SailPoint File Access Manager 8.3 SP5 Security Target ST Version: 1.0 July 7, 2023 SailPoint Technologies, Inc. 11120 Four Points Drive Suite 100 Austin, TX 78726 Prepared By: Cyber Assurance Testing Laboratory 1100 West Street Laurel, MD 20707 Security Target SailPoint FAM 8.3 SP5 1 | P a g e Table of Contents 1 Security Target Introduction.................................................................................................................5 1.1 ST Reference.................................................................................................................................5 1.1.1 ST Identification ...................................................................................................................5 1.1.2 Document Organization........................................................................................................5 1.1.3 Terminology..........................................................................................................................6 1.1.4 Acronyms..............................................................................................................................6 1.1.5 References.............................................................................................................................7 1.2 TOE Reference..............................................................................................................................7 1.3 Product Overview .........................................................................................................................7 1.4 TOE Type......................................................................................................................................9 2 TOE Description.................................................................................................................................10 2.1 Evaluated Components of the TOE ............................................................................................10 2.2 Components and Applications in the Operational Environment.................................................10 2.3 Excluded from the TOE..............................................................................................................10 2.3.1 Not Installed........................................................................................................................11 2.3.2 Installed but Requires a Separate License...........................................................................11 2.3.3 Installed But Not Part of the TSF........................................................................................11 2.4 Physical Boundary ......................................................................................................................11 2.5 Logical Boundary........................................................................................................................11 2.5.1 Cryptographic Support........................................................................................................11 2.5.2 User Data Protection...........................................................................................................12 2.5.3 Security Management .........................................................................................................12 2.5.4 Privacy ................................................................................................................................12 2.5.5 Protection of the TSF..........................................................................................................12 2.5.6 Trusted Path/Channel..........................................................................................................12 3 Conformance Claims ..........................................................................................................................13 3.1 CC Version..................................................................................................................................13 3.2 CC Part 2 Conformance Claims..................................................................................................13 3.3 CC Part 3 Conformance Claims..................................................................................................13 3.4 PP Claims....................................................................................................................................13 Security Target SailPoint FAM 8.3 SP5 2 | P a g e 3.5 Package Claims...........................................................................................................................13 3.6 Package Name Conformant or Package Name Augmented........................................................13 3.7 Conformance Claim Rationale....................................................................................................13 3.8 Technical Decisions....................................................................................................................14 4 Security Problem Definition ...............................................................................................................15 4.1 Threats.........................................................................................................................................15 4.2 Organizational Security Policies.................................................................................................15 4.3 Assumptions................................................................................................................................15 4.4 Security Objectives .....................................................................................................................15 4.4.1 TOE Security Objectives ....................................................................................................16 4.4.2 Security Objectives for the Operational Environment........................................................16 4.5 Security Problem Definition Rationale.......................................................................................17 5 Extended Components Definition.......................................................................................................18 5.1 Extended Security Functional Requirements..............................................................................18 5.2 Extended Security Assurance Requirements ..............................................................................18 6 Security Functional Requirements......................................................................................................19 6.1 Conventions ................................................................................................................................19 6.2 Security Functional Requirements Summary..............................................................................19 6.3 Security Functional Requirements..............................................................................................20 6.3.1 Class FCS: Cryptographic Support.....................................................................................20 6.3.2 Class FDP: User Data Protection........................................................................................20 6.3.3 Class FMT: Security Management .....................................................................................21 6.3.4 Class FPR: Privacy..............................................................................................................22 6.3.5 Class FPT: Protection of the TSF .......................................................................................22 6.3.6 Class FTP: Trusted Path/Channel .......................................................................................23 6.4 Statement of Security Functional Requirements Consistency ....................................................24 7 Security Assurance Requirements ......................................................................................................25 7.1 Class ASE: Security Target.........................................................................................................25 7.1.1 ST introduction (ASE_INT.1).............................................................................................25 7.1.2 Conformance claims (ASE_CCL.1)....................................................................................26 7.1.3 Security objectives for the operational environment (ASE_OBJ.1) ...................................27 Security Target SailPoint FAM 8.3 SP5 3 | P a g e 7.1.4 Extended components definition (ASE_ECD.1).................................................................27 7.1.5 Stated security requirements (ASE_REQ.1).......................................................................28 7.1.6 TOE summary specification (ASE_TSS.1).........................................................................29 7.2 Class ADV: Development...........................................................................................................29 7.2.1 Basic Functional Specification (ADV_FSP.1)....................................................................29 7.3 Class AGD: Guidance Documentation .......................................................................................30 7.3.1 Operational User Guidance (AGD_OPE.1) ........................................................................30 7.3.2 Preparative Procedures (AGD_PRE.1) ...............................................................................31 7.4 Class ALC: Life Cycle Support ..................................................................................................32 7.4.1 Labeling of the TOE (ALC_CMC.1)..................................................................................32 7.4.2 TOE CM Coverage (ALC_CMS.1) ....................................................................................32 7.4.3 Timely Security Updates (ALC_TSU_EXT.1)...................................................................33 7.5 Class ATE: Tests.........................................................................................................................33 7.5.1 Independent Testing - Conformance (ATE_IND.1) ...........................................................33 7.6 Class AVA: Vulnerability Assessment.......................................................................................34 7.6.1 Vulnerability Survey (AVA_VAN.1) .................................................................................34 8 TOE Summary Specification ..............................................................................................................35 8.1 Cryptographic Support................................................................................................................35 8.1.1 FCS_CKM_EXT.1:.............................................................................................................35 8.1.2 FCS_RBG_EXT.1: .............................................................................................................35 8.1.3 FCS_STO_EXT.1:..............................................................................................................35 8.2 User Data Protection...................................................................................................................35 8.2.1 FDP_DAR_EXT.1:.............................................................................................................35 8.2.2 FDP_DEC_EXT.1: .............................................................................................................35 8.2.3 FDP_NET_EXT.1:..............................................................................................................35 8.3 Security Management .................................................................................................................36 8.3.1 FMT_CFG_EXT.1:.............................................................................................................36 8.3.2 FMT_MEC_EXT.1:............................................................................................................36 8.3.3 FMT_SMF.1: ......................................................................................................................36 8.4 Privacy ........................................................................................................................................36 8.4.1 