Evaluated Product - Details

Return to the EPL index

Sanctuary Device Control

Product type: Network and Network Related Devices and Systems
Product Status: Archived
Assurance Level: EAL2

Version: 3.2

Product Details

Product Description

Certification Country: UNITED STATES (2007)
Certificate Details: CCEVS-VR-06-0057, March 2007
Certification Method: CC
Crypt Evaluation: No, see consumer guide
Manufacturer/Vendor/Distributor: Lumension Security

Lumension Security

Level 20, Tower II, Darling Pack 201 Sussex Street
Sydney NSW 2000 Australia
Website: http://www.lumension.com/


David Fenton
Phone: +61 (0)438 415 493
Fax: +61 2 9006 1010
Email: david.fenton@lumension.com


Consumer Guide
Certification Report
Security Target

The Target of Evaluation (TOE), Sanctuary Device Control version 3.2, is a three-tiered client/server application that provides the capability to centrally control the I/O devices users are able to access on their client computers. The TOE controls authorization of I/O devices by maintaining a database of access permissions and associating the permissions with users or user groups. When a user logs on to a client that is protected by the TOE, the TOE client driver contacts the server and downloads the list of permissions for the user. Whenever the user attempts to access an I/O device on the client, the TOE client driver intercepts the operating system. If the TOE determines the user is authorized to access the I/O device, the TOE grants access; otherwise, access to the I/O device is blocked. 

The three tiers of a Sanctuary Device Control (SDC) deployment comprise:

  • An SQL database - the database management system (Microsoft SQL Server 7.0 or higher, or MSDE version 1.0 or 2000) and underlying operating system (Windows 2000 Server or Professional, Windows XP Professional, or Windows Server 2003) are in the TOE environment
  • One or more servers - the Sanctuary Application Server (SXS) runs as a service on the underlying operating system: Windows 2000 (SP4 or later) Server, or Windows Server 2003
  • A client kernel driver that is installed on each of the client computers to be protected. Client kernel drivers are available for the following operating systems: Windows 2000 (SP3 or later) Server or Professional; Windows XP Professional; or Windows Server 2003.

An administrative toolkit, comprising a GUI-based application (the Sanctuary Device Console) and various command-line tools, also operates in the client tier, and is supported on Windows 2000 (SP3 or later) Server or Professional, Windows XP Professional, or Windows Server 2003.