National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Splunk Enterprise 7.3 Report Number: CCEVS-VR-VID11016-2020 Version 1.0 January 27, 2020 National Institute of Standards and Technology National Security Agency Information Technology Laboratory Information Assurance Directorate 100 Bureau Drive 9800 Savage Road STE 6940 Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6940 ® TM VALIDATION REPORT Splunk Enterprise 7.3 ii ACKNOWLEDGEMENTS Validation Team Paul Bicknell, Senior Validator Michelle Carlson Randy Heimann, ECR Team Morrison, Linda, Lead Validator The MITRE Corporation Common Criteria Testing Laboratory Herbert Markle, CCTL Technical Director Alex Massi Christopher Rakaczky Booz Allen Hamilton (BAH) Laurel, Maryland Table of Contents 1 EXECUTIVE SUMMARY................................................................................................................................4 2 IDENTIFICATION ...........................................................................................................................................6 3 ASSUMPTIONS AND CLARIFICATION OF SCOPE.................................................................................7 4 ARCHITECTURAL INFORMATION............................................................................................................8 5 SECURITY POLICY ......................................................................................................................................10 6 DOCUMENTATION.......................................................................................................................................12 7 EVALUATED CONFIGURATION...............................................................................................................13 8 IT PRODUCT TESTING................................................................................................................................14 9 RESULTS OF THE EVALUATION..............................................................................................................16 10 VALIDATOR COMMENTS ..........................................................................................................................18 11 ANNEXES ........................................................................................................................................................19 12 SECURITY TARGET .....................................................................................................................................20 13 LIST OF ACRONYMS....................................................................................................................................21 14 TERMINOLOGY ............................................................................................................................................22 15 BIBLIOGRAPHY ............................................................................................................................................23 VALIDATION REPORT Splunk Enterprise 7.3 4 1 Executive Summary This report documents the assessment of the National Information Assurance Partnership (NIAP) validation team of the evaluation of Splunk Enterprise 7.3 provided by Splunk. It presents the evaluation results, their justifications, and the conformance results. This Validation Report is not an endorsement of the Target of Evaluation by any agency of the U.S. government, and no warranty is either expressed or implied. The evaluation was performed by the Booz Allen Hamilton Inc. Common Criteria Testing Laboratory (CCTL) in Laurel, Maryland, United States of America, and was completed in January 2020. The information in this report is largely derived from the evaluation sensitive Evaluation Technical Report (ETR) and associated test reports, all written by Booz Allen. The evaluation determined that the product is both Common Criteria Part 2 Extended and Part 3 Conformant and meets the assurance requirements set forth in the Protection Profile for Application Software Version 1.2 (APP_PP), April 22, 2016. The Target of Evaluation (TOE) is the Splunk Enterprise 7.3 (“Splunk”) application executing on a Linux operating system (OS). The primary function of Splunk is to collect system generated data from various types of platform systems and aggregate it in a centralized location for real- time visibility and analysis of system behavior. Additional operational functional behavior is dependent on whether the TOE has been configured to use the indexer or forwarder. The indexer functionality is responsible for receiving data from trusted external sources such as databases, web services, and one or more additional instances of Splunk configured with the forwarder functionality enabled via HTTPS/TLS. Whereas, the forwarder functionality is responsible for transmitting