FPR_ANO_EXT.1:.............................................................................................................36 Security Target SailPoint FAM 8.3 SP5 4 | P a g e 8.5 Protection of the TSF..................................................................................................................37 8.5.1 FPT_AEX_EXT.1:..............................................................................................................37 8.5.2 FPT_API_EXT.1: ...............................................................................................................37 8.5.3 FPT_IDV_EXT.1:...............................................................................................................37 8.5.4 FPT_LIB_EXT.1: ...............................................................................................................37 8.5.5 FPT_TUD_EXT.1 and FPT_TUD_EXT.2:........................................................................46 8.6 Trusted Path/Channel..................................................................................................................47 8.6.1 FTP_DIT_EXT.1: ...............................................................................................................47 Table of Figures Figure 1: TOE Boundary ..............................................................................................................................8 Table of Tables Table 1: Customer Specific Terminology.....................................................................................................6 Table 2: Acronym Definition........................................................................................................................6 Table 3: Evaluated Components of the TOE ..............................................................................................10 Table 4: Components of the Operational Environment ..............................................................................10 Table 5: Requirements for Operational Environment Components............................................................11 Table 6: Technical Decisions......................................................................................................................14 Table 7: TOE Threats..................................................................................................................................15 Table 8: TOE Assumptions.........................................................................................................................15 Table 9: TOE Security Objectives ..............................................................................................................16 Table 10: Operational Environment Objectives..........................................................................................16 Table 11: Security Functional Requirements for the TOE..........................................................................19 Table 12: .NET Core APIs..........................................................................................................................37 Table 13: Dynamic Libraries included with TOE.......................................................................................37 Table 14: Non-Dynamic Libraries Included with TOE ..............................................................................44 Security Target SailPoint FAM 8.3 SP5 5 | P a g e 1 Security Target Introduction This chapter presents the Security Target (ST) identification information and an overview. An ST contains the Information Technology (IT) security requirements of an identified Target of Evaluation (TOE) and specifies the functional and assurance security measures offered by the TOE. 1.1 ST Reference This section provides information needed to identify and control this ST and its Target of Evaluation. 1.1.1 ST Identification ST Title: SailPoint File Access Manager 8.3 SP5 Security Target ST Version: 1.0 ST Publication Date: July 7, 2023 ST Author: Booz Allen Hamilton 1.1.2 Document Organization Chapter 1 of this document provides identifying information for the ST and TOE as well as a brief description of the TOE and its associated TOE type. Chapter 2 describes the TOE in terms of its physical boundary, logical boundary, exclusions, and dependent Operational Environment components. Chapter 3 describes the conformance claims made by this ST. Chapter 4 describes the threats, assumptions, objectives, and organizational security policies that apply to the TOE. Chapter 5 defines extended Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs). Chapter 6 describes the SFRs that are to be implemented by the TSF. Chapter 7 describes the SARs that will be used to evaluate the TOE. Chapter 8 provides the TOE Summary Specification, which describes how the SFRs that are defined for the TOE are implemented by the TSF. Security Target SailPoint FAM 8.3 SP5 6 | P a g e 1.1.3 Terminology This section defines the terminology used throughout this ST. The product-specific terminology used throughout this ST is defined in Table 1. Technology terms that are related to the security functionality claimed by the TOE are defined in the introductory materials of the claimed Protection Profile. These tables are to be used by the reader as a quick reference guide for terminology definitions. Table 1: Customer Specific Terminology Term Definition Administrator An administrator is an individual who has permissions to modify the behavior of the TOE. This includes the individual that installs it on the underlying platform but can also include other individuals if administrator access is granted to them on the TOE’s GUI or fat client. Fat Client The portion of the TOE which allows local authentication to and administration of the TOE. Governed Data The data created by the File Access Manager for its primary functionality that is an abstract of information gathered from a managed resource, for example, file names and data-type tags. GUI The GUI is a web-based interface of the TOE that can be used to manage the TOE remotely using HTTPS. Managed Resource Remote system which the File Access Manager product monitors to create governed data for its primary functionality. Trusted Channel An encrypted connection between the TOE and a system in the Operational Environment. Trusted Path An encrypted connection between the TOE and the application (web browser, terminal client, etc.) an Administrator uses to manage the TOE. User An individual who has access to the TOE but is not able to manage its behavior. 1.1.4 Acronyms The acronyms used throughout this ST are defined in Table 2. This table is to be used by the reader as a quick reference guide for acronym definitions. Table 2: Acronym Definition Acronym Definition AA Assurance Activity API Application Programing Interface ASLR Address Space Layout Randomization CA Certification Authority CC Common Criteria CFG Control Flow Guard CVSS Common Vulnerability Scoring System DEP Data Execution Prevention DRBG Deterministic Random Bit Generator EAF Export Address Filtering EKU extendedKeyUsage FAM File Access Manager GUI Graphical User Interface HTTP Hypertext Transfer Protocol Security Target SailPoint FAM 8.3 SP5 7 | P a g e HTTPS Hypertext Transfer Protocol Secure IAF Import Address Filtering IIS Internet Information Services IP Internet Protocol IT Information Technology OCSP Online Certificate Status Protocol OS Operating System OSP Organizational Security Policy PII Personally Identifiable Information PP Protection Profile NIAP National Information Assurance Partnership RBG Random Bit Generator SFR Security Functional Requirement SAR Security Assurance Requirement SQL Structured Query Language ST Security Target TLS Transport Layer Security TOE Target of Evaluation TSF TOE Security Function UI User Interface 1.1.5 References [1] Protection Profile for Application Software, version 1.4 (App PP) [2] Common Criteria for Information Technology Security Evaluation – Part 1: Introduction and general model, dated April 2017, version 3.1, Revision 5, CCMB-2017-04-001 [3] Common Criteria for Information Technology Security Evaluation – Part 2: Security functional components, dated April 2017, version 3.1, Revision 5, CCMB-2017-04-002 [4] Common Criteria for Information Technology Security Evaluation – Part 3: Security assurance components, dated April 2017, version 3.1, Revision 5, CCMB-2017-04-003 [5] Common Methodology for Information Technology Security Evaluation – Evaluation Methodology, dated April 2017, version 3.1, Revision 5, CCMB-2017-04-004 [6] SailPoint File Access Manager Administrator Guide Version: 8.3 Revised: March 30, 2022 [7] SailPoint File Access Manager Installation Guide Version: 8.3 SP5 Revised: June 30, 2023 [8] SailPoint File Access Manager v8.3 SP5 Supplemental Administrative Guidance for Common Criteria, Version 1.0 1.2 TOE Reference The TOE is SailPoint File Access Manager (FAM) 8.3 SP5, which is an application installed/operated on an operating system. 1.3 Product Overview The TOE is the SailPoint File Access Manager (FAM) 8.3 SP5 application, referred to as FAM or TOE from this point forward. FAM’s primary functionality is to allow its users to review and manage the governed data created by FAM for monitoring enterprise data stored on one or more managed resources. Security Target SailPoint FAM 8.3 SP5 8 | P a g e The governed data allows FAM users to identify and classify data, understand on which managed resources within the network the data is stored, and understand which enterprise users have access to the data. FAM’s primary functionality of monitoring enterprise data was not evaluated, except where the product’s functionality relates to the Security Functional Requirements (SFRs) included within the scope of the evaluation. The following figure depicts the TOE boundary in the evaluated configuration: Windows Server 2019 File Access Manager SQL Database Legend TOE Subsystem Environment Object E2 HTTPS E1 External Interface E1 .NET Core Management Workstation IIS GUI Fat Client Local User Windows File Server (managed resource) Activity Monitor Server Message Block Server Message Block E3 E4 TLS Figure 1: TOE Boundary As illustrated in Figure 1, the TOE is comprised of the following components: • File Access Manager – The main portion of the TOE which performs all functionality of the application not related to direct interaction with administrators which are handled by the Fat Client and GUI. • Fat Client – The portion of the TOE which allows local authentication to and administration of the TOE. • GUI – The portion of the TOE, which is comprised of only web pages, that allows remote administration of the TOE. o Window’s Internet Information Services (IIS) is required to host the TOE’s website content. IIS is a Windows service that is initiated during the platform’s startup. The platform’s IIS web server, via the .NET Core, enforces the establishment of the HTTPS trusted channel. IIS collects and authenticates the user provided credentials and then delivers the TOE’s website content (remote management functionality) only to successfully authenticated users. The TOE (web pages) provides no functionality to control IIS nor does it collect, read, store, or authenticate the user provided credentials. The TOE is installed on a Windows Server and through APIs the TOE utilizes several functions of the Security Target SailPoint FAM 8.3 SP5 9 | P a g e operating system to perform its operations. The TOE relies on .NET Core to function and IIS to host its GUI web pages. The diagram also depicts the use of the Windows operating system’s Server Message Block component to receive information about data on managed resources which FAM turns into governed data. The TOE also communicates with the Windows operating system’s Active Directory component which contains enterprise user data. The TOE verifies enterprise user credentials which are used for authenticating to the TOE’s fat client as well as queries enterprise user account information for the FAM product’s primary functionality. Although it is not a direct interface to the FAM product, IIS also uses the Windows operating system’s Active Directory to authenticate users attempting to access the TOE’s GUI. The TOE stores all of its configuration data, TOE managed user credentials, and governed data within a separately installed SQL Database. During operation, the TOE will read and write this data to the SQL Database. In the evaluated configuration, the SQL Database resides on the same Windows Server as the TOE. The TOE has the following external interfaces: • E1: Local User to fat client – Accessed through the Windows operating system, this is the local interface for authentication to and administration of the TOE. • E2: Remote Workstation to IIS (TOE GUI) – Accessed through a web browser on a remote general-purpose management workstation, this is the remote administration interface of the TOE. This interface is over a secure HTTPS connection (HTTPS server) which is provided by .NET Core invoked by IIS. IIS and .NET Core are components of the Windows platform. This interface is being described for completeness of the required operational environment. To be clear, this operational environment interface is out-of-scope for testing but is required in order to test the GUI TOE component, which is in-scope of the evaluation. • E3: Server Message Block to Server Message Block – This is not a direct interface for the FAM product as the connection is completely handled between the instance of Windows on each managed resource and the Windows platform FAM is installed on. This interface is being described for completeness since the FAM product creates governed data based upon the information provided over this interface which can result in the invocation of or display of data through the interfaces described above. This interface is not tested as part of the evaluated configuration. • E4: FAM to Activity Monitor – If an Activity Monitor is installed on a managed resource, the TOE will communicate with the Activity Monitor to collect data on the managed resource for the FAM product’s primary purpose. This interface is over a secure TLS connection (TLS server) which is provided by .NET Core component of the Windows platform. 