The Common Criteria for Information Technology Security Evaluation (CC), and the companion Common Methodology for Information Technology Security Evaluation (CEM) are the technical basis for an international agreement, the Common Criteria Recognition Arrangement (CCRA), which ensures that:
- Products can be evaluated by competent and independent licensed laboratories to determine the fulfillment of particular security properties to a certain extent or assurance
- Supporting documents are used within the Common Criteria certification process to define how the criteria and evaluation methods are applied when certifying specific technologies
- The certification of the security properties of an evaluated product can be issued by several Certificate Authorizing Schemes, with this certification based on the result of their evaluation
- These certificates are recognized by all the signatories of the CCRA
The CC is the driving force for the widest available mutual recognition of secure IT products.
Data Protector CC Certificate Obtained
Why CC is important for Micro Focus Data Protector
The Common Criteria Certification allows Data Protector to become one of very few certified backup software products. In fact, it guarantees one of the highest levels of certification looked for by governments, military agencies, financial services, and insurance companies.
- The certification confirms that the standards of development and testing meet stringent processes to ensure maximum security measures are built into the product.
Centralized Command Execution: The New Security Model
New capabilities help you increase the level of security in the customer environment by preventing commands or scripts from being sent inappropriately or received from an insecure environment.
No command, script, or instruction can be sent to an INET process or run on a DP client from a DP client other than the Cell Manager (CM). Only CM can send commands, instructions, or scripts, and this will only occur on a secured and encrypted channel (TLS 1.2). INET process only runs on the clients and accepts connections from CM via TLS 1.2.
This means that commands and data can only be sent via a secured channel, thus guaranteeing data integrity. DP clients listen to and only accept instructions and scripts from a reliable and valid CM. This significantly reduces the risk of rogue clients causing security breaches in the DP network/cell.
Data Protector 2020.05 is the solution for any customer who needs to adopt a certified software product with a high-security standard.
Benefits for Data Protector and for the Customer
Enable CC Mode on Data Protector 2020.05 (10.70)
You can now set/unset the DP Cell into a "common criteria mode" to completely update all internal security mechanisms to CC compliance.
omnidbutil -enable_common_criteria_mode
omnidbutil -disable_common_criteria_mode
By turning on "cc_mode" internal passwords and critical information move into a secure/encrypted vault on your data store. This option changes the way security keys (Key Management Service) and certificates are managed. It is an internal logic that is not generally visible on the GUI or CLI and therefore is transparent to the normal Backup/Restore, or DP activity.
For more information, refer to these Micro Focus documents:
- Common Criteria Guidance
https://docs.microfocus.com/itom/Data_Protector:2020.11/CommonCriteriaGuidance
- Common Criteria Configuration
https://docs.microfocus.com/itom/Data_Protector:2020.11/CommonCriteriaConfiguration
Data loss can materially damage an organization’s reputation and its ability to do business. Data Protector delivers secure, compliant backups of all company data from a single management point. Fast restoration ensures operations quickly return to normal, minimizing revenue loss and maintaining reputation.
For more information on data backup and resiliency, visit our site.
The Micro Focus IM&G team
Know your data | empower your people | drive your future Join our community | @microfocusimg | www.microfocus.com