the system-generated data to an external trusted entity such as an additional instance of Splunk configured with the indexer functionality enabled via HTTPS/TLS. While the product vendor provides multiple versions of the product, only the full Linux version of Splunk Enterprise 7.3, operating on Red Hat Enterprise Linux (RHEL) and configured with either the indexer or forwarder functionality enabled, is considered the TOE – other product versions or platforms were not evaluated, and no security claims are made for them. In the evaluated configuration, Splunk Enterprise 7.3 is installed on top of the RHEL OS. When the TOE is configured with the indexer functionality (aka Splunk indexer), any Splunk forwarders are considered to be trusted non-TOE external transmitters (data feeds). When the TOE is configured with the forwarder functionality (aka Splunk forwarder), then the receiving Splunk indexer is considered to be a trusted non-TOE external data feed receiver. The TOE identified in this Validation Report has been evaluated at a NIAP approved Common Criteria Testing Laboratory using the Common Methodology for IT Security Evaluation (Version 3.1, Rev 4) for conformance to the Common Criteria for IT Security Evaluation (Version 3.1, Rev 4), as interpreted by the Assurance Activities contained in the APP_PP. This Validation Report applies only to the specific version of the TOE as evaluated. The evaluation has been conducted in accordance with the provisions of the NIAP Common Criteria Evaluation and Validation Scheme and the conclusions of the testing laboratory in the evaluation technical report is consistent with the evidence provided. The validation team provided guidance on technical issues and evaluation processes and reviewed the individual work units of the ETR for the APP_PP Assurance Activities. The validation team found that the evaluation showed that the product satisfies all of the functional requirements and assurance requirements stated in the Security Target (ST). Therefore, the validation team concludes that the testing laboratory’s findings are accurate, the conclusions justified, and the VALIDATION REPORT Splunk Enterprise 7.3 5 conformance results are correct. The conclusions of the testing laboratory in the evaluation technical report are consistent with the evidence produced. The technical information included in this report was obtained from the Splunk Enterprise 7.3 Security Target v1.2, dated January 23, 2020 and analysis performed by the Validation Team. VALIDATION REPORT Splunk Enterprise 7.3 6 2 Identification The CCEVS is a joint National Security Agency (NSA) and National Institute of Standards effort to establish commercial facilities to perform trusted product evaluations. Under this program, security evaluations are conducted by commercial testing laboratories called Common Criteria Testing Laboratories (CCTLs). CCTLs evaluate products against Protection Profile containing Assurance Activities, which are interpretation of CEM work units specific to the technology described by the PP. The NIAP Validation Body assigns Validators to monitor the CCTLs to ensure quality and consistency across evaluations. Developers of information technology products desiring a security evaluation contract with a CCTL and pay a fee for their product’s evaluation. Upon successful completion of the evaluation, the product is added to NIAP’s Product Compliant List. Table 1 provides information needed to completely identify the product, including:  The Target of Evaluation (TOE): the fully qualified identifier of the product as evaluated.  The Security Target (ST), describing the security features, claims, and assurances of the product.  The conformance result of the evaluation.  The Protection Profile to which the product is conformant.  The organizations and individuals participating in the evaluation. Table 1 – Evaluation Identifiers Item Identifier Evaluation Scheme United States NIAP Common Criteria Evaluation and Validation Scheme TOE Splunk Enterprise 7.3 Protection Profile Protection Profile for Application Software Version 1.2 [APP_PP], including all applicable NIAP Technical Decisions and Policy Letters Security Target Splunk Enterprise 7.3 Security Target v1.2 dated January 23, 2020 Evaluation Technical Report Evaluation Technical Report for a Target of Evaluation “Splunk Incorporated Splunk Enterprise 7.3” Evaluation Technical Report v1.2 dated January 23, 2020 CC Version Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4 Conformance Result CC Part 2 extended, CC Part 3 conformant Sponsor Splunk Inc. Developer Splunk Inc. Common Criteria Testing Lab (CCTL) Booz Allen Hamilton, Laurel, Maryland CCEVS Validators Paul Bicknell Michelle Carlson Randy Heimann Linda Morrison VALIDATION REPORT Splunk Enterprise 7.3 7 3 Assumptions and Clarification of