Maintenance Report: McAfee Firewall Enterprise v8.3.1 and McAfee Firewall Enterprise Control Center v5.3.1 Patch 01

Canadian Common Criteria Scheme (CCCS)

Maintenance Report

McAfee Firewall Enterprise v8.3.1 and McAfee Firewall Enterprise Control Center v5.3.1 Patch 01

 Issued by:

Communications Security Establishment Canada
Certification Body
Canadian Common Criteria Evaluation and Certification Scheme

© Government of Canada, Communications Security Establishment Canada, 2013

Document number 383-7-90-MR
Version 1.0
Date 28 June 2013

1 Introduction

McAfee has submitted, via Primasec, the Impact Analysis Report (IAR) for McAfee Firewall Enterprise v8.3.1 and McAfee Firewall Enterprise Control Center v5.3.1 Patch 01 (hereafter referred to as McAfee Firewall Enterprise), satisfying the requirements outlined in Assurance Continuity: CCRA Requirements, v2.0, November 2011. In accordance with those requirements, the IAR describes the changes implemented in McAfee Firewall Enterprise (the maintained Target of Evaluation), the evidence updated as a result of the changes and the security impact of the changes.

2 Description of changes in the Maintained Target of Evaluation

The following characterizes the changes implemented in McAfee Firewall Enterprise. For each change, it was verified that there were no required changes to the security functional requirements in the ST, and thorough functional and regression testing was conducted by the developer to ensure that the assurance in the Target of Evaluation (TOE) was maintained. The changes to McAfee Firewall Enterprise comprise bug fixes resulting from defects detected and resolved through the QA/test process and feature enhancements.

3 Description of Changes to the IT Environment

Changes to the underlying IT environment, in this case the addition of new hardware platforms, are permissible under assurance continuity provided that they do not change the certified TOE. McAfee subjected the TOE to complete regression testing on the following new hardware platform:

  • CloudShield CS-400

4 Affected developer evidence

Modifications to the product necessitated changes to a subset of the developer evidence that was previously submitted for the TOE. The set of affected developer evidence was identified in the IAR.

Modifications to the security target were made to reflect the new product versions and the addition of new hardware platforms. 

5 Conclusions

All changes to the maintained TOE were bug fixes, feature enhancements and the addition of a new hardware platform. Through functional and regression testing of McAfee Firewall Enterprise, assurance gained in the original TOE certification was maintained. As all of the changes to the maintained TOE have been classified as minor, it is the conclusion of the CB that the maintained TOE is appropriate for assurance continuity and re-evaluation is not required.

6 References

  • Assurance Continuity: CCRA Requirements, v2.0, November 2011.
  • CCS Guide #6, Technical Oversight for Assurance Continuity of a Certified TOE, v1.6, May 2011.
  • Certification Report EAL 4+ Evaluation of McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0, v1.0, 27 January 2012.