Security

NIAP Common Criteria Certification

twham
New Member

I see that Splunk v4.1.7 is EAL2+ certified by NIAP. Does that mean that only that version is certified or that every version after v4.1.7 carries the NIAP EAL2+ certification?

0 Karma
1 Solution

lukejadamec
Super Champion

The NIAP CC certification is for a specific version and configuration (security target) for a certain level of protection (protection profile). Deviations from the version or configuration render the EAL N/A, but it does make it easier to recertify.

View solution in original post

0 Karma

tchimento_splun
Splunk Employee
Splunk Employee

I am happy to say that the Splunk Enterprise 6.4.5 evaluation has been posted on NIAP’s Product Compliant List (PCL).

The posting can be found at the following URL:
https://www.niap-ccevs.org/Product/Compliant.cfm?pid=10807

twham
New Member

Are there any plans to certify Splunk v6.0.3 or do I have to use v4.1.7 to meet customer EAL requirements? Is Splunk v4.1.7 a supported version?

0 Karma

lukejadamec
Super Champion

The NIAP CC certification is for a specific version and configuration (security target) for a certain level of protection (protection profile). Deviations from the version or configuration render the EAL N/A, but it does make it easier to recertify.

0 Karma

twham
New Member

Excellent...thanks!

0 Karma

lukejadamec
Super Champion

I did a quick scan of the certification documentation, and it does specify that the system owner will perform due diligence in applying patches to the TOE (Splunk) and the operating environment. If you had a good lawyer, you could argue that this would include upgrading the version if the upgrades included security vulnerability fixes. You should read the certification documentation to verify that the latest version can be configured accordingly, and present those findings to the customer.

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...