Validated Product - Computer Associates eTrust Audit r8

PRODUCT DESCRIPTION

eTrust Audit allows audit data to be selectively collected from a diverse set of systems, applications, devices and appliances that may be indicative of misuse of IT resources.  In addition, eTrust Audit allows the user to create and manage a centralized policy regarding the retention of audit information performing, intrusion analysis of information that may be representative of vulnerabilities in and misuse of IT resources, and reporting of conclusions.

The eTrust Audit data collector (sensor) is able to collect data about auditable events as they occur on an IT system. Events may include authentication events; data access events; configuration access events; service requests; network traffic; data introduction; and, start-up and shutdown of audit functions. Collected events can be filtered and forwarded to an Administrator for data reduction and analysis.

The eTrust Audit data analyzer is able to receive data from identified data collectors and process the specified data to make intrusion/vulnerability determinations. Responses to identified intrusions/
vulnerabilities may include report generation, visual signals/alarms, email alerts, execution of an action program, or sending an alert to another client.

The product relies upon the IT environment to protect TSF data as well as identify and authenticate users and maintain user roles.

The evaluated configuration includes the eTrust Audit Policy Manager and Audit Data Tools installed on MS Windows 2000 platforms with an MS Windows 2000 client from which audit data is collected.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Computer Associates eTrust Audit was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 2.2. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2. CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies an assurance level of EAL2.

A validator, on behalf of the CCEVS Validation Body, monitored the evaluation.  The evaluation was completed in October 2005. 

Test Configuration for Evaluation

ENVIRONMENTAL STRENGTHS

The TOE provides the following security services:

• Security Audit – Collection
  eTrust Audit provides the ability to collect events indicative of inappropriate activity that may have resulted from misuse, access, or malicious activity of IT System assets of an IT System.
• Security Audit – Rules
  eTrust Audit is able to apply a set of rules in monitoring the audited events and based upon these rules indicate a potential violation of the TSP.  eTrust Audit will monitor audited events from an accumulation or combination of audit events based on specified criteria (a filter) that eTrust Audit uses to determine which events are subject to the action described in the rule known to indicate a potential security violation.  Depending on the rules that have been configured, eTrust Audit will take action to execute a program, send an email notification, send an event to another Client, send the event to the Security Monitor, or send the event to the Collector database upon detection of a potential security violation.
• Security Audit – Reporting
  eTrust Audit provides a set of data tools including the Viewer, the Reporting and the Security Monitor.  The Viewer allows the user to view, filter, and print all collected audit records. eTrust Audit also provides the ability to perform searches, sorting, and ordering of the audit data, based on various criteria.
• Security Management
  eTrust Audit provides a set of functions that allow effective management of its functions and data.