* Accessibility Notice * Official Languages NoticeCitadel Security Software Inc.
Two Lincoln Centre, 5420 LBJ Freeway, Suite 1600
Dallas, TX
USA 75240
Telephone: 214-520-9292
Fax: 214-520-9293
The Citadel Hercules® Enterprise Vulnerability Management (EVM) Version 4.1 was the subject of a Common Criteria evaluation performed by the Common Criteria Evaluation Facility at EWA-Canada, located in Ottawa, Ontario, Canada. The evaluation was completed 17 October 2006.
The evaluation of the Hercules® EVM solution determined that this Information Technology (IT) product can be trusted, at an assurance level of EAL 3, to conform to the requirements of the associated security target.
The Hercules® EVM is designed to facilitate the automatic vulnerability remediation of devices on large-scale enterprise level Windows®, Mac OS X®, and Unix (AIX®/HP-UX®/SolarisTM/Linux®) based networks. The product imports vulnerability information from a number of third party commercial vulnerability scanner products and consolidates this information into a single view of the vulnerabilities of each device on the network. The product provides a sequence of automatically executable remediation steps to correct each recognized vulnerability. Users of the product may download new signatures from the V-Flash server operated by Citadel Security Software. The Hercules® EVM provides an interface which allows users to view the listed vulnerabilities of devices on the network. Logical groupings of devices may be defined. An automatic remediation schedule may be defined for a group. In addition, a specific list of vulnerabilities to be remediated, known as a remediation profile may be defined for the group. The Hercules® EVM is a network security administration tool that is intended to be used in conjunction with network vulnerability assessments.
The scope of this evaluation is defined by the security target, which identifies assumptions made during the evaluation, the intended environment for the Hercules® EVM solution, the IT security requirements to be met, and the level of confidence (evaluation assurance level) to which it is asserted that the Hercules® EVM solution satisfies its IT security requirements. Consumers are advised to verify that their operating environment is consistent with the security target, and to give due consideration to the recommendations stated in the certification report.
Security Target: * Accessibility Notice * Official Languages Notice