Scope 3.1 Assumptions The assumptions are drawn directly from the APP_PP. 3.2 Threats The threats are drawn directly from the APP_PP. 3.3 Clarification of Scope All evaluations (and all products) have limitations, as well as potential misconceptions that might benefit from additional clarification. This text covers some of the more important limitations and clarifications of this evaluation. Note that:  As with any evaluation, this evaluation only shows that the evaluated configuration meets the security claims made, with a certain level of assurance. The level of assurance for this evaluation is defined within the Protection Profile for Application Software Version 1.2, including all relevant NIAP Technical Decisions. A subset of the “optional” and “selection-based” security requirements defined in the APP_PP are claimed by the TOE and documented in the ST.  This evaluation covers only the specific device model and software version identified in this document, and not any earlier or later versions released or in process.  Consistent with the expectations of the Protection Profile, this evaluation did not specifically search for, nor seriously attempt to counter vulnerabilities that were not “obvious” or vulnerabilities to security functionality not claimed in the ST. The CEM defines an “obvious” vulnerability as one that is easily exploited with a minimum of understanding of the TOE, technical sophistication and resources.  The functionality evaluated is scoped exclusively to the security functional requirements specified in the Security Target. All other functionality provided by these devices, needs to be assessed separately and no further conclusions can be drawn about their effectiveness. In particular, the Splunk Enterprise 7.3 support for collecting system- generated data from the general-purpose computer that it resides on and receiving data feeds from external sources such as databases, web services, and one or more additional instances of Splunk configured as a forwarder, described in Section 1.3 of the Security Target were not assessed as part of this evaluation. Further information of excluded functionality can be found in Section 2.3 of the Security Target. VALIDATION REPORT Splunk Enterprise 7.3 8 4 Architectural Information Note: The following architectural description is based on the description presented in the Security Target. 4.1 TOE Introduction The TOE type for Splunk Enterprise 7.3 is Application Software. The Protection Profile for Application Software [App PP] specifies several use cases that conformant TOEs may implement. In particular the TOE supports: Use Case 1, Content Creation is defined as follows: “The application allows a user to create content, saving it to either local or remote storage. Example content includes text documents, presentations, and images.” Splunk indexer implicitly supports a user’s ability to create content by creating/collecting system data from its host platform and storing it locally in a data store for the end user consumption. Splunk forwarder implicitly supports a user’s ability to create content by creating/collecting system data from its host platform and storing it remotely, to such a device as a Splunk indexer, for the end user consumption. Use Case 2, Content Consumption, is defined as follows: “The application allows a user to consume content, retrieving it from either local or remote storage.” Splunk indexer is considered to implement content consumption because it allows a user to consume (query) log data stored on the local filesystem (Splunk indexer) and generate human-readable reports and views on this data. 4.2 Physical Boundary Splunk Enterprise 7.3 is a software-only TOE. All hardware that is present is part of the TOE’s Operational Environment. The following system configuration was used for the testing of the TOE:  Red Hat Enterprise Linux 6.5 64 bit  Intel(R) Xeon(R) CPU E3-1220 v3 @ 3.10GHz  16 GB RAM  500 GB disk The following table lists components and applications in the environment that the TOE relies upon in order to function properly: Component Definition External Trusted Data Feed External data source for transmitting non-TSF related data to the TOE indexer for populating Splunk’s datastore. The external data source must use HTTPS/TLS to communicate with the TOE. External Trusted Data Feed Receiver External data source for receiving non-TSF related data from the TOE forwarder. The external data source must use HTTPS/TLS to communicate with the TOE. Host Platform A general-purpose computer on which the Linux operating system and the TOE is installed. The TOE requires network resources from the host platform. VALIDATION REPORT Splunk Enterprise 7.3 9 Management Workstation Any general-purpose computer that is used by a security administrator to manage the TOE remotely via a web browser. Note