ensured the adequacy of the administrator guidance in describing how to securely
administer the TOE. The guides were assessed during the design and testing phases of the
evaluation to ensure they were complete. Additionally, the evaluator performed the Evaluation
Activities specified in the APP_PP related to the examination of the information contained in the
operational guidance documents.
Validation Report SailPoint IdentityIQ FAM 8.1
19
8.4 Evaluation of the Life Cycle Support Activities (ALC)
The evaluation team applied each ALC CEM work unit and the extended assurance requirement
ALC_TSU_EXT.1 defined in the APP_PP. The evaluation team found that the TOE was
identified and a method of timely updates was described.
8.5 Evaluation of the Test Documentation and the Test Activity (ATE)
The evaluation team applied each ATE CEM work unit. The evaluation team ran the set of tests
specified by the Assurance Activities in the APP_PP and recorded the results in a Test Report,
summarized in the Evaluation Technical Report and sanitized for non-proprietary consumption in
the Assurance Activity Report.
8.6 Vulnerability Assessment Activity (VAN)
The evaluation team applied each AVA CEM work unit. The evaluation team performed a public
search for vulnerabilities, performed vulnerability testing and validated that the vendor fixed all
findings with the TOE. The evaluation team also ensured that the specific vulnerabilities defined
in the APP_PP were assessed and that the TOE was resistant to exploit attempts that utilize these
vulnerabilities.
8.7 Summary of Evaluation Results
The evaluation team’s assessment of the evaluation evidence demonstrates that the claims in the
ST are met. Additionally, the evaluation team’s test activities also demonstrated the accuracy of
the claims in the ST.
Validation Report SailPoint IdentityIQ FAM 8.1
20
9 Validator Comments
The validation team notes that the evaluated configuration is dependent upon the TOE being
configured per the evaluated configuration instructions in the SailPoint IdentityIQ File Access
Manager 8.1 Supplemental Administrative Guidance for Common Criteria Version 1.0, October
21, 2020 document. No other product versions or platforms were evaluated, and no security
claims are made for them.
Note that the following credentials are not applicable to this SFR because they are not stored by
the TOE. The user credentials used for authentication to the TOE are stored on one or more LDAP
servers or in the SQL database (both external to the TOE). The LDAP server(s) contains the
enterprise user credentials for authenticating the fat client and for authenticating to IIS for access
to the GUI. The SQL database contains the local user credentials for authenticating to the TOE's
fat client. The SQL database also contains the credentials for accessing the LDAP server(s). The
TOE relies on the Windows platform to establish a secure TLS connection with the LDAP server(s)
and SQL database before sending these credentials to ensure they are transmitted over an encrypted
channel. These credentials include the usernames and their associated hashed passwords as well as
the credentials for access to the applicable LDAP server(s).
Please note that the functionality evaluated is scoped exclusively to the security functional
requirements specified in the Security Target. Other functionality included in the product was not
assessed as part of this evaluation. All other functionality provided by the product needs to be
assessed separately and no further conclusions can be drawn about their effectiveness.
Consumers employing the devices must follow the configuration instructions provided in the
Users Guidance documentation listed in Section 6 to ensure the evaluated configuration is
established and maintained.
Validation Report SailPoint IdentityIQ FAM 8.1
21
10 Annexes
Not applicable
Validation Report SailPoint IdentityIQ FAM 8.1
22
11 Security Target
The security target for this product’s evaluation is SailPoint IdentityIQ File Access Manager 8.1
Security Target v1.1, dated November 30, 2020.
Validation Report SailPoint IdentityIQ FAM 8.1
23
12 List of Acronyms
Acronym Definition
AA Assurance Activity
API Application Programing Interface
ASLR Address Space Layout Randomization
CC Common Criteria
CFG Control Flow Guard
CVSS Common Vulnerability Scoring System
DEP Data Execution Prevention
DRBG Deterministic Random Bit Generator
EAF Export Address Filtering
FAM File Access Manager
GUI Graphical User Interface
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol Secure
IAF Import Address Filtering
IIS Internet Information Services
IP Internet Protocol
IT Information Technology
LDAP Lightweight Directory Access Protocol
OS Operating System
OSP Organizational Security Policy
PII Personally Identifiable Information
PP Protection Profile
NIAP National Information Assurance Partnership
RBG Random Bit Generator
SFR Security Functional Requirement
SAR Security Assurance Requirement
SQL Structured Query Language
ST Security Target
TLS Transport Layer Security
TOE Target of Evaluation
TSF TOE Security Function
UI User Interface
WCF Windows Communication Foundation
Validation Report SailPoint IdentityIQ FAM 8.1
24
13 Terminology
Term Definition
Administrator
An administrator is an individual who has permissions to modify the behavior
of the TOE. This includes the individual that installs it on the underlying
platform but can also include other individuals if administrator access is
granted to them on the TOE’s GUI or fat client.
Fat client
The portion of the TOE which allows local authentication to and administration
of the TOE.
Governed Data
The data created by the IdentityIQ File Access Manager product for its primary
functionality that is an abstract of information gathered from a managed
resource, for example, file names and data-type tags.
GUI
The GUI is a web-based interface of the TOE that can be used to manage the
TOE remotely using HTTPS.
Managed Resource
Remote system with an Activity Monitor installed for which the IdentityIQ File
Access Manager product monitors to create governed data for its primary
functionality.
Trusted Channel
An encrypted connection between the TOE and a system in the Operational
Environment.
Trusted Path
An encrypted connection between the TOE and the application an
Administrator uses to manage it (web browser, terminal client, etc.).
User
An individual who has access to the TOE but is not able to manage its
behavior.
Validation Report SailPoint IdentityIQ FAM 8.1
25
14 Bibliography
1. Common Criteria for Information Technology Security Evaluation – Part 1: Introduction
and general model, dated April 2017, version 3.1, Revision 5.
2. Common Criteria for Information Technology Security Evaluation – Part 2: Security
functional components, dated April 2017, version 3.1, Revision 5.
3. Common Criteria for Information Technology Security Evaluation – Part 3: Security
assurance components, dated April 2017, version 3.1, Revision 5.
4. Common Methodology for Information Technology Security Evaluation – Evaluation
Methodology, dated April 2017, version 3.1, Revision 5.
5. Protection Profile for Application Software, Version 1.3, dated March 1, 2019.
6. SailPoint IdentityIQ File Access Manager 8.1 Security Target v1.1, dated November 30,
2020.
7. SailPoint IdentityIQ File Access Manager 8.1 Supplemental Administrative Guidance for
Common Criteria Version 1.0, dated October 21, 2020.
8. Assurance Activity Report for a Target of Evaluation “SailPoint IdentityIQ File Access
Manager 8.1” Assurance Activities Report v1.1, dated November 30, 2020.