Maintenance Addendum Netezza Performance Server (NPS) V4.0 (January 2008)
Maintenance Report
Issued by:
Communications Security Establishment
Certification Body
Canadian Common Criteria Evaluation and Certification Scheme
© 2008 Government of Canada, Communications Security Establishment
| Document number | 383-7-25-MR |
|---|---|
| Version | 1.0 |
| Date | January 22, 2008 |
1 Introduction
On 07 January 2008, Electronic Warfare Associates-Canada (EWA-Canada) submitted an Impact Analysis Report to the CCS Certification Body on behalf of Netezza Corporation, the developer of the Netezza Performance Server (NPS) V4.0 (hereafter referred to as the NPS V4.0). The Impact Analysis Report is intended to satisfy requirements outlined in version 1.0 of the Common Criteria document CCIMB-2004-02-009: Assurance Continuity: CCRA Requirements. In accordance with those requirements, the Impact Analysis Report (IAR) describes the changes made to NPS V4.0 (the maintained Target of Evaluation), the evidence updated as a result of the changes and the security impact of the changes.
2 Description of changes to the TOE
The following characterizes the changes implemented in the NPS V4.0. For each change, it was verified that there were no required changes to the security functional requirements in the ST, and thorough functional and regression testing was conducted by the developer to ensure that the assurance in the Target of Evaluation (TOE) was maintained. The changes in NPS V4.0 comprise software changes that:
- restore the expected functionality of the TOE (bug fixes); and
- add performance enhancements to the TOE.
3 Description of Changes to the IT Environment
There were no changes to the underlying IT environment.
4 Affected developer evidence
Modifications to the product necessitated changes to a subset of the developer evidence that was previously submitted for the TOE. The set of affected developer evidence was identified in the IAR.
Modifications to the security target were made to reflect the new product version.
5 Conclusions
All changes to the TOE were minor feature changes and isolated bug fixes to the product. Through functional and regression testing of the NPS V4.0, assurance gained in the original TOE certification was maintained. As all of the changes to the TOE have been classified as minor, it is the conclusion of the CB that the maintained TOE is appropriate for assurance continuity and re-evaluation is not required.
6 References
- Assurance Continuity: CCRA Requirements, CCIMB-2004-02-009, version 1.0, February 2004
- Technical Oversight for Assurance Continuity of a Certified TOE, version 1.2, October 2005
- Certification report for the EAL3+ evaluation of the Netezza Performance Server V3.0