SCAN S3 Security Manager Console Release 14556 (v2.0) integrated with Scan S3 Agent (v2.0.1.6.2)

 
PROJECT ID
C050
ASSURANCE LEVEL
EAL2
Security Target (ST)
 
Certification Report (CR)
 
PRODUCT NAME AND VERSION
SCAN S3 Security Manager Console Release 14556 (v2.0) integrated with Scan S3 Agent (v2.0.1.6.2)
PRODUCT TYPE
Web-Based Application Access Control Management, which enable users to access their internal network resources securely through PKI implementation via soft-certificates, roaming certificates and smart cards.
PRODUCT SPONSOR / DEVELOPER

Scan Associates Berhad

PRODUCT SPONSOR / DEVELOPER CONTACT DETAILS

Mohd Rizal Othman

Scan Associates Berhad,
Level 8, Menara Naluri,
161-B, Jalan Ampang,
50450 Kuala Lumpur
Malaysia

URL: http://www.scan-associates.net/
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: +603 2166 0020
Fax: +603 2166 1020

SCAN S3 SMC-AGENT is a Web-Based Application Access Control Management, which enable users to access their internal network resources securely through PKI implementation via soft-certificates, roaming certificates and smart cards. SCAN S3 SMC-AGENT is the combination of SCAN S3 SMC(Security Management Console), in which, the SCAN S3 SMC is define as the administration console for the operations SCAN S3 SMC-AGENT in the aspects of managing users and the access controls, thus, as for the SCAN S3 AGENT is the front-end interface for all users registered in the SCAN S3 SMC system, uses the interface as a secure platform in communicating with the protected resources govern by the security protection of SCAN S3 SMC-AGENT.With the new integration of software desktop that enable users to access the internal network resources, by inputting soft-certificate, roaming certificates orsmart cards through that application.

The SCAN S3 SMCAGENTenables the organization to manage the overall security through a single framework that enables the defining and assignment or implementation of the following security functions in one system:

  • Security Audit; The TOE will generate audit records for selected security events in several log files and categories.
  • Authentication and Identification; TOE Administrator/smust login to SCAN S3 to identify themselves to the application together with the prompted (one of up to three) authentication means in order for them to gain access to the protected websites, using SCAN S3 AGENT software desktop.
  • Cryptography; TOE has built-in feature of cryptography that bound to the operations of SCAN S3 AGENT at Users and Administrators workstation.
  • Security Management; TOE Administrator/s has access to all TOE features, that applicable to be managed through web application portal hosted byTOE.
  • User Data Protection; User/s data and credentials including TOE Administrator/s information is protected by ensuring that specific TOE Administrator/s that is assigned with roles and privileges can only access a specific web pages/portals and hence the data associated with the web pages/portal.
  • Protection of the TSF; The security audit functions will generate audit records of events along with date and time of event. To ensure a reliable date and time, TOE enforce the time stamps to be taken from a reliable source from the environment.