Certified Product: Pivotal tc Server Standard Edition v2.8.2 RELEASE

Pivotal, Inc.
Platform Security
875 Howard St., 5th Floor
San Francisco, CA 94103

Pivotal tc Server Standard Edition v2.8.2 RELEASE (hereafter referred to as Pivotal tc Server) from Pivotal, Inc., was the subject of a Common Criteria evaluation performed by CGI IT Security Evaluation & Test Facility, located in Ottawa, Canada. The evaluation was completed in June 2013.

The evaluation of Pivotal tc Server determined that this Information Technology (IT) product can be trusted, to Evaluation Assurance Level (EAL) 2 augmented with ALC_FLR.2, to conform to the requirements of the associated security target.

Pivotal tc Server  is a web application based on open-source Apache Tomcat. The TOE provides Hypertext Transfer Protocol (HTTP), Apache JServ Protocol (AJP), and Java Management Extensions (JMX) interfaces through which users may connect. Authentication to the HTTP and AJP interfaces require a username and password combination that may be entered in either a form or a browser-based method. Access to JMX interface is restricted to those users on the same local area network as the TOE itself.

The scope of this evaluation is defined by the security target, which identifies assumptions made during the evaluation, the intended environment for the tc Server, the IT security requirements to be met, and the level of confidence (evaluation assurance level) to which it is asserted that the Pivotal tc Server satisfies its IT security requirements.

Consumers are advised to carefully review the certification report to gain an understanding of the security functionality, the evaluated configuration, and the intended operating environment for Pivotal tc Server.