that the host platform can also be used to administer the TOE locally. SMTP Server An email server that can receive alerts from the TOE and deliver them to users in the Operational Environment via email. CRL Distribution Point A server that provides updated revocation lists for the TOE’s certificate validation functionality. Table 2 – IT Environment Components VALIDATION REPORT Splunk Enterprise 7.3 10 5 Security Policy 5.1 Cryptographic Support The TOE software includes OpenSSL which performs the TOE’s cryptographic operations required to support the establishment of trusted channels and paths to protect data in transit. As an application on an operating system, the TOE interfaces with the operating system’s key storage to securely store key data related to secure communications. The TOE also relies on the underlying platform to generate entropy that is used as input data for the TOE’s deterministic random bit generator (DRBG). The following table contains the CAVP algorithm certificates: SFR Cert Name (Claimed Algorithm) CAVP Cert. # FCS_CKM_EXT.1 Key generation ECDSA: 186-4 Key Pair Generation and Private Key Validation (P-256, P-384, P-521) C948 FCS_CKM.1 Asymmetric key generation ECDSA: 186-4 Key Pair Generation and Private Key Validation (P-256, P-384, P-521) C948 FCS_CKM.2 Key establishment ECDHE: KAS-ECC (P-256, P-384, P-521) C948 FCS_COP.1(1) Encryption/decryption AES (CBC-256, GCM-128 GCM-256) C948 FCS_COP.1(2) Hash SHS (SHA-256, SHA 384, SHA-512) C948 FCS_COP.1(3) Signing and verification ECDSA: Signature Generation and Signature Verification (P-256: SHA-256, SHA-384, SHA512 P-384: SHA-256, SHA-384, SHA512 P-521: SHA-256, SHA-384, SHA512) C948 FCS_COP.1(4) Keyed-hash message authentication HMAC (HMAC-SHA-256, HMAC-SHA-384) C948 FCS_RBG_EXT.1 Random Bit Generation DRBG (CTR-DRBG) C948 AES (CTR-AES-256) C948 Table 3 – Cryptographic Algorithm Table (OpenSSL) 5.2 User Data Protection In the evaluated configuration, the TOE will reside on an encrypted disk partition on the underlying platform to secure its data at rest. The TOE protects data stored on the underlying platform by minimizing its use of platform resources. Specifically, the TOE only requires the use of the underlying platform’s network connectivity for administrative activities, email alerts, receipt and transmission of non-TSF related data from/to external trusted data feeds. VALIDATION REPORT Splunk Enterprise 7.3 11 5.3 Identification and Authentication In order to facilitate secure communications using HTTPS/TLS, the TOE provides a mechanism to validate X.509 certificates. While the HTTPS/TLS implementation will automatically reject a certificate if it is found to be invalid, a certificate with unknown revocation status (because the TSF is unable to read the CRL) is accepted. 5.4 Security Management The TOE does not provide any default credential used for initial authentication. The files and directories that comprise the TOE are protected against unauthorized access by only permitting write access to the user that performed the installation. The TOE uses the underlying platform’s recommended methods for storing and setting configuration options. The TOE also provides the security administrators with the ability to configure the supported TLS cipher suites of the trusted channels and query the existing TOE software version. 5.5 Privacy The TOE ensures the privacy of its security administrators and users by not providing any ability to transmit personally identifiable information (PII) over the network. 5.6 Protection of the TSF The TOE protects against exploitation by implementing address space layout randomization (ASLR) and only allocating memory for both writing and execution for just-in-time (JIT) compilation. The TOE is also compatible with SELinux and is compiled with stack-based buffer overflow protection. It also prevents the writing of user-modifiable files to directories that contain executable files. The TOE uses standard platform APIs and includes only the third-party libraries it needs to perform its functionality. The TOE version can be checked either through its management interfaces or through the underlying platform’s package manager. Updates must be manually downloaded to the platform’s file system and installed using the platform’s package manager. In the evaluated configuration, the security administrator will download and install a public key from the TOE’s developer that is installed into the package manager and used to verify the integrity of any updates to the TOE. 5.7 Trusted Path/Channel The TOE protects all data in transit using HTTPS over TLS or standalone HTTPS/TLS protocol is used to secure remote administration using the web UI. The TOE, acting as an indexer, uses TLS to securely send alerts to a remote SMTP server in the Operational Environment. HTTPS/TLS is