Common Criteria evaluated configuration

The McAfee device needs to be installed, configured, and operated in a specific way to be in compliance with the Common Criteria evaluated configuration. Consider these requirements when you are setting up your system.

Type Requirements
Physical and virtual machine The McAfee device must be:
  • Protected from unauthorized physical modification.
  • Located in controlled access facilities, which prevent unauthorized physical access.
Intended usage The McAfee device must:
  • To be able to perform its functions, have access to all network traffic.
  • Be managed to allow for address changes in the network traffic that the Target of Evaluation (TOE) monitors.
  • Be scaled to the network traffic that it monitors.
Personnel
  • There must be one or more competent individuals assigned to manage the McAfee device and the security of the information it contains. Onsite assistance with installation and configuration and onsite training for the operation of the device is provided by McAfee engineers for each McAfee customer.
  • The authorized administrators are not careless, willfully negligent, or hostile, and follow and abide by the instructions provided by the McAfee device documentation.
  • Only authorized users can access the McAfee device.
  • Those responsible for the McAfee device must ensure that all access credentials are protected by users in a manner that is consistent with IT security.
Other
  • Do not apply software updates to the McAfee device because it results in a configuration other than the Common Criteria-evaluated configuration. Contact Technical Support to obtain a certified update.
  • Enabling the Login Security feature with a RADIUS server results in secure communication. The IT environment provides for secure transmission of data between the TOE and external entities and external sources. A RADIUS server provides external authentication services.
  • Using the Smart Dashboard functionality of the Check Point firewall console is not part of the TOE.
  • Using Snort Barnyard is not part of the TOE.
  • Using the MEF Client is not part of the TOE.
  • Using the Remedy Ticket System is not part of the TOE.