X hits on this document

PDF document

National Information Assurance Partnership - page 7 / 16

39 views

0 shares

0 downloads

0 comments

7 / 16

VALIDATION REPORT Primavera® P6™ Enterprise Project Portfolio Management (Version 6.2.1)

Evaluation Personnel:

Science Applications International Corporation: Anthony J. Apted Katie Sykes

Validation Body:

National Information Assurance Partnership CCEVS

Validation Personnel:

Jandria Alexander, The Aerospace Corporation Scott Shorter, Orion Security Solutions, Inc.

1.2 Interpretations Not applicable.

1.3 Threats The ST identifies the following threats that the TOE is intended to counter.

  • T.

    MASQUERADE

  • T.

    TSF COMPROMISE

_

T.UNAUTH ACCESS

_

An unauthorized user, process, or external IT entity may masquerade as an authorized user to gain access to the TOE.

A malicious user or process may cause configuration data to be inappropriately accessed (viewed, modified or deleted).

An authorized user may gain unauthorized access (view, modify, delete) to user data through the TOE.

2

Identification

The evaluated product is Primavera® (Version 6.2.1).

P6™ Enterprise Project Portfolio Management

3

Security Policy

The TOE enforces the following security policies as described in the ST.

Note: Much of the description of the Primavera security policy has been extracted and reworked from the Primavera® P6™ Enterprise Project Portfolio Management (Version 6.2.1) ST and Final ETR.

3.1

User Data Protection

Primavera implements three separate access control policiesone controls access to projects, another controls access to resources, and the third controls access to methodology objects. Access control decisions are made differently for each type of object.

3.2

Identification and Authentication

Primavera defines users in terms of security attributes comprising user identity and global profile, which contain authorizations corresponding to functions a role may perform. Primavera requires

3

Document info
Document views39
Page views39
Page last viewedWed Dec 07 20:29:39 UTC 2016
Pages16
Paragraphs325
Words4531

Comments