CSEC Homepage > About IT Security > IT Security Program, Products and Services > Common Criteria > Citadel Hercules® Automated Vulnerability Remediation (AVR) Version 2.2.0

Citadel Hercules® Automated Vulnerability Remediation (AVR) Version 2.2.0

Citadel Security Software Inc.
8750 N. Central Expressway
Suite 100
Dallas Texas 75231
United States
Telephone: 214-520-9292
Fax: 214-520-9293

The Citadel Hercules® Automated Vulnerability Remediation (AVR) solution Version 2.2.0 was the subject of a Common Criteria evaluation performed by the Common Criteria Evaluation Facility at EWA-Canada, located in Ottawa, Ontario, Canada. The evaluation was completed in March 2004.

The evaluation of the Hercules® AVR solution determined that this Information Technology (IT) product can be trusted, to an assurance level of EAL 3, to conform to the requirements of the associated security target.

The Hercules® AVR product is designed to facilitate the automatic vulnerability remediation (AVR) of devices on a network. The product imports vulnerability information from a number of third party, commercial vulnerability scanner products and consolidates this information into a single view of the vulnerabilities of each device in the network. The product provides a sequence of automatically executable remediation steps known as 'remedies' that will correct each recognized vulnerability. Users of the product may download new signatures from the 'V-flash' server operated by Citadel Security Software. The Hercules® AVR product provides enterprise administrators with the ability to manage a large-scale vulnerability remediation process in a manner that is both systematic and comprehensive.

The evaluated configuration comprises:

• The Hercules® AVR Administrator Console executing on an Intel® Pentium based PC running Windows® 2000 Server with all service packs, Windows® 2000 Advanced Server with all service packs, Windows® XP Professional with all service packs, Windows® 2003 Standard Edition or Windows® 2003 Enterprise Edition as the operating system.
• One or more Hercules® AVR Server(s) executing on an Intel® Pentium based PC running Windows® 2000 Server with Service Pack 4, Windows® 2000 Advanced Server with Service Pack 4, Windows® 2003 Standard Edition or Windows® 2003 Enterprise Edition as the operating system.
• One or more network devices with Hercules® AVR Client Version 2.2.0 installed on a supported Windows® operating system. The supported versions of the Windows® operating system are Windows® NT 4.0 Workstation with service pack 6, Windows® NT 4.0 Standard Server with service pack 6, Windows® NT 4.0 Terminal Server with service pack 6, Windows® 2000 Professional with any service pack, Windows® 2000 Server with any service pack, Windows® 2000 Advanced Server with any service pack, Windows® XP Professional with any SP, Windows® Server 2003 Standard Edition and Windows® Server 2003 Enterprise Edition.
• One or more network devices with Hercules® AVR Client Version 2.2.0 installed on a supported version of the UNIX operating system. The supported versions of the UNIX operating system are Solaris (SPARC) 2.6, 7, 8, 9 and Red Hat (Intel) 6.0, 6.1, 6.2, 7.0, 7.1, 7.2, 7.3, 8, 9.

The scope of this evaluation is defined by the security target, which identifies assumptions made during the evaluation, the intended environment for the Hercules® AVR solution, the IT security requirements to be met, and the level of confidence (evaluation assurance level) to which it is asserted that the Hercules® AVR solution satisfies its IT security requirements. Consumers are advised to verify that their operating environment is consistent with the security target, and to give due consideration to the recommendations stated in the certification report.

Security Target: * Accessibility Notice * Official Languages Notice

Certification Report: HTML | PDF

Certificate of Evaluation: HTML | PDF