MQAssureTM/AppShield v1.2_CR6 integrated with MQAssureTM/IAM v1.0_CR6

 
PROJECT ID
C005
ASSURANCE LEVEL
EAL4
Security Target (ST)
 
Certification Report (CR)
 
PRODUCT NAME AND VERSION
MQAssureTM/AppShield v1.2_CR6 integrated with MQAssureTM/IAM v1.0_CR6
PRODUCT TYPE
Access Control Software for Web Applications
PRODUCT SPONSOR / DEVELOPER

MagnaQuest Solutions Sdn. Bhd

PRODUCT SPONSOR / DEVELOPER CONTACT DETAILS

Ramdas Nemani

A-2-07 & A-2-09
SME Technopreneur Centre1,
2270 Jalan Usahawan 2,
63000 Cyberjaya, Selangor DE,
MALAYSIA

URL: http://www.magnaquest.com
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: +60 (3) 8318 2964
Fax: +60 (3) 8319 2534

The Target of Evaluation (TOE) is a software product, which comprises of MQAssure™/AppShield v1.2_CR6 integrated with MQAssure™/IAM v1.0_CR6. The MQAssureTM/AppShield v1.2_CR6 (hereafter referred as Appshield) combined with MQAssureTM/IAM v1.0_CR6 (hereafter referred as IAM) is an access control software for web applications. The TOE controls access to web filtering applications by enforcing authentication and authorisation using multifactor authentication schemes. It is also capable of session control, and request validation based on its core engine policy and rules.

IAM or Identity and Access Management is the core engine of the TOE. It is a centralised identity and access management platform that provides the back bone for the AppShield security functionality. In the overall infrastructure, AppShield acts as a policy enforcement agent for the web applications.

The security features within the scope of the evaluation for IAM includes:

  • Multifactor User Authentication which includes MyKad-Biometric, iKey-PIN or password.
  • TOE Administration which provides a web based GUI console for the administrator to configure and manage the TOE.
  • Security Audit which generates audit records for relevant authentication events and access events to various objects.

The security features within the scope of the evaluation for AppShield includes:

  • Access Control which enforces access control policy decision made by the IAM.
  • HTTP request validation which protects the web applications from common input tampering attacks.