Chapter 1. Introduction

This document provides guidance to administrators and application developers