X hits on this document

PDF document

National Information Assurance Partnership - page 8 / 16

38 views

0 shares

0 downloads

0 comments

8 / 16

VALIDATION REPORT Primavera® P6™ Enterprise Project Portfolio Management (Version 6.2.1)

users to be identified before they can gain access to its capabilities. In the evaluated configuration, authentication of claimed identities is performed by an LDAP server in the IT environment.

3.3

Security Management

Primavera provides administrative users with the ability to manage access controls on projects, resources, and methodologies, and the security attributes associated with users. Administrative capabilities are granted by the privileges allocated to a user via a global profile associated with the user.

4

Assumptions

The following assumptions are identified in the ST:

Table 2 Assumptions

Assumption Identifier

Assumption Description

A.LOCATE

The TOE will be located within controlled access facilities and connected to networks that are protected from external tampering by a network firewall, which will prevent unauthorized physical access and mitigate unauthorized network access.

A.ADMIN

The TOE will be installed, configured, managed and maintained in accordance with its guidance documentation.

4.1

Clarification of Scope

The Target of Evaluation (TOE) is Primavera® P6™ Enterprise Project Portfolio Management (Version 6.2.1), henceforth referred to as Primavera.

The TOE is dependent on the correct operation of the components in the operational environment, which are not included within the scope of the evaluation. It should also be noted that the access control policies implemented by the TOE are enforced only on access attempts made through the TOE’s interfaces. The TOE does not and cannot control attempts to access data directly (e.g., via the underlying database or operating system).

5

Architectural Information

Primavera is intended to be used to plan and control projects. Project data is stored in a central project management database that is located in the IT environment. The TOE provides the following specific capabilities.

Project managementallows users to plan and control projects. Project management capabilities include centralized resource management, including resource timesheet approval and the ability to communicate with project resources via web-based timesheet interfaces

4

Document info
Document views38
Page views38
Page last viewedWed Dec 07 13:06:08 UTC 2016
Pages16
Paragraphs325
Words4531

Comments