1.4 TOE Type The TOE type for SailPoint FAM 8.3 SP5 is Application Software. The Protection Profile for Application Software specifies several use cases that conformant TOEs may implement. In particular, Use Case 2, Content Consumption, is defined as follows: “The application allows a user to consume content, retrieving it from either local or remote storage.” SailPoint FAM 8.3 SP5 meets the expectations of Use Case 2 because it implements content consumption by allowing its users to review and manage governed data created by FAM for the monitoring of enterprise data stored on one or more managed resources. Security Target SailPoint FAM 8.3 SP5 10 | P a g e 2 TOE Description This section provides a description of the TOE in its evaluated configuration. This includes the physical and logical boundaries of the TOE. 2.1 Evaluated Components of the TOE The following table describes the TOE components in the evaluated configuration: Table 3: Evaluated Components of the TOE Component Definition File Access Manager v8.3 SP5 The data monitoring software application. The TOE’s software includes the main application, the fat client, and the web pages which comprise the GUI. 2.2 Components and Applications in the Operational Environment The following table lists components and applications in the TOE’s operational environment that must be present for the TOE to be operating in its evaluated configuration: Table 4: Components of the Operational Environment Component Definition Activity Monitor A SailPoint software application which optionally can be installed on a Windows File Server (managed resource) to collect additional information to create governed data for the FAM product’s primary functionality. Although this software is produced by the same vendor as the TOE, the Activity Monitor is not part of the TOE and is not required for FAM to perform its primary functionality. Host Server Physical system on which the FAM software is installed. Host Platform The Microsoft Windows Server 2019 Datacenter (version 1809) operating system on which the FAM software is installed. This includes the required Windows Server components: Internet Information Services (IIS), .NET Core (.NET), Active Directory, and Server Message Block (SMB). SQL Database Stores a variety of configuration, operation, and governed data for the FAM product. The connection to the SQL database is required in order for the TOE to function. Management Workstation Any general-purpose computer that is used by an administrator to manage the TOE remotely via a web browser. Note that the fat client can also be used to administer the TOE locally. Windows File Server(s) One or more Windows Servers which the FAM product monitors as a managed resource to create governed data for its primary functionality. Each Windows Server may optionally have an Activity Monitor installed on it to collect additional data for the FAM product’s primary functionality. 2.3 Excluded from the TOE The following optional products, components, and/or applications can be integrated with the TOE but are not included in the evaluated configuration. They provide no added security related functionality for the evaluated product. They are separated into three categories: not installed, installed but requires a separate license, and installed but not part of the TSF. Security Target SailPoint FAM 8.3 SP5 11 | P a g e 2.3.1 Not Installed There are no optional components that are omitted from the installation process. 2.3.2 Installed but Requires a Separate License There are no excluded components, applications, and or functionality that are installed and require a separate license for activation. 2.3.3 Installed But Not Part of the TSF The TOE includes a number of functions that are outside the scope of the claimed Protection Profile. These functions are not part of the TSF because there are no SFRs that apply to them. This includes FAM’s primary functionality which allows its users to review and manage the governed data created by FAM for the monitoring of enterprise data stored on one or more managed resources. The governed data allows FAM users to identify and classify data, understand on which managed resources within the network the data is stored, and which enterprise users have access to the data. 2.4 Physical Boundary SailPoint FAM 8.3 SP5 is a software-only TOE and therefore its physical boundary is its software. The TOE does not include the hardware or operating system of the system on which it is installed. It also does not include the third-party software which is required for the TOE to run. The following table lists the components that are required for the TOE’s use in the evaluated configuration. These Operational Environment components are expected to be patched to include the latest security fixes for each component. Table 5: Requirements for Operational Environment Components OE Component Requirement Host Platform Microsoft Windows Server 2019 Datacenter (version 1809) (includes: IIS, .NET Core, Active Directory, and SMB services) Host Platform OS Type 64-bit Host Server’s Processor Intel Xeon Gold 6230 (Cascade Lake) SQL Database SQL Server 2016 2.5 Logical Boundary The TOE is comprised of several security features. Each of the security features identified above consists of several security functionalities, as identified below. 1. Cryptographic Support 2. User Data Protection 3. Security Management 4. Privacy 5. Protection of the TSF 6. Trusted Path/Channel 2.5.1 Cryptographic Support The TOE invokes the Windows platform’s cryptographic services to secure data in transit communication. Due to this, the TOE does not directly invoke any DRBG functionality nor does the TOE Security Target SailPoint FAM 8.3 SP5 12 | P a g e perform generation of asymmetric cryptographic keys. The TOE also uses the Windows platform’s Data Protection API to store the credentials for accessing the SQL database. 2.5.2 User Data Protection The TOE relies on the Windows platform to handle the following network connections, to include all of their cryptographic operations: • respond to TLS connection requests from an Activity Monitor to receive managed resource data. 2.5.3 Security Management The administrator that installs the TOE will set the initial credentials for accessing the TOE and will also be assigned the owner permissions for the TOE’s software by the Windows platform. Due to the Windows platform’s access permissions and the TOE’s install directory being C:\Program Files, the TOE’s binaries and data files are protected from unprivileged modification. The TOE’s administrators are able to configure the TOE and perform tasks via the TOE’s GUI and fat client. All TOE configuration options are stored per the mechanisms recommended by the Windows platform vendor for .NET Core applications. 2.5.4 Privacy The TOE ensures the privacy of its administrators and users by not providing any ability to collect or transmit personally identifiable information (PII) over the network. 2.5.5 Protection of the TSF The TOE relies on the Windows platform to request memory and will not request an explicit memory address. The TOE does not allocate any memory region with both write and execute permissions. As a .NET Core application, the TOE has stack-based buffer overflow protections. The TOE uses a number of Windows platform APIs and third-party libraries as part of its operation. Administrators can verify the TOE’s version by checking any of the TOE’s binary files or by authenticating to the fat client. The TOE automatically checks its software version against the latest available software version provided by SailPoint. TOE software, including patch updates, is signed with a DigiCert certificate. Administrators can initiate the software update process through the fat client. The TOE’s uninstallation process results in the deletion of all traces of the application, with the exception of configuration settings, output files, and audit/log events. 2.5.6 Trusted Path/Channel The TOE invokes the Windows platform to encrypt all data-in-transit communications between itself and another trusted IT product. The trusted IT products, encryption protocols used, and the purpose of the connection have been described under the “User Data Protection” section above. Security Target SailPoint FAM 8.3 SP5 13 | P a g e 3 Conformance Claims 3.1 CC Version This ST is compliant with Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5 April 2017. 3.2 CC Part 2 Conformance Claims This ST and Target of Evaluation (TOE) is Part 2 extended to include all applicable NIAP and International interpretations through July 7, 2023. 3.3 CC Part 3 Conformance Claims This ST and Target of Evaluation (TOE) is Part 3 extended to include all applicable NIAP and International interpretations through July 7, 2023. 3.4 PP Claims This ST claims exact conformance to the following Protection Profile: • Protection Profile for Application Software, version 1.4 (App PP) 3.5 Package Claims The TOE claims exact conformance to the App PP, version 1.4, which is extended with CC Part 3. The TOE claims following Selection-Based SFRs that are defined in the appendices of the claimed PP: • FPT_TUD_EXT.2 This does not violate the notion of exact conformance because the PP specifically indicates these as allowable selections and options and provides both the ST author and evaluation laboratory with instructions on how these claims are to be documented and evaluated. 3.6 Package Name Conformant or Package Name Augmented This ST and TOE are in exact conformance with the App PP. 3.7 Conformance Claim Rationale The App PP states the following: “The requirements in this document apply to application software which runs on any type of platform. Some application types are covered by more specific PPs, which may be expressed as PP-Modules of this PP. Such applications are subject to the requirements of both this PP and the PP-Module that addresses their special functionality. PPs for some particularly specialized applications may not be expressed as PP- Modules at this time, though the requirements in this document should be seen as objectives for those highly specialized applications. Although the requirements in this document apply to a wide range of application software, consult Security Target SailPoint FAM 8.3 SP5 14 | P a g e guidance from the relevant national schemes to determine when formal Common Criteria evaluation is expected for a particular type of application. This may vary depending upon the nature of the security functionality of the application.” The TOE is a standalone application which runs on a desktop/server Windows platform and is therefore considered to be relevant to the App PP. There are no PP-Modules to the App PP that are applicable to File Access Manager, so the TOE is characterized only as a software application. 