used to secure communications between the TOE indexer and external trusted data feeds. Additionally, the TOE forwarder requires the use of HTTPS/TLS to secure communications for transmitting data to an external trusts data feed receiver. VALIDATION REPORT Splunk Enterprise 7.3 12 6 Documentation The vendor provided the following guidance documentation in support of the evaluation:  Splunk Enterprise 7.3 Supplemental Administrative Guidance for Common Criteria – v1.2, January 23, 2020 Any additional customer documentation provided with the product, or that which may be available online, was not included in the scope of the evaluation and therefore should not be relied upon to configure or operate the device as evaluated. VALIDATION REPORT Splunk Enterprise 7.3 13 7 Evaluated Configuration The TOE is the Splunk Enterprise 7.3 (“Splunk”) application executing on a Linux OS. In the evaluated configuration, Splunk Enterprise 7.3 is installed on top of the RHEL OS and configured with either the indexer or forwarder functionality enabled. The administrative interfaces include a local CLI and a web UI for remote access. The TOE is configured to securely communicate with the following external IT entities: SMTP server (transmitting only) and external trusted data feed (receiving and transmitting). All claimed PP related functionality is contained whether Splunk is configured as an indexer or a forwarder. Section 4.2 describes the TOE’s physical configuration as well as the operational environment components to which it communicates. In its evaluated configuration, the TOE is configured to communicate with the following environment components:  External Trusted Data Feed  External Trusted Data Feed Receiver  Host Platform  Management Workstation  SMTP Server  CRL Distribution Point To use the product in the evaluated configuration, the product must be configured as specified in the Splunk Enterprise 7.3 Supplemental Administrative Guidance for Common Criteria Version 1.2, January 23, 2020 document. VALIDATION REPORT Splunk Enterprise 7.3 14 8 IT Product Testing This section describes the testing efforts of the developer and the evaluation team. It is derived from information contained in the Assurance Activity Report for a Target of Evaluation “Splunk Enterprise 7.3” Assurance Activities Report v1.2, January 23, 2020. 8.1 Developer Testing No evidence of developer testing is required in the Evaluation Activities for this product. 8.2 Evaluation Team Independent Testing The test team's test approach was to test the security mechanisms of the TOE by exercising the external interfaces to the TOE and viewing the TOE behavior on the platform. The ST and the independent test plan were used to demonstrate test coverage of all SFR testing assurance activities as defined by the APP_PP for all security relevant TOE external interfaces. TOE external interfaces that will be determined to be security relevant are interfaces that:  change the security state of the product,  permit an object access or information flow that is regulated by the security policy,  are restricted to subjects with privilege or behave differently when executed by subjects with privilege, or  invoke or configure a security mechanism. Security functional requirements were determined to be appropriate to a particular interface if the behavior of the TOE that supported the requirement could be invoked or observed through that interface. The evaluation team tested each interface for all relevant behavior of the TOE that applied to that interface. 8.3 Evaluation Team Vulnerability Testing The evaluation team reviewed vendor documentation, formulated hypotheses, performed vulnerability analysis, and documented the hypotheses and analysis in accordance with the APP_PP requirements. Keywords were identified based upon review of the Security Target and AGD. The following keywords were identified: Keyword Description Splunk This is a generic term for searching for known vulnerabilities produced by the company as a whole. Splunk Enterprise (Version 7.3) This is a generic term for searching for known vulnerabilities for the specific product. In this case Splunk would find the vulnerability and Enterprise would be used to narrow the list to a specific software product and version. OpenSSL (1.0.2t-fips) Provides all of the security encryption functionality required by Splunk CPython (Python 2.7.17) Provides the main structure of Splunk CherryPy (3.1.2) Provides the web services for the product. These keywords were used individually and as part of various permutations and combinations to search for vulnerabilities on public vulnerability sources (updated January 12, 2020). The following public vulnerability sources were searched: VALIDATION REPORT Splunk Enterprise 7.3 15  Common Vulnerabilities and Exposures: http://cve.mitre.org/cve/ https://www.cvedetails.com/vulnerability-search.php  NIST National Vulnerabilities Database (can be used to access CVE and US-CERT databases identified below): https://web.nvd.nist.gov/view/vuln/search  Security Focus: http://www.securityfocus.com/vulnerabilities/  Vendor Vulnerability Sources: http://www.splunk.com/page/securityportal  CXSecurity: http://www.cxsecurity.com/ Upon the completion of the vulnerability analysis research, the team had identified several generic vulnerabilities upon which to build a test suite. These tests were created specifically with the intent of exploiting these vulnerabilities within the TOE or its configuration. Testing that was conducted under the functional testing that would have been duplication of a vulnerability tests were not re-run. This left one remaining exploit to further explore: malicious binary. The team tested the following areas:  Virus Scan This test scans the TOE binary with a virus scanner using the most current virus definitions against the application files and then the evaluator verifies that no files are flagged as malicious. The evaluation team determined that no residual vulnerabilities exist that are exploitable by attackers with Basic Attack Potential. VALIDATION REPORT Splunk Enterprise 7.3 16 9 Results of the Evaluation The results of the assurance requirements are generally described in this section and are presented in detail in the proprietary ETR. The reader of this document can assume that all Evaluation Activities and work units received a passing verdict. A verdict for an assurance component is determined by the resulting verdicts assigned to the corresponding evaluator action elements. The evaluation was conducted based upon CC version 3.1 rev 4 and CEM version 3.1 rev 4. The evaluation determined the TOE to be Part 2 extended, and meets the SARs contained the PP. Additionally, the evaluator performed the Evaluation Activities specified in the APP_PP. The following evaluation results are extracted from the non-proprietary Evaluation Technical Report provided by the CCTL and are augmented with the validator’s observations thereof. The Validators reviewed all the work of the evaluation team and agreed with their practices and findings. 9.1 Evaluation of the Security Target (ASE) The evaluation team applied each ASE CEM work unit. The ST evaluation ensured the ST contains a description of the environment in terms of policies and assumptions, a statement of security requirements claimed to be met by the Splunk Enterprise 7.3 product that is consistent with the Common Criteria, and product security function descriptions that support the requirements. Additionally, the evaluator performed an assessment of the Evaluation Activities specified in the APP_PP in order to verify that the specific required content of the TOE Summary Specification is present, consistent, and accurate. 9.2 Evaluation of the Development (ADV) The evaluation team applied each ADV CEM work unit. The evaluation team assessed the design documentation and found it adequate to aid in understanding how the TSF provides the security functions. The design documentation consists of a functional specification contained in the Security Target’s TOE Summary Specification. Additionally, the evaluator performed the Evaluation Activities specified in the APP_PP related to the examination of the information contained in the TOE Summary Specification. 9.3 Evaluation of the Guidance Documents (AGD) The evaluation team applied each AGD CEM work unit. The evaluation team ensured the adequacy of the user guidance in describing how to use the operational TOE. Additionally, the evaluation team ensured the adequacy of the administrator guidance in describing how to securely administer the TOE. The guides were assessed during the design and testing phases of the evaluation to ensure they were complete. Additionally, the evaluator performed the Evaluation Activities specified in the APP_PP related to the examination of the information contained in the operational guidance documents. 9.4 Evaluation of the Life Cycle Support Activities (ALC) The evaluation team applied each ALC CEM work unit and the extended assurance requirement ALC_TSU_EXT.1 defined in the App PP. The evaluation team found that the TOE was identified and a method of timely updates was described. VALIDATION REPORT Splunk Enterprise 7.3 17 9.5 Evaluation of the Test Documentation and the Test Activity (ATE) The evaluation team applied each ATE CEM work unit. The evaluation team ran the set of tests specified by the Assurance Activities in the APP_PP and recorded the results in a Test Report, summarized in the Evaluation Technical Report and sanitized for non-proprietary consumption in the Assurance Activity Report. 