MarkLogic Server 11.0 Product Documentation

Common Criteria Evaluated Configuration Guide — Chapter 2

Overview of the TOE

The target of evaluation (TOE) is the configuration of MarkLogic Server that is certified by the Common Criteria evaluation process as the proper setup of the environment in which an evaluated configuration of MarkLogic Server can run. All of the requirements for setup set forth in this guide must be met for a configuration to be considered an evaluated configuration. This section briefly describes the TOE and includes the following parts:

• Common Criteria Evaluation Process
• Security Features of MarkLogic Server

Not Allowed in the TOE

The MarkLogic Server TOE was tested in a secure configuration that specifically excludes certain product capabilities and functionality that might make the system more vulnerable to attack. The following features of the TOE should not be enabled or used in an evaluated configuration to ensure a secure configuration. Note that all system administration tasks must be performed by an Authorized Administrator, as described in Authorized Administrator, according to the guidance described in this guide and in the rest of the MarkLogic Server documentation. Excluded functionality is as follows:

• WebDAV Servers are not part of the TOE; do not create any WebDAV servers in an evaluated configuration. The rationale for excluding WebDAV servers is not any inherent problem with MarkLogic Server, but rather with the clients that access a WebDAV Server. WebDAV servers require access by WebDAV clients, and WebDAV clients are not nearly as mature as web browsers and often do not have very secure implementations. The warning not to create a WebDAV Server in an evaluated configuration is specifically to ensure there is no possibility of WebDAV client access to the TOE. While these clients are not provided as part of the TOE, they are freely available, and therefore the Administrator must take action to ensure there is no possibility of WebDAV client use with the TOE.
• Basic authentication and application-level authentication are not part of the TOE; all App Servers (HTTP Servers, XDBC Servers, and ODBC Servers) in an evaluated configuration must use digest authentication. Digest authentication (what the TOE requires) is the default. For details on configuring HTTP, XDBC, or ODBC Server authentication, see the Administrator's Guide.
• UDFs (user-defined functions) are not part of the TOE. MarkLogic includes an interface to create UDFs to perform custom aggregate tasks, written in C++, but that interface is not allowed in the TOE.

Admin Interface, Admin API, and Security API Must Run With HTTPS

Any administration activities on the MarkLogic Server TOE must be performed on an App Server that is configured to use Transport Layer Security (TLS), which allows communication over HTTPS. For information about configuring the Admin Interface to use TLS (HTTPS), see Configure the Admin App Server to Use HTTPS.

Additionally, if you are using the Admin API, Security API, PKI API, or the Admin Built-in functions to perform TOE Security Functions, the HTTP or XDBC servers on which the Admin API, Security API, PKI API, or Admin Built-In API code runs must be configured to use HTTPS. For details on configuring App Servers, see the Administrator's Guide.

TOE Version

The evaluated configuration of MarkLogic Server must run on the following version:

9.0, Essential Enterprise 9

Additionally, the TOE must be installed on the platform supported in the evaluated configuration, as specified in MarkLogic Server TOE Platform.

Any software updates, patches, fixes, or changes from this configuration will render the TOE out of is evaluated configuration.

TOE Assumptions

The following assumptions (from section 3.1 of the Security Target) are made about the TOE:

• A.NO_EVIL
• A.OS_TIME
• A.TRUSTED_OS
• A.NO_GENERAL_PURPOSE
• A.PHYSICAL
• A.AUTH
• A.CLIENT