3.8 Technical Decisions Technical Decisions that effected the SFR wording have been annotated with a Footnote. The following is a complete list of Technical Decisions that apply to the App PP evaluation activities that must be performed during the evaluation of this TOE: Table 6: Technical Decisions TD # Title References Changes Analysis to this evaluation SFR AA Notes NA Reason TD0624 Addition of DataStore for Storing and Setting Configuration Options FMT_MEC_EXT.1 X X The AA update is only applicable to a product that is installed on the Android platform which is not the underlying platform in this evaluation. TD0628 Addition of Container Image to Package Format FPT_TUD_EXT.2.1 X X SFR claimed. SFR and Test AA updated. Footnote 2 TD0650 Conformance claim sections updated to allow for MOD_VPNC_V2.3 and 2.4 Section 2 X Updates PP but is non- impactful TD0664 Testing activity for FPT_TUD_EXT.2.2 FPT_TUD_EXT.2.2 X Updates tests for SFR TD0669 FIA_X509_EXT.1 Test 4 Interpretation FIA_X509_EXT.1 X X The SFR is not claimed for this TOE TD0717 Format changes for PP_APP_V1.4 FCS_CKM.1, FCS_CKM.2, FCS_CKM.1/AK, FCS_CKM.1/PBKDF, FCS_COP.1/Hash, FCS_COP.1/KeyedHash, FCS_COP.1/Sig, FCS_COP.1/SKC X X FCS_CKM_EXT.1 SFR claimed, and reference updated. Footnote 1 TD0719 ECD for PP APP V1.3 and 1.4 --- X Updates PP but is non- impactful TD0736 Number of elements for iterations of FCS_HTTPS_EXT.1 FCS_HTTPS_EXT.1.3 /Server X X X The SFR is not claimed for this TOE TD0743 FTP_DIT_EXT.1.1 Selection exclusivity FTP_DIT_EXT.1.1 X Updates SFR and clarifies its usage. Footnote 3 Security Target SailPoint FAM 8.3 SP5 15 | P a g e TD0756 Update for platform-provided full disk encryption FDP_DAR_EXT.1 X Updates Test AA. 4 Security Problem Definition 4.1 Threats This section identifies the threats against the TOE. These threats have been taken from the App PP. Table 7: TOE Threats Threat Threat Definition T.NETWORK_ATTACK An attacker is positioned on a communications channel or elsewhere on the network infrastructure. Attackers may engage in communications with the application software or alter communications between the application software and other endpoints in order to compromise it. T.NETWORK_EAVESDROP An attacker is positioned on a communications channel or elsewhere on the network infrastructure. Attackers may monitor and gain access to data exchanged between the application and other endpoints. T.LOCAL_ATTACK An attacker can act through unprivileged software on the same computing platform on which the application executes. Attackers may provide maliciously formatted input to the application in the form of files or other local communications. T.PHYSICAL_ACCESS An attacker may try to access sensitive data at rest. 4.2 Organizational Security Policies There are no Organizational Security Policies in the App PP. 4.3 Assumptions The specific conditions listed in this section are assumed to exist in the TOE’s Operational Environment. These assumptions have been taken from the App PP. Table 8: TOE Assumptions Assumption Assumption Definition A.PLATFORM The TOE relies upon a trustworthy computing platform with a reliable time clock for its execution. This includes the underlying platform and whatever runtime environment it provides to the TOE. A.PROPER_USER The user of the application software is not willfully negligent or hostile, and uses the software in compliance with the applied enterprise security policy. A.PROPER_ADMIN The administrator of the application software is not careless, willfully negligent or hostile, and administers the software in compliance with the applied enterprise security policy. 4.4 Security Objectives This section identifies the security objectives of the TOE and its supporting environment. The security objectives identify the responsibilities of the TOE and its environment in meeting the security needs. Security Target SailPoint FAM 8.3 SP5 16 | P a g e 4.4.1 TOE Security Objectives This section identifies the security objectives of the TOE as defined by the App PP. Table 9: TOE Security Objectives Objective Objective Definition O.INTEGRITY Conformant TOEs ensure the integrity of their installation and update packages, and also leverage execution environment-based mitigations. Software is seldom, if ever, shipped without errors. The ability to deploy patches and updates to fielded software with integrity is critical to enterprise network security. Processor manufacturers, compiler developers, execution environment vendors, and operating system vendors have developed execution environment-based mitigations that increase the cost to attackers by adding complexity to the task of compromising systems. Application software can often take advantage of these mechanisms by using APIs provided by the runtime environment or by enabling the mechanism through compiler or linker options. O.QUALITY To ensure quality of implementation, conformant TOEs leverage services and APIs provided by the runtime environment rather than implementing their own versions of these services and APIs. This is especially important for cryptographic services and other complex operations such as file and media parsing. Leveraging this platform behavior relies upon using only documented and supported APIs. O.MANAGEMENT To facilitate management by users and the enterprise, conformant TOEs provide consistent and supported interfaces for their security-relevant configuration and maintenance. This includes the deployment of applications and application updates through the use of platform-supported deployment mechanisms and formats, as well as providing mechanisms for configuration. This also includes providing control to the user regarding disclosure of any PII. O.PROTECTED_STORAGE To address the issue of loss of confidentiality of user data in the event of loss of physical control of the storage medium, conformant TOEs will use data-at-rest protection. This involves encrypting data and keys stored by the TOE in order to prevent unauthorized access to this data. This also includes unnecessary network communications whose consequence may be the loss of data. O.PROTECTED_COMMS To address both passive (eavesdropping) and active (packet modification) network attack threats, conformant TOEs will use a trusted channel for sensitive data. Sensitive data includes cryptographic keys, passwords, and any other data specific to the application that should not be exposed outside of the application. 4.4.2 Security Objectives for the Operational Environment The TOE’s operating environment must satisfy the following objectives: Table 10: Operational Environment Objectives Objective Objective Definition OE.PLATFORM The TOE relies upon a trustworthy computing platform for its execution. This includes the underlying operating system and any discrete execution environment provided to the TOE. OE.PROPER_USER The user of the application software is not willfully negligent or hostile, and uses the software within compliance of the applied enterprise security policy. Security Target SailPoint FAM 8.3 SP5 17 | P a g e OE.PROPER_ADMIN The administrator of the application software is not careless, willfully negligent or hostile, and administers the software within compliance of the applied enterprise security policy. 4.5 Security Problem Definition Rationale The assumptions, threats, OSPs, and objectives that are defined in this ST represent the assumptions, threats, OSPs, and objectives that are specified in the Protection Profile to which the TOE claims conformance. Security Target SailPoint FAM 8.3 SP5 18 | P a g e 5 Extended Components Definition 5.1 Extended Security Functional Requirements The extended Security Functional Requirements that are claimed in this ST are taken directly from the PP to which the ST and TOE claim conformance. These extended components are formally defined in the PP in which their usage is required. 5.2 Extended Security Assurance Requirements The extended Security Assurance Requirements that are claimed in this ST are taken directly from the PP to which the ST and TOE claim conformance. These extended components are formally defined in the PP in which their usage is required. Security Target SailPoint FAM 8.3 SP5 19 | P a g e 6 Security Functional Requirements 6.1 Conventions The CC permits four functional component operations—assignment, refinement, selection, and iteration—to be performed on functional requirements. This ST will highlight the operations in the following manner: • Assignment: allows the specification of an identified parameter. Indicated with italicized text. • Refinement: allows the addition of details. Indicated with bold text and italicized text. • Selection: allows the specification of one or more elements from a list. Indicated with underlined text. • Iteration: allows a component to be used more than once with varying operations. Indicated with a sequential number in parentheses following the element number of the iterated SFR. When multiple operations are combined, such as an assignment that is provided as an option within a selection or refinement, a combination of the text formatting is used. Although the SFR text is reproduced verbatim from text that was formatted in a claimed PP (such as if the PP’s instantiation of the SFR has a refinement or a completed assignment), the PP formatting is not preserved in this ST. This is so that the reader can identify the operations that are performed by the ST author as opposed to the PP author. 6.2 Security Functional Requirements Summary The following table lists the SFRs claimed by the TOE: Table 11: Security Functional Requirements for the TOE Class Name Component Identification Component Name Cryptographic Support FCS_CKM_EXT.1 Cryptographic Key Generation Services FCS_RBG_EXT.1 Random Bit Generation Services FCS_STO_EXT.1 Storage of Credentials User Data Protection FDP_DAR_EXT.1 Encryption of Sensitive Application Data FDP_DEC_EXT.1 Access to Platform Resources FDP_NET_EXT.1 Network Communications Security Management FMT_CFG_EXT.1 Secure by Default Configuration FMT_MEC_EXT.1 Supported Configuration Mechanism FMT_SMF.1 Specification of Management Functions Privacy FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information Protection of the TSF FPT_AEX_EXT.1 Anti-Exploitation Capabilities FPT_API_EXT.1 Use of Supported Services and APIs FPT_IDV_EXT.1 Software Identification and Versions FPT_LIB_EXT.1 Use of Third Party Libraries FPT_TUD_EXT.1 Integrity for Installation and Update FPT_TUD_EXT.2 Integrity for Installation and Update Trusted Path/Channel FTP_DIT_EXT.1 Protection of Data in Transit Security Target SailPoint FAM 8.3 SP5 20 | P a g e 6.3 Security Functional Requirements 6.3.1 Class FCS: Cryptographic Support 6.3.1.1 FCS_CKM_EXT.1 Cryptographic Key Generation Services FCS_CKM_EXT.1.11 The application shall [ • generate no asymmetric cryptographic keys ]. 6.3.1.2 FCS_RBG_EXT.1 Random Bit Generation Services FCS_RBG_EXT.1.1 The application shall [ • use no DRBG functionality ] for its cryptographic operations. 6.3.1.3 FCS_STO_EXT.1 Storage of Credentials FCS_STO_EXT.1.1 The application shall [ • invoke the functionality provided by the platform to securely store [SQL database credentials] ] to non-volatile memory. 6.3.2 Class FDP: User Data Protection 6.3.2.1 FDP_DAR_EXT.1 Encryption of Sensitive Application Data FDP_DAR_EXT.1.1 The application shall [ • protect sensitive data in accordance with FCS_STO_EXT.1 ] in non-volatile memory. 6.3.2.2 FDP_DEC_EXT.1 Access to Platform Resources FDP_DEC_EXT.1.1 The application shall restrict its access to [ • network connectivity 1 TD0717 Security Target SailPoint FAM 8.3 SP5 21 | P a g e ]. FDP_DEC_EXT.1.2 The application shall restrict its access to [ • [Active Directory] ]. 6.3.2.3 FDP_NET_EXT.1 Network Communications FDP_NET_EXT.1.1 The application shall restrict network communication to [ • respond to [connection requests from an Activity Monitor], ]. 6.3.3 Class FMT: Security Management 6.3.3.1 FMT_CFG_EXT.1 Secure by Default Configuration FMT_CFG_EXT.1.1 The application shall provide only enough functionality to set new credentials when configured with default credentials or no credentials. FMT_CFG_EXT.1.2 The application shall be configured by default with file permissions which protect the application binaries and data files from modification by normal unprivileged users. 6.3.3.2 FMT_MEC_EXT.1 Supported Configuration Mechanism FMT_MEC_EXT.1.1 The application shall [invoke the mechanisms recommended by the platform vendor for storing and setting configuration options]. 