9.6 Vulnerability Assessment Activity (VAN) The evaluation team applied each AVA CEM work unit. The evaluation team performed a public search for vulnerabilities, performed vulnerability testing and validated that the vendor fixed all findings with the TOE. The evaluation team also ensured that the specific vulnerabilities defined in the App PP were assessed and that the TOE was resistant to exploit attempts that utilize these vulnerabilities. 9.7 Summary of Evaluation Results The evaluation team’s assessment of the evaluation evidence demonstrates that the claims in the ST are met. Additionally, the evaluation team’s test activities also demonstrated the accuracy of the claims in the ST. VALIDATION REPORT Splunk Enterprise 7.3 18 10 Validator Comments The validation team notes that the evaluated configuration is dependent upon the TOE being configured per the evaluated configuration instructions in the Splunk Enterprise 7.3 Supplemental Administrative Guidance for Common Criteria Version 1.2, January 23, 2020 document. The product vendor provides multiple versions of the product, only the full Linux version of Splunk Enterprise 7.3, operating on Red Hat Enterprise Linux (RHEL) and configured with either the indexer or forwarder functionality enabled, is considered to be the TOE – other product versions or platforms were not evaluated and no security claims are made for them. Please note that the functionality evaluated is scoped exclusively to the security functional requirements specified in the Security Target. Other functionality included in the product was not assessed as part of this evaluation. All other functionality provided by the product needs to be assessed separately and no further conclusions can be drawn about their effectiveness. Consumers employing the devices must follow the configuration instructions provided in the Users Guidance documentation listed in Section 6 to ensure the evaluated configuration is established and maintained. VALIDATION REPORT Splunk Enterprise 7.3 19 11 Annexes Not applicable VALIDATION REPORT Splunk Enterprise 7.3 20 12 Security Target The security target for this product’s evaluation is Splunk Enterprise 7.3 Security Target v1.2, dated January 23, 2020. VALIDATION REPORT Splunk Enterprise 7.3 21 13 List of Acronyms Acronym Definition AES Advanced Encryption Standard ASLR Address Space Layout Randomization CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CC Common Criteria CLI Command Line Interface CRL Certificate Revocation List DHE Diffie-Hellman Key Exchange DRBG Deterministic Random Bit Generator ECDHE Elliptic Curve Diffie-Hellman Key Exchange ECDSA Elliptic Curve Digital Signature Algorithm GCM Galois/Counter Mode HMAC Hashed Message Authentication Code HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure IT Information Technology JIT Just-in-Time (compilation) OS Operating System OSP Organizational Security Policy PP Protection Profile NIAP National Information Assurance Partnership RBG Random Bit Generator RHEL Red Hat Enterprise Linux SAR Security Assurance Requirement SHA Secure Hash Algorithm SHS Secure Hash Standard SMTP Simple Mail Transfer Protocol ST Security Target TLS Transport Layer Security TOE Target of Evaluation TSF TOE Security Function UI User Interface VALIDATION REPORT Splunk Enterprise 7.3 22 14 Terminology Term Definition Security Administrator A security administrator is an individual who has permissions to modify the behavior of the TOE. This includes the individual that installs it on the underlying platform but can also include other individuals if administrator access is granted to them on Splunk Web or Splunk CLI. Trusted Channel An encrypted connection between the TOE and a system in the Operational Environment. Trusted Path An encrypted connection between the TOE and the application a security administrator uses to manage it (web browser, terminal client, etc.). User An individual who has access to the TOE but is not able to manage its behavior. VALIDATION REPORT Splunk Enterprise 7.3 23 15 Bibliography 1. Common Criteria for Information Technology Security Evaluation – Part 1: Introduction and general model, Version 3.1 Revision 4. 2. Common Criteria for Information Technology Security Evaluation – Part 2: Security functional requirements, Version 3.1 Revision 4. 3. Common Criteria for Information Technology Security Evaluation – Part 3: Security assurance requirements, Version 3.1 Revision 4. 4. Common Evaluation Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. 5. Protection Profile for Application Software Version 1.2 6. Splunk Enterprise 7.3 Security Target v1.1, dated January 23, 2020 7. Splunk Enterprise 7.3 Supplemental Administrative Guidance for Common Criteria Version 1.1, dated January 23, 2020 8. Assurance Activity Report for a Target of Evaluation “Splunk Enterprise 7.3” Assurance Activities Report v1.1 dated January 12, 2020