STAT Guardian^TMVulnerability Management Suite (VMS): STAT Scanner 6.4.0 STAT Patch and Remediation 6.4.0 STAT Report Center 6.4.0 STAT Command Center 6.4.0

Lumension Security
15880 N. Greenway-Hayden Loop, Suite 100
Scottsdale, AZ 85260
Telephone: 480-970-1025
Fax: 480.970.6323
www.lumension.com

STAT Guardian^TM Vulnerability Management Suite (VMS): STAT® Scanner 6.4.0, STAT® Patch and Remediation 6.4.0, STAT® Report Center 6.4.0, STAT® Command Center 6.4.0 was the subject of a Common Criteria evaluation performed by the Common Criteria Evaluation Facility at EWA-Canada, located in Ottawa, Ontario, Canada. The evaluation was completed on 12 May 2006.

The evaluation of STAT Guardian^TM VMS determined that this Information Technology (IT) product can be trusted, to an assurance level of EAL 2 augmented, to conform to the requirements of the associated security target. The augmentations consisted of the following: ACM_CAP.4 (Generation support and acceptance procedures), ACM_SCP.1 (Configuration management coverage), ALC_DVS.1 (Identification of security measures), ALC_FLR.3 (Systematic flaw remediation), ALC_LCD.1 (Developer defined life-cycle model), and AVA_MSU.1 (Examination of guidance).

STAT Guardian^TM VMS is a suite of network management tools that provides IT professionals with the capability to perform network vulnerability assessments, apply latest vendor patches, and generate enterprise reports from a single user interface. The STAT Guardian^TM VMS consists of the following individually licensed products: STAT® Scanner, STAT® Patch and Remediation, STAT® Report Center and STAT® Command Center. STAT Guardian^TM VMS supports the following range of target operating systems: Microsoft® Windows® NT/2000/XP/2003, Sun^TM Solaris^TM. RedHat® Linux®, Fedora^TM Linux, Mandriva Linux^TM, SuSE Linux®, HP-UX®, Apple® Mac OS X®, BSD-Unix variants, network devices and printers (i.e., Cisco IOS^TM, Cisco CATOS^TM, Cisco VPN^TM, Cisco PIX^TM, Juniper JUNOS^TM, Foundry® switches and routers and HP® printers). Vulnerability cross-referencing is supported for the following advisory lists: US-CERT, CVE, CIAC, SANS Top 20, NIST, and US Department of Defense, US Army, Navy, and Air Force IAVM.

The scope of this evaluation is defined by the security target, which identifies assumptions made during the evaluation, the intended environment for the STAT Guardian^TM VMS, the IT security requirements to be met, and the level of confidence (evaluation assurance level) to which it is asserted that the STAT Guardian^TM VMS satisfies its IT security requirements. Consumers are advised to verify that their operating environment is consistent with the security target, and to give due consideration to the recommendations stated in the certification report.

Security Target: * Accessibility Notice * Official Languages Notice

Certification Report: HTML | PDF

Certificate of Evaluation: HTML | PDF

Primary navigation (left column)