6.3.3.3 FMT_SMF.1 Specification of Management Functions FMT_SMF.1.1 The TSF shall be capable of performing the following management functions: [ • [configuration of the Active Directory to which the TOE will communicate, perform tasks that read data from Active Directory, perform tasks that read or write data to the SQL database, query the current version of the TOE, perform the software update process] ]. Security Target SailPoint FAM 8.3 SP5 22 | P a g e 6.3.4 Class FPR: Privacy 6.3.4.1 FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information FPR_ANO_EXT.1.1 The application shall [ • not transmit PII over a network ]. 6.3.5 Class FPT: Protection of the TSF 6.3.5.1 FPT_AEX_EXT.1 Anti-Exploitation Capabilities FPT_AEX_EXT.1.1 The application shall not request to map memory at an explicit address except for [none]. FPT_AEX_EXT.1.2 The application shall [ • not allocate any memory region with both write and execute permissions ]. FPT_AEX_EXT.1.3 The application shall be compatible with security features provided by the platform vendor. FPT_AEX_EXT.1.4 The application shall not write user-modifiable files to directories that contain executable files unless explicitly directed by the user to do so. FPT_AEX_EXT.1.5 The application shall be built with stack-based buffer overflow protection enabled. 6.3.5.2 FPT_API_EXT.1 Use of Supported Services and APIs FPT_API_EXT.1.1 The application shall use only documented platform APIs. 6.3.5.3 FPT_IDV_EXT.1 Software Identification and Versions FPT_IDV_EXT.1.1 The application shall be versioned with [[major release number, minor release number, patch number, service pack number]]. 6.3.5.4 FPT_LIB_EXT.1 Use of Third Party Libraries FPT_LIB_EXT.1.1 Security Target SailPoint FAM 8.3 SP5 23 | P a g e The application shall be packaged with only [third-party libraries listed in Table 13]. 6.3.5.5 FPT_TUD_EXT.1 Integrity for Installation and Update FPT_TUD_EXT.1.1 The application shall [provide the ability] to check for updates and patches to the application software. FPT_TUD_EXT.1.2 The application shall [provide the ability] to query the current version of the application software. FPT_TUD_EXT.1.3 The application shall not download, modify, replace or update its own binary code. FPT_TUD_EXT.1.4 Application updates shall be digitally signed such that the application platform can cryptographically verify them prior to installation. FPT_TUD_EXT.1.5 The application is distributed [as an additional software package to the platform OS]. 6.3.5.6 FPT_TUD_EXT.2 Integrity for Installation and Update FPT_TUD_EXT.2.12 The application shall be distributed using [the format of the platform-supported package manager]. FPT_TUD_EXT.2.2 The application shall be packaged such that its removal results in the deletion of all traces of the application, with the exception of configuration settings, output files, and audit/log events. FPT_TUD_EXT.2.3 The application installation package shall be digitally signed such that its platform can cryptographically verify them prior to installation. 6.3.6 Class FTP: Trusted Path/Channel 6.3.6.1 FTP_DIT_EXT.1 Protection of Data in Transit FTP_DIT_EXT.1.13 The application shall [ • invoke platform-provided functionality to encrypt all transmitted data with [TLS] for [responding to TLS connection requests from Activity Monitor(s) for receiving managed resource data] 2 TD0628 3 TD0743 Security Target SailPoint FAM 8.3 SP5 24 | P a g e ] between itself and another trusted IT product. 6.4 Statement of Security Functional Requirements Consistency The Security Functional Requirements included in the ST represent all required SFRs specified in the claimed App PP, and all applicable selection-based requirements that have been included as specified for the claimed App PP. All hierarchical relationships, dependencies, and unfulfilled dependency rationales in the ST are considered to be identical to those that are defined in the claimed PP. Security Target SailPoint FAM 8.3 SP5 25 | P a g e 7 Security Assurance Requirements This section identifies the Security Assurance Requirements (SARs) that are claimed for the TOE. The SARs which are claimed are in exact conformance with the App PP. 7.1 Class ASE: Security Target 7.1.1 ST introduction (ASE_INT.1) 7.1.1.1 Developer action elements: ASE_INT.1.1D The developer shall provide an ST introduction. 7.1.1.2 Content and presentation elements: ASE_INT.1.1C The ST introduction shall contain an ST reference, a TOE reference, a TOE overview and a TOE description. ASE_INT.1.2C The ST reference shall uniquely identify the ST. ASE_INT.1.3C The TOE reference shall uniquely identify the TOE. ASE_INT.1.4C The TOE overview shall summarise the usage and major security features of the TOE. ASE_INT.1.5C The TOE overview shall identify the TOE type. ASE_INT.1.6C The TOE overview shall identify any non-TOE hardware/software/firmware required by the TOE. ASE_INT.1.7C The TOE description shall describe the physical scope of the TOE. ASE_INT.1.8C The TOE description shall describe the logical scope of the TOE. 7.1.1.3 Evaluator action elements: ASE_INT.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ASE_INT.1.2E Security Target SailPoint FAM 8.3 SP5 26 | P a g e The evaluator shall confirm that the TOE reference, the TOE overview, and the TOE description are consistent with each other. 7.1.2 Conformance claims (ASE_CCL.1) 7.1.2.1 Developer action elements: ASE_CCL.1.1D The developer shall provide a conformance claim. ASE_CCL.1.2D The developer shall provide a conformance claim rationale. 7.1.2.2 Content and presentation elements: ASE_CCL.1.1C The conformance claim shall contain a CC conformance claim that identifies the version of the CC to which the ST and the TOE claim conformance. ASE_CCL.1.2C The CC conformance claim shall describe the conformance of the ST to CC Part 2 as either CC Part 2 conformant or CC Part 2 extended. ASE_CCL.1.3C The CC conformance claim shall describe the conformance of the ST to CC Part 3 as either CC Part 3 conformant or CC Part 3 extended. ASE_CCL.1.4C The CC conformance claim shall be consistent with the extended components definition. ASE_CCL.1.5C The conformance claim shall identify all PPs and security requirement packages to which the ST claims conformance. ASE_CCL.1.6C The conformance claim shall describe any conformance of the ST to a package as either package- conformant or package-augmented. ASE_CCL.1.7C The conformance claim rationale shall demonstrate that the TOE type is consistent with the TOE type in the PPs for which conformance is being claimed. ASE_CCL.1.8C The conformance claim rationale shall demonstrate that the statement of the security problem definition is consistent with the statement of the security problem definition in the PPs for which conformance is being claimed. Security Target SailPoint FAM 8.3 SP5 27 | P a g e ASE_CCL.1.9C The conformance claim rationale shall demonstrate that the statement of security objectives is consistent with the statement of security objectives in the PPs for which conformance is being claimed. ASE_CCL.1.10C The conformance claim rationale shall demonstrate that the statement of security requirements is consistent with the statement of security requirements in the PPs for which conformance is being claimed. 7.1.2.3 Evaluator action elements: ASE_CCL.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 7.1.3 Security objectives for the operational environment (ASE_OBJ.1) 7.1.3.1 Developer action elements: ASE_OBJ.1.1D The developer shall provide a statement of security objectives. 7.1.3.2 Content and presentation elements: ASE_OBJ.1.1C The statement of security objectives shall describe the security objectives for the operational environment. 7.1.3.3 Evaluator action elements: ASE_OBJ.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 7.1.4 Extended components definition (ASE_ECD.1) 7.1.4.1 Developer action elements: ASE_ECD.1.1D The developer shall provide a statement of security requirements. ASE_ECD.1.2D The developer shall provide an extended components definition. 7.1.4.2 Content and presentation elements: ASE_ECD.1.1C Security Target SailPoint FAM 8.3 SP5 28 | P a g e The statement of security requirements shall identify all extended security requirements. ASE_ECD.1.2C The extended components definition shall define an extended component for each extended security requirement. ASE_ECD.1.3C The extended components definition shall describe how each extended component is related to the existing CC components, families, and classes. ASE_ECD.1.4C The extended components definition shall use the existing CC components, families, classes, and methodology as a model for presentation. ASE_ECD.1.5C The extended components shall consist of measurable and objective elements such that conformance or nonconformance to these elements can be demonstrated. 7.1.4.3 Evaluator action elements: ASE_ECD.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ASE_ECD.1.2E The evaluator shall confirm that no extended component can be clearly expressed using existing components. 7.1.5 Stated security requirements (ASE_REQ.1) 7.1.5.1 Developer action elements: ASE_REQ.1.1D The developer shall provide a statement of security requirements. ASE_REQ.1.2D The developer shall provide a security requirements rationale. 7.1.5.2 Content and presentation elements: ASE_REQ.1.1C The statement of security requirements shall describe the SFRs and the SARs. ASE_REQ.1.2C All subjects, objects, operations, security attributes, external entities and other terms that are used in the SFRs and the SARs shall be defined. Security Target SailPoint FAM 8.3 SP5 29 | P a g e ASE_REQ.1.3C The statement of security requirements shall identify all operations on the security requirements. ASE_REQ.1.4C All operations shall be performed correctly. ASE_REQ.1.5C Each dependency of the security requirements shall either be satisfied, or the security requirements rationale shall justify the dependency not being satisfied. ASE_REQ.1.6C The statement of security requirements shall be internally consistent. 7.1.5.3 Evaluator action elements: ASE_REQ.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 7.1.6 TOE summary specification (ASE_TSS.1) 7.1.6.1 Developer action elements: ASE_TSS.1.1D The developer shall provide a TOE summary specification. 7.1.6.2 Content and presentation elements: ASE_TSS.1.1C The TOE summary specification shall describe how the TOE meets each SFR. 7.1.6.3 Evaluator action elements: ASE_TSS.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ASE_TSS.1.2E The evaluator shall confirm that the TOE summary specification is consistent with the TOE overview and the TOE description. 7.2 Class ADV: Development 7.2.1 Basic Functional Specification (ADV_FSP.1) 7.2.1.1 Developer action elements: ADV_FSP.1.1D Security Target SailPoint FAM 8.3 SP5 30 | P a g e The developer shall provide a functional specification. ADV_FSP.1.2D The developer shall provide a tracing from the functional specification to the SFRs. 7.2.1.2 Content and presentation elements: ADV_FSP.1.1C The functional specification shall describe the purpose and method of use for each SFR-enforcing and SFR-supporting TSFI. ADV_FSP.1.2C The functional specification shall identify all parameters associated with each SFR-enforcing and SFR-supporting TSFI. ADV_FSP.1.3C The functional specification shall provide rationale for the implicit categorization of interfaces as SFR-non-interfering. ADV_FSP.1.4C The tracing shall demonstrate that the SFRs trace to TSFIs in the functional specification. 7.2.1.3 Evaluator action elements: ADV_ FSP.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ADV_ FSP.1.2E The evaluator shall determine that the functional specification is an accurate and complete instantiation of the SFRs. 7.3 Class AGD: Guidance Documentation 7.3.1 Operational User Guidance (AGD_OPE.1) 7.3.1.1 Developer action elements: AGD_OPE.1.1D The developer shall provide operational user guidance. 7.3.1.2 Content and presentation elements: AGD_OPE.1.1C The operational user guidance shall describe, for each user role, the user-accessible functions and privileges that should be controlled in a secure processing environment, including appropriate warnings. Security Target SailPoint FAM 8.3 SP5 31 | P a g e AGD_OPE.1.2C The operational user guidance shall describe, for each user role, how to use the available interfaces provided by the TOE in a secure manner. AGD_OPE.1.3C The operational user guidance shall describe, for each user role, the available functions and interfaces, in particular all security parameters under the control of the user, indicating secure values as appropriate. AGD_OPE.1.4C The operational user guidance shall, for each user role, clearly present each type of security-relevant event relative to the user-accessible functions that need to be performed, including changing the security characteristics of entities under the control of the TSF. AGD_OPE.1.5C The operational user guidance shall identify all possible modes of operation of the TOE (including operation following failure or operational error), their consequences, and implications for maintaining secure operation. AGD_OPE.1.6C The operational user guidance shall, for each user role, describe the security measures to be followed in order to fulfill the security objectives for the operational environment as described in the ST. AGD_OPE.1.7C The operational user guidance shall be clear and reasonable. 7.3.1.3 Evaluator action elements: AGD_OPE.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 7.3.2 Preparative Procedures (AGD_PRE.1) 7.3.2.1 Developer action elements: AGD_PRE.1.1D The developer shall provide the TOE, including its preparative procedures. 7.3.2.2 Content and presentation elements: AGD_ PRE.1.1C The preparative procedures shall describe all the steps necessary for secure acceptance of the delivered TOE in accordance with the developer's delivery procedures. AGD_ PRE.1.2C Security Target SailPoint FAM 8.3 SP5 32 | P a g e The preparative procedures shall describe all the steps necessary for secure installation of the TOE and for the secure preparation of the operational environment in accordance with the security objectives for the operational environment as described in the ST. 7.3.2.3 Evaluator action elements: AGD_ PRE.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AGD_ PRE.1.2E The evaluator shall apply the preparative procedures to confirm that the TOE can be prepared securely for operation. 7.4 Class ALC: Life Cycle Support 7.4.1 Labeling of the TOE (ALC_CMC.1) 7.4.1.1 Developer action elements: ALC_CMC.1.1D The developer shall provide the TOE and a reference for the TOE. 7.4.1.2 Content and presentation elements: ALC_CMC.1.1C The application shall be labeled with a unique reference. 7.4.1.3 Evaluator action elements: ALC_CMC.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 7.4.2 TOE CM Coverage (ALC_CMS.1) 7.4.2.1 Developer action elements: ALC_CMS.1.1D The developer shall provide a configuration list for the TOE. 7.4.2.2 Content and presentation elements: ALC_CMS.1.1C The configuration list shall include the following: the TOE itself; and the evaluation evidence required by the SARs. ALC_CMS.1.2C Security Target SailPoint FAM 8.3 SP5 33 | P a g e The configuration list shall uniquely identify the configuration items. 7.4.2.3 Evaluator action elements: ALC_CMS.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 7.4.3 Timely Security Updates (ALC_TSU_EXT.1) 7.4.3.1 Developer Actions Element: ALC_TSU_EXT.1.1D The developer shall provide a description in the TSS of how timely security updates are made to the TOE. ALC_TSU_EXT.1.2D The developer shall provide a description in the TSS of how users are notified when updates change security properties or the configuration of the product. 7.4.3.2 Content and presentation elements: ALC_TSU_EXT.1.1C The description shall include the process for creating and deploying security updates for the TOE software. ALC_TSU_EXT.1.2C The description shall express the time window as the length of time, in days, between public disclosure of a vulnerability and the public availability of security updates to the TOE. ALC_TSU_EXT.1.3C The description shall include the mechanisms publicly available for reporting security issues pertaining to the TOE. 7.4.3.3 Evaluator action elements: ALC_TSU_EXT.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 7.5 Class ATE: Tests 7.5.1 Independent Testing - Conformance (ATE_IND.1) 7.5.1.1 Developer action elements: ATE_IND.1.1D Security Target SailPoint FAM 8.3 SP5 34 | P a g e The developer shall provide the TOE for testing. 7.5.1.2 Content and presentation elements: ATE_IND.1.1C The TOE shall be suitable for testing. 7.5.1.3 Evaluator action elements: ATE_IND.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ATE_IND.1.2E The evaluator shall test a subset of the TSF to confirm that the TSF operates as specified. 7.6 Class AVA: Vulnerability Assessment 7.6.1 Vulnerability Survey (AVA_VAN.1) 7.6.1.1 Developer action elements: AVA_VAN.1.1D The developer shall provide the TOE for testing. 7.6.1.2 Content and presentation elements: AVA_VAN.1.1C The application shall be suitable for testing. 7.6.1.3 Evaluator action elements: AVA_VAN.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AVA_VAN.1.2E The evaluator shall perform a search of public domain sources to identify potential vulnerabilities in the TOE. AVA_VAN.1.3E The evaluator shall conduct penetration testing, based on the identified potential vulnerabilities, to determine that the TOE is resistant to attacks performed by an attacker possessing Basic attack potential. Security Target SailPoint FAM 8.3 SP5 35 | P a g e 8 TOE Summary Specification 8.1 Cryptographic Support 8.1.1 FCS_CKM_EXT.1: The TOE does not perform generation of asymmetric cryptographic keys. 8.1.2 FCS_RBG_EXT.1: The TOE does not directly invoke any DRBG functionality for any SFR related functionality. 8.1.3 FCS_STO_EXT.1: The credentials for accessing the SQL database are stored using the Data Protection API. The TOE will invoke the Windows platform to encrypt these credentials using a certificate located in the Windows Certificate Store and will then invoke the Windows platform to store the encrypted credentials. Note that the following credentials are not applicable to this SFR because they are not stored by the TOE. The user credentials used for authentication to the TOE are stored in the Windows platform’s Active Directory or in the SQL database (both external to the TOE). Active Directory contains the enterprise user credentials for authenticating the fat client and for authenticating to IIS for access to the GUI. The SQL database contains the local user credentials for authenticating to the TOE's fat client. The SQL database also contains the credentials for accessing the Windows platform’s Active Directory. 8.2 User Data Protection 8.2.1 FDP_DAR_EXT.1: The credentials for accessing the SQL database are stored using the Data Protection API, in accordance with FCS_STO_EXT.1. The TOE will invoke the Windows platform to encrypt these credentials using a certificate located in the Windows Certificate Store and then invoke the Windows platform to store the encrypted credentials. 8.2.2 FDP_DEC_EXT.1: During operation of the TOE, access to the underlying Windows platform is limited to use of network connectivity hardware for communication with web browsers for GUI access and Activity Monitor application(s). The TOE accesses the Windows operating system’s Active Directory component which is a sensitive data repository that contains enterprise user data. The TOE verifies enterprise user credentials which are used for authenticating to the TOE’s fat client as well as queries enterprise user account information for the FAM product’s primary functionality. 8.2.3 FDP_NET_EXT.1: During TOE operation, the TOE will rely on the Windows platform to handle the following network connections, to include all of their cryptographic operations: • respond to TLS connection (TCP port 8000) requests from an Activity Monitor to receive managed resource data. Security Target SailPoint FAM 8.3 SP5 36 | P a g e Note the TOE opens default TCP ports 8001, 8005, 8006, 8010, and 9200 for local communication between components on the machine where the TOE is installed. The following description is for completeness in understanding the operational environment network requirements of the TOE. The host platform’s IIS web server (part of the OE) is required to handle user- initiated HTTPS requests from a web browser for remote access to the administrative GUI TOE component (TCP port 443). IIS is a Windows service, of which the TOE has no control over, and is initiated during the platform’s startup. IIS performs the credential collection and authentication prior to allowing access to the TOE’s website content (remote management functionality). 8.3 Security Management 8.3.1 FMT_CFG_EXT.1: The TOE's installation directory is C:\Program Files. The administrator that performs the installation will receive the owner permissions for the TOE's binaries and data files. Due to C:\Program Files being the installation directory, the Windows platform will protect the TOE's binaries and data files from modification by unprivileged users. There are no default credentials for the TOE. During the installation process, the administrator that performs the installation will define their own password for the TOE’s main administrative account. 8.3.2 FMT_MEC_EXT.1: The TOE maintains a set of configuration options to run in the evaluated configuration. These configuration options are stored per the mechanisms recommended by the Windows platform vendor for .NET Core applications. 8.3.3 FMT_SMF.1: The TOE provides the following management functions to its users: • configuration of the Active Directory to which the TOE will communicate via the fat client • perform tasks that read data from Active Directory via the GUI and the fat client • perform tasks that read or write data (i.e., local user credentials, configuration data, governed data) to the SQL database via the GUI and the fat client • query the current version of the TOE via the fat client • perform the software update process via the fat client 8.4 Privacy 8.4.1 FPR_ANO_EXT.1: The TOE application does not collect personally identifiable information (PII) for administrators or users. Therefore, the TOE application does not transmit PII data over the network. Security Target SailPoint FAM 8.3 SP5 37 | P a g e 8.5 Protection of the TSF 8.5.1 FPT_AEX_EXT.1: The TOE relies on the Windows platform to request memory and will not request an explicit memory address. During the compilation of the TOE's software, the /NXCOMPAT flag is set to ensure that Data Execution Prevention (DEP) protections are enabled. The TOE does not allocate any memory region with both write and execute permissions. The TOE's software runs as Managed Code in the .NET Core, and therefore no additional stack-based buffer overflow protection needs to be enabled. The TOE will operate on Windows Server with the security features of Windows Defender Exploit Guard Exploit Protection configured on, with the following enabled: Control Flow Guard (CFG), randomize memory allocations (Bottom-Up ASLR), Export Address Filtering (EAF), Import Address Filtering (IAF), and DEP. The TOE does not write user-modifiable files to directories that contain executable files. 8.5.2 FPT_API_EXT.1: The TOE is installed on the Windows platform and uses only the following supported Windows platform APIs in order to function. Table 12: .NET Core APIs System.Buffers System.ComponentModel System.Memory System.Data System.Diagnostics System.Net System.Configuration System.DirectoryServices System.Numerics System.ServiceProcess System.Drawing System.Runtime System.Threading System.IO System.Security System.Management System.IdentityModel System.ServiceModel System.Xml Microsoft.Bcl Microsoft.Windows Microsoft.PowerShell Microsoft.Extensions Microsoft Sharepoint Microsoft.SharePointOnline Microsoft.Data Microsoft.Net Microsoft.VisualStudio Microsoft.Win32 Microsoft.SqlServer Microsoft.IdentityModel 8.5.3 FPT_IDV_EXT.1: Every binary file of the TOE is marked with the TOE’s version. An administrator can right click the binary file, click properties, and view the TOE’s version under the details tab. The versioning nomenclature used by the TOE is #.#.#.#. The first number indicates the major release number and is incremented by the value of 1. The second number is the minor release number and is incremented by the value of 1. The third number represents the patch number and is incremented by the value of 1000. The fourth number represents the service pack number and is incremented by the value of 1000. 8.5.4 FPT_LIB_EXT.1: The following two tables consist of a list of the third-party dynamic libraries and non-dynamic libraries used by the TOE. Table 13: Dynamic Libraries included with TOE AntiXssLibrary.dll mscorlib.dll Antlr3.Runtime.dll mscorrc.debug.dll api-ms-win-core-console-l1-1-0.dll mscorrc.dll api-ms-win-core-datetime-l1-1-0.dll Namotion.Reflection.dll Security Target SailPoint FAM 8.3 SP5 38 | P a g e api-ms-win-core-debug-l1-1-0.dll Nest.dll api-ms-win-core-errorhandling-l1-1-0.dll Nest.JsonNetSerializer.dll api-ms-win-core-file-l1-1-0.dll netstandard.dll api-ms-win-core-file-l1-2-0.dll Newtonsoft.Json.Bson.dll api-ms-win-core-file-l2-1-0.dll Newtonsoft.Json.dll api-ms-win-core-handle-l1-1-0.dll NHibernate.dll api-ms-win-core-heap-l1-1-0.dll NJsonSchema.dll api-ms-win-core-interlocked-l1-1-0.dll NLog.dll api-ms-win-core-libraryloader-l1-1-0.dll NLog.Extensions.Logging.dll api-ms-win-core-localization-l1-2-0.dll NLog.Targets.Syslog.dll api-ms-win-core-memory-l1-1-0.dll NLog.Web.AspNetCore.dll api-ms-win-core-namedpipe-l1-1-0.dll Novell.Directory.Ldap.NETStandard.dll api-ms-win-core-processenvironment-l1-1-0.dll NuGet.Frameworks.dll api-ms-win-core-processthreads-l1-1-0.dll Oracle.ManagedDataAccess.dll api-ms-win-core-processthreads-l1-1-1.dll Perceptive.DocumentFilters.dll api-ms-win-core-profile-l1-1-0.dll PowerShell.Core.Instrumentation.dll api-ms-win-core-rtlsupport-l1-1-0.dll protobuf-net.dll api-ms-win-core-string-l1-1-0.dll pwrshplugin.dll api-ms-win-core-synch-l1-1-0.dll Python.Runtime.dll api-ms-win-core-synch-l1-2-0.dll python3.dll api-ms-win-core-sysinfo-l1-1-0.dll python39.dll api-ms-win-core-timezone-l1-1-0.dll Quartz.dll api-ms-win-core-util-l1-1-0.dll Quartz.Jobs.dll api-ms-win-crt-conio-l1-1-0.dll Quartz.Plugins.dll api-ms-win-crt-convert-l1-1-0.dll RabbitMQ.Client.dll api-ms-win-crt-environment-l1-1-0.dll Remotion.Linq.dll api-ms-win-crt-filesystem-l1-1-0.dll Remotion.Linq.EagerFetching.dll api-ms-win-crt-heap-l1-1-0.dll Renci.SshNet.dll api-ms-win-crt-locale-l1-1-0.dll RestSharp.dll api-ms-win-crt-math-l1-1-0.dll Scrutor.dll api-ms-win-crt-multibyte-l1-1-0.dll SimpleIdServer.Jwt.dll api-ms-win-crt-private-l1-1-0.dll SimpleIdServer.Scim.dll api-ms-win-crt-process-l1-1-0.dll SimpleIdServer.Scim.Swashbuckle.dll api-ms-win-crt-runtime-l1-1-0.dll sni.dll api-ms-win-crt-stdio-l1-1-0.dll sqlite3.dll api-ms-win-crt-string-l1-1-0.dll SQLitePCLRaw.batteries_v2.dll api-ms-win-crt-time-l1-1-0.dll SQLitePCLRaw.core.dll api-ms-win-crt-utility-l1-1-0.dll SQLitePCLRaw.nativelibrary.dll Aspose.Cells.dll SQLitePCLRaw.provider.dynamic_cdecl.dll AutoMapper.dll SshNet.Security.Cryptography.dll AutoMapper.Extensions.Microsoft.DependencyInjecti on.dll Swashbuckle.AspNetCore.Annotations.dll AWSSDK.Core.dll Swashbuckle.AspNetCore.Filters.dll Security Target SailPoint FAM 8.3 SP5 39 | P a g e AWSSDK.IdentityManagement.dll Swashbuckle.AspNetCore.Newtonsoft.dll AWSSDK.Organizations.dll Swashbuckle.AspNetCore.Swagger.dll AWSSDK.S3.dll Swashbuckle.AspNetCore.SwaggerGen.dll AWSSDK.S3Control.dll Swashbuckle.AspNetCore.SwaggerUI.dll AWSSDK.SecurityToken.dll System.AppContext.dll BouncyCastle.Crypto.dll System.Buffers.dll C1.WPF.4.dll System.CodeDom.dll C1.WPF.DataGrid.4.dll System.Collections.Concurrent.dll C1.WPF.FlexGrid.4.dll System.Collections.dll C1.WPF.FlexGrid.GroupPanel.4.dll System.Collections.Immutable.dll C1.WPF.FlexGridFilter.4.dll System.Collections.NonGeneric.dll C1.WPF.Theming.4.dll System.Collections.Specialized.dll Caliburn.Micro.dll System.ComponentModel.Annotations.dll Cloudtoid.Framework.dll System.ComponentModel.Composition.dll Cloudtoid.Interprocess.dll System.ComponentModel.Composition.Registratio n.dll clrcompression.dll System.ComponentModel.DataAnnotations.dll clretwrc.dll System.ComponentModel.dll clrjit.dll System.ComponentModel.EventBasedAsync.dll CommandLine.dll System.ComponentModel.Primitives.dll coreclr.dll System.ComponentModel.TypeConverter.dll dbgshim.dll System.Composition.AttributedModel.dll dotnet-aspnet-codegenerator-design.dll System.Composition.Convention.dll e_sqlite3.dll System.Composition.Hosting.dll Elasticsearch.Net.dll System.Composition.Runtime.dll Ensure.That.dll System.Composition.TypedParts.dll FluentNHibernate.dll System.Configuration.ConfigurationManager.dll GongSolutions.Wpf.DragDrop.dll System.Configuration.dll Google.Apis.Admin.Directory.directory_v1.dll System.Console.dll Google.Apis.Admin.Reports.reports_v1.dll System.Core.dll Google.Apis.Auth.dll System.Data.Common.dll Google.Apis.Auth.PlatformServices.dll System.Data.DataSetExtensions.dll Google.Apis.Core.dll System.Data.dll Google.Apis.dll System.Data.Odbc.dll Google.Apis.Drive.v3.dll System.Data.OleDb.dll Google.Apis.DriveActivity.v2.dll System.Data.SqlClient.dll Google.Apis.PlatformServices.dll System.Diagnostics.Contracts.dll Google.Protobuf.dll System.Diagnostics.Debug.dll Grpc.AspNetCore.Server.ClientFactory.dll System.Diagnostics.DiagnosticSource.dll Grpc.AspNetCore.Server.dll System.Diagnostics.EventLog.dll Grpc.Core.Api.dll System.Diagnostics.FileVersionInfo.dll Grpc.Core.dll System.Diagnostics.PerformanceCounter.dll Grpc.HealthCheck.dll System.Diagnostics.Process.dll Security Target SailPoint FAM 8.3 SP5 40 | P a g e Grpc.Net.Client.dll System.Diagnostics.StackTrace.dll Grpc.Net.ClientFactory.dll System.Diagnostics.TextWriterTraceListener.dll Grpc.Net.Common.dll System.Diagnostics.Tools.dll grpc_csharp_ext.x64.dll System.Diagnostics.TraceSource.dll grpc_csharp_ext.x86.dll System.Diagnostics.Tracing.dll hostfxr.dll System.DirectoryServices.AccountManagement.dll hostpolicy.dll System.DirectoryServices.dll HtmlSanitizationLibrary.dll System.DirectoryServices.Protocols.dll IbanNet.dll System.dll ICU4N.Collation.dll System.Drawing.Common.dll ICU4N.CurrencyData.dll System.Drawing.dll ICU4N.dll System.Drawing.Primitives.dll ICU4N.LanguageData.dll System.Dynamic.Runtime.dll ICU4N.RegionData.dll System.Globalization.Calendars.dll ICU4N.Transliterator.dll System.Globalization.dll IdentityModel.AspNetCore.OAuth2Introspection.dll System.Globalization.Extensions.dll IdentityModel.dll System.IdentityModel.Tokens.Jwt.dll IdentityServer4.AccessTokenValidation.dll System.IO.Abstractions.dll IdentityServer4.dll System.IO.Compression.Brotli.dll IdentityServer4.Storage.dll System.IO.Compression.dll Iesi.Collections.dll System.IO.Compression.FileSystem.dll ISYS11df.dll System.IO.Compression.ZipFile.dll ISYSautocad.dll System.IO.dll ISYSpdf6.dll System.IO.FileSystem.AccessControl.dll ISYSreaders.dll System.IO.FileSystem.dll ISYSreadershd.dll System.IO.FileSystem.DriveInfo.dll ISYSreadersocr.dll System.IO.FileSystem.Primitives.dll ITfoxtec.Identity.Saml2.dll System.IO.FileSystem.Watcher.dll ITfoxtec.Identity.Saml2.MvcCore.dll System.IO.IsolatedStorage.dll J2N.dll System.IO.MemoryMappedFiles.dll LazyCache.AspNetCore.dll System.IO.Packaging.dll LazyCache.dll System.IO.Pipes.AccessControl.dll libcrypto-1_1.dll System.IO.Pipes.dll libffi-7.dll System.IO.Ports.dll libopenblas.XWYDX2IKJW2NMTWSFYNGFUWK QU3LYTCZ.gfortran-win_amd64.dll System.IO.UnmanagedMemoryStream.dll libssl-1_1.dll System.Linq.dll LiteDB.dll System.Linq.Expressions.dll LogoFX.Core.dll System.Linq.Parallel.dll LogoFX.Data.dll System.Linq.Queryable.dll LogoFX.Infra.dll System.Management.Automation.dll Lucene.Net.Analysis.Common.dll System.Management.dll Lucene.Net.Analysis.SmartCn.dll System.Memory.dll Security Target SailPoint FAM 8.3 SP5 41 | P a g e Lucene.Net.dll System.Net.dll Lucene.Net.Highlighter.dll System.Net.Http.dll Lucene.Net.ICU.dll System.Net.Http.Formatting.dll Lucene.Net.Memory.dll System.Net.Http.Json.dll Lucene.Net.Queries.dll System.Net.Http.WinHttpHandler.dll Lucene.Net.QueryParser.dll System.Net.HttpListener.dll Lucene.Net.Sandbox.dll System.Net.Mail.dll ManageOntap.dll System.Net.NameResolution.dll Markdig.Signed.dll System.Net.NetworkInformation.dll mi.dll System.Net.Ping.dll Microsoft.ApplicationInsights.dll System.Net.Primitives.dll Microsoft.AspNetCore.Authentication.Certificate.dll System.Net.Requests.dll Microsoft.AspNetCore.Authentication.JwtBearer.dll System.Net.Security.dll Microsoft.AspNetCore.Authentication.OpenIdConnect .dll System.Net.ServicePoint.dll Microsoft.AspNetCore.Authorization.dll System.Net.Sockets.dll Microsoft.AspNetCore.JsonPatch.dll System.Net.WebClient.dll Microsoft.AspNetCore.Metadata.dll System.Net.WebHeaderCollection.dll Microsoft.AspNetCore.Mvc.NewtonsoftJson.dll System.Net.WebProxy.dll Microsoft.AspNetCore.Mvc.Razor.Extensions.dll System.Net.WebSockets.Client.dll Microsoft.AspNetCore.Owin.dll System.Net.WebSockets.dll Microsoft.AspNetCore.Razor.Language.dll System.Net.WebSockets.WebSocketProtocol.dll Microsoft.Bcl.AsyncInterfaces.dll System.Numerics.dll Microsoft.CodeAnalysis.CSharp.dll System.Numerics.Vectors.dll Microsoft.CodeAnalysis.CSharp.resources.dll System.ObjectModel.dll Microsoft.CodeAnalysis.CSharp.Workspaces.dll System.Private.CoreLib.dll Microsoft.CodeAnalysis.CSharp.Workspaces.resource s.dll System.Private.DataContractSerialization.dll Microsoft.CodeAnalysis.dll System.Private.ServiceModel.dll Microsoft.CodeAnalysis.Razor.dll System.Private.Uri.dll Microsoft.CodeAnalysis.resources.dll System.Private.Xml.dll Microsoft.CodeAnalysis.Workspaces.dll System.Private.Xml.Linq.dll Microsoft.CodeAnalysis.Workspaces.resources.dll System.Reactive.dll Microsoft.CSharp.dll System.Reflection.Context.dll Microsoft.Data.Sqlite.dll System.Reflection.DispatchProxy.dll Microsoft.Data.Tools.Sql.BatchParser.dll System.Reflection.dll Microsoft.DiaSymReader.Native.amd64.dll System.Reflection.Emit.dll Microsoft.DotNet.PlatformAbstractions.dll System.Reflection.Emit.ILGeneration.dll Microsoft.Expression.Interactions.dll System.Reflection.Emit.Lightweight.dll Microsoft.Extensions.Caching.Abstractions.dll System.Reflection.Extensions.dll Microsoft.Extensions.Caching.Memory.dll System.Reflection.Metadata.dll Microsoft.Extensions.Configuration.Abstractions.dll System.Reflection.Primitives.dll Microsoft.Extensions.Configuration.Binder.dll System.Reflection.TypeExtensions.dll Microsoft.Extensions.Configuration.CommandLine.dll System.Resources.Reader.dll Security Target SailPoint FAM 8.3 SP5 42 | P a g e Microsoft.Extensions.Configuration.dll System.Resources.ResourceManager.dll Microsoft.Extensions.Configuration.EnvironmentVari ables.dll System.Resources.Writer.dll Microsoft.Extensions.Configuration.FileExtensions.dll System.Runtime.Caching.dll Microsoft.Extensions.Configuration.Json.dll System.Runtime.CompilerServices.Unsafe.dll Microsoft.Extensions.Configuration.UserSecrets.dll System.Runtime.CompilerServices.VisualC.dll Microsoft.Extensions.DependencyInjection.Abstractio ns.dll System.Runtime.dll Microsoft.Extensions.DependencyInjection.dll System.Runtime.Extensions.dll Microsoft.Extensions.DependencyModel.dll System.Runtime.Handles.dll Microsoft.Extensions.FileProviders.Abstractions.dll System.Runtime.InteropServices.dll Microsoft.Extensions.FileProviders.Physical.dll System.Runtime.InteropServices.RuntimeInformati on.dll Microsoft.Extensions.FileSystemGlobbing.dll System.Runtime.InteropServices.WindowsRuntime .dll Microsoft.Extensions.Hosting.Abstractions.dll System.Runtime.Intrinsics.dll Microsoft.Extensions.Hosting.dll System.Runtime.Loader.dll Microsoft.Extensions.Hosting.Systemd.dll System.Runtime.Numerics.dll Microsoft.Extensions.Hosting.WindowsServices.dll System.Runtime.Serialization.dll Microsoft.Extensions.Http.dll System.Runtime.Serialization.Formatters.dll Microsoft.Extensions.Logging.Abstractions.dll System.Runtime.Serialization.Json.dll Microsoft.Extensions.Logging.Configuration.dll System.Runtime.Serialization.Primitives.dll Microsoft.Extensions.Logging.Console.dll System.Runtime.Serialization.Xml.dll Microsoft.Extensions.Logging.Debug.dll System.Runtime.WindowsRuntime.dll Microsoft.Extensions.Logging.dll System.Runtime.WindowsRuntime.UI.Xaml.dll Microsoft.Extensions.Logging.EventLog.dll System.Security.AccessControl.dll Microsoft.Extensions.Logging.EventSource.dll System.Security.Claims.dll Microsoft.Extensions.Options.ConfigurationExtension s.dll System.Security.Cryptography.Algorithms.dll Microsoft.Extensions.Options.dll System.Security.Cryptography.Cng.dll Microsoft.Extensions.Primitives.dll System.Security.Cryptography.Csp.dll Microsoft.IdentityModel.Clients.ActiveDirectory.dll System.Security.Cryptography.Encoding.dll Microsoft.IdentityModel.JsonWebTokens.dll System.Security.Cryptography.OpenSsl.dll Microsoft.IdentityModel.Logging.dll System.Security.Cryptography.Pkcs.dll Microsoft.IdentityModel.Protocols.dll System.Security.Cryptography.Primitives.dll Microsoft.IdentityModel.Protocols.OpenIdConnect.dll System.Security.Cryptography.ProtectedData.dll Microsoft.IdentityModel.Tokens.dll System.Security.Cryptography.X509Certificates.dll Microsoft.IdentityModel.Tokens.Saml.dll System.Security.Cryptography.Xml.dll Microsoft.IdentityModel.Xml.dll System.Security.dll Microsoft.Management.Infrastructure.CimCmdlets.dll System.Security.Permissions.dll Microsoft.Management.Infrastructure.dll System.Security.Principal.dll Microsoft.Management.Infrastructure.Native.dll System.Security.Principal.Windows.dll Microsoft.Management.Infrastructure.Native.Unmana ged.dll System.Security.SecureString.dll Microsoft.Office.Client.Policy.dll System.ServiceModel.dll Security Target SailPoint FAM 8.3 SP5 43 | P a g e Microsoft.Office.Client.TranslationServices.dll System.ServiceModel.Duplex.dll Microsoft.Office.SharePoint.Tools.dll System.ServiceModel.Http.dll Microsoft.Online.SharePoint.Client.Tenant.dll System.ServiceModel.NetTcp.dll Microsoft.OpenApi.dll System.ServiceModel.Primitives.dll Microsoft.PowerShell.Commands.Diagnostics.dll System.ServiceModel.Security.dll Microsoft.PowerShell.Commands.Management.dll System.ServiceModel.Syndication.dll Microsoft.PowerShell.Commands.Utility.dll System.ServiceModel.Web.dll Microsoft.PowerShell.ConsoleHost.dll System.ServiceProcess.dll Microsoft.PowerShell.CoreCLR.Eventing.dll System.ServiceProcess.ServiceController.dll Microsoft.PowerShell.MarkdownRender.dll System.Text.Encoding.CodePages.dll Microsoft.PowerShell.SDK.dll System.Text.Encoding.dll Microsoft.PowerShell.Security.dll System.Text.Encoding.Extensions.dll Microsoft.ProjectServer.Client.dll System.Text.Encodings.Web.dll Microsoft.SharePoint.Client.dll System.Text.Json.dll Microsoft.SharePoint.Client.DocumentManagement.dl l System.Text.RegularExpressions.dll Microsoft.SharePoint.Client.Portable.dll System.Threading.AccessControl.dll Microsoft.SharePoint.Client.Publishing.dll System.Threading.Channels.dll Microsoft.SharePoint.Client.Runtime.dll System.Threading.dll Microsoft.SharePoint.Client.Runtime.Portable.dll System.Threading.Overlapped.dll Microsoft.SharePoint.Client.Runtime.Windows.dll System.Threading.Tasks.Dataflow.dll Microsoft.SharePoint.Client.Search.Applications.dll System.Threading.Tasks.dll Microsoft.SharePoint.Client.Search.dll System.Threading.Tasks.Extensions.dll Microsoft.SharePoint.Client.Taxonomy.dll System.Threading.Tasks.Parallel.dll Microsoft.SharePoint.Client.UserProfiles.dll System.Threading.Thread.dll Microsoft.SharePoint.Client.WorkflowServices.dll System.Threading.ThreadPool.dll Microsoft.SqlServer.Assessment.dll System.Threading.Timer.dll Microsoft.SqlServer.BatchParser.dll System.Transactions.dll Microsoft.SqlServer.ConnectionInfo.dll System.Transactions.Local.dll Microsoft.SqlServer.Dmf.dll System.ValueTuple.dll Microsoft.SqlServer.Management.Assessment.dll System.Web.dll Microsoft.SqlServer.Management.Dmf.dll System.Web.HttpUtility.dll Microsoft.SqlServer.Management.RegisteredServers.d ll System.Windows.dll Microsoft.SqlServer.Management.Sdk.Sfc.dll System.Windows.Extensions.dll Microsoft.SqlServer.Management.SmoMetadataProvid er.dll System.Windows.Interactivity.dll Microsoft.SqlServer.Management.SqlParser.dll System.Xml.dll Microsoft.SqlServer.Management.SqlScriptPublishMo del.dll System.Xml.Linq.dll Microsoft.SqlServer.Management.XEvent.dll System.Xml.ReaderWriter.dll Microsoft.SqlServer.Management.XEventDbScoped.d ll System.Xml.Serialization.dll Microsoft.SqlServer.Management.XEventDbScopedE num.dll System.Xml.XDocument.dll Security Target SailPoint FAM 8.3 SP5 44 | P a g e Microsoft.SqlServer.Management.XEventEnum.dll System.Xml.XmlDocument.dll Microsoft.SqlServer.PolicyEnum.dll System.Xml.XmlSerializer.dll Microsoft.SqlServer.ServiceBrokerEnum.dll System.Xml.XPath.dll Microsoft.SqlServer.Smo.dll System.Xml.XPath.XDocument.dll Microsoft.SqlServer.SmoExtended.dll Telerik.Windows.Controls.dll Microsoft.SqlServer.SqlEnum.dll Telerik.Windows.Controls.GridView.dll Microsoft.VisualBasic.Core.dll Telerik.Windows.Controls.Input.dll Microsoft.VisualBasic.dll Telerik.Windows.Controls.Navigation.dll Microsoft.VisualStudio.Web.CodeGeneration.Contract s.dll Telerik.Windows.Controls.RibbonView.dll Microsoft.VisualStudio.Web.CodeGeneration.Core.dll Telerik.Windows.Controls.RichTextBoxUI.dll Microsoft.VisualStudio.Web.CodeGeneration.dll Telerik.Windows.Data.dll Microsoft.VisualStudio.Web.CodeGeneration.EntityFr ameworkCore.dll Telerik.Windows.Documents.dll Microsoft.VisualStudio.Web.CodeGeneration.Templat ing.dll Telerik.Windows.Documents.FormatProviders.Ht ml.dll Microsoft.VisualStudio.Web.CodeGeneration.Utils.dll Telerik.Windows.Documents.FormatProviders.Ope nXml.dll Microsoft.VisualStudio.Web.CodeGenerators.Mvc.dll Telerik.Windows.Documents.FormatProviders.Pdf. dll Microsoft.Web.Administration.dll Telerik.Windows.Documents.FormatProviders.Rtf. dll Microsoft.Win32.Primitives.dll Telerik.Windows.Documents.FormatProviders.Xa ml.dll Microsoft.Win32.Registry.AccessControl.dll Telerik.Windows.Documents.Proofing.Dictionaries .En-US.dll Microsoft.Win32.Registry.dll ucrtbase.dll Microsoft.Win32.SystemEvents.dll vcruntime140.dll Microsoft.Windows.Design.Extensibility.dll vcruntime140_1.dll Microsoft.WSMan.Management.dll wbapi.dll Microsoft.WSMan.Runtime.dll WcfCoreMtomEncoder.dll miutils.dll WindowsBase.dll mscordaccore.dll WPFToolkit.dll mscordaccore_amd64_amd64_4.700.20.20201.dll WPFToolkit.Extended.dll mscordbi.dll WPFVisifire.Charts.dll Table 14: Non-Dynamic Libraries Included with TOE @angular/animations es5-shim @angular/common font-awesome @angular/compiler fortawesome/fontawesome-pro @angular/core Grpc.Tools @angular/forms jquery @angular/platform-browser jquery.easy-pie-chart @angular/platform-browser-dynamic jQuery-contextMenu @angular/router jQuery-contextMenuRtl Security Target SailPoint FAM 8.3 SP5 45 | P a g e @microsoft/signalr jquery-ui @ngrx/core json3 @ngrx/effects jstree @ngrx/store jstree-bootstrap-theme AlphaFS LazyCache.AspNetCore am-js-tree lodash angular-animate Microsoft.Data.SqlClient angular-bind-html-compile Microsoft.Extensions.Logging angular-bootstrap Microsoft.Net angular-bootstrap-colorpicker Microsoft.SharePointOnline.CSOM angular-cache Microsoft.SqlServer.SqlManagementObjects angular-cookies Microsoft.Windows.Compatibility angular-daterangepicker modernizr angular-drag-and-drop-lists Netapp ManageOntap API angular-loading ngx-progressbar angular-messages nvd3 angular-mocks offline angular-nvd3 Open XML angular-resizable Portable.BouncyCastle angular-resource Python angular-slick-carousel pythonnet_netstandard_py39_win angular-translate Quartz.Net angular-translate-loader-static-files Quartz.Plugins angular-translate-once rangy angular-translate-storage-cookie requirejs angular-translate-storage-local reselect angular-ui-grid restangular angular-ui-router rxjs angular-xeditable slick-carousel babel-polyfill spaCy bootstrap CSS spectrum bootstrap-daterangepicker spin.js bootstrap-rtl SSH.Net bootstrap-sass System.ServiceModel.Security classlist.js textAngular core-js ua-parser-js d3 web-animations-js Elasticsearch.Nest zone.js Security Target SailPoint FAM 8.3 SP5 46 | P a g e 8.5.5 FPT_TUD_EXT.1 and FPT_TUD_EXT.2: Each customer that is entitled to the TOE software has a username and password for accessing SailPoint’s customer portal. Connections to the SailPoint customer portal are protected using HTTPS. SailPoint’s customer portal contains a full list of all versions of the product that are currently still supported. The TOE administrator downloads the software installation package or software update package from SailPoint’s customer portal. This is the only method for distributing TOE software. Therefore, the TOE does not have the capability to download, modify, replace or update its own binary code. The software installation package is in either the standard Windows Installer (.MSI) format or .EXE format. During the build process, SailPoint digitally signs the .MSI or .EXE file using their private key and their certificate signed by DigiCert. During the installation process, the platform will validate the certificate using the public key from DigiCert that is already loaded on the platform and verifies the digital signature on the .MSI or .EXE file using the public key in the certificate. The installation process will only occur if the signature validation is successful. The software version of the TOE is always displayed after the administrator authenticates to the TOE via the fat client. The TOE automatically checks its software version against the latest available software version provided by SailPoint. If a newer software version is available, the TOE will send an email to the configured email address of an administrator. Software update packages are in the Windows Universal Application package (.APPX) format. During the build process, SailPoint digitally signs a software update package using their private key and their certificate signed by DigiCert. Once a software update package is on the system where the TOE is installed, any administrator account with permission to the ‘Start Installation’ button via the fat client can initiate the update process. The administrator would identify the location of the software update package and select it for import through the fat client. The fat client will request the platform to validate the certificate using the public key from DigiCert that is already loaded on the platform and verifies the digital signature on the software update package using the public key in the certificate. If signature validation is successful, the administrator can click the ‘Start Installation’ button to initiate the update. If the validation of the digital signature fails, an error will be generated and the ‘Start Installation’ button will not be displayed. The TOE’s uninstallation process results in the deletion of all traces of the application, with the exception of configuration settings, output files, and audit/log events. The administrator will execute the uninstall through the TOE’s installers which will stop and remove all services and will then begin removing files related to the application. The administrator will then use the platform’s uninstall application program to complete the TOE’s uninstall. 8.5.5.1 Timely Security Updates: SailPoint has defined a Product Vulnerability Management Policy for their operations which applies to all of their product lines, including the entire FAM product. The contents of this section are the publicly releasable description of SailPoint’s Product Vulnerability Management Policy. SailPoint continuously performs security assessments of FAM for vulnerabilities by performing internal Security Target SailPoint FAM 8.3 SP5 47 | P a g e testing as well as contracting third-party security verification organizations. Customers can report security issues by opening a support case through SailPoint’s support website: https://support.sailpoint.com/. The support website is protected with HTTPS and requires customers to enter their email address and password associated with their SailPoint customer account. When a potential vulnerability is discovered or reported, SailPoint will confirm internally that a vulnerability is present in FAM. SailPoint will then develop a mitigation to address the vulnerability which can either be a configuration change to FAM or the development of a software update package. The mitigation will be relayed to customers by providing a security notification on the SailPoint support site along with information regarding the mitigation. SailPoint’s support team also provide their customers a public key for support team emails which can contain updates regarding security notifications. This allows SailPoint to send signed and encrypted emails to customers which have signed up for email updates. Mitigations which require configuration changes to FAM will have the steps defined within the security notification. Mitigations which require software updates will result in a software update package being created and released per the process described in Section 8.5.5. SailPoint utilizes the Common Vulnerability Scoring System (CVSS) v3 scoring system to weight the severity of confirmed vulnerabilities. SailPoint is committed to having mitigations available for Critical and High vulnerabilities within 30 days. Medium vulnerabilities will have mitigations available within 90 days. Items that score as Low and Informational have no set commitment period but are often placed into consideration by SailPoint’s Product Management team for prioritization in a future release. 8.6 Trusted Path/Channel 8.6.1 FTP_DIT_EXT.1: The TOE invokes the platform’s .NET Core to encrypt the communications between the TOE and one or more remote Activity Monitors. The TOE calls the .NET System.ServiceModel API for this interface. All communication over this interface is protected by TLS, whereas the TOE platform acts as a TLS server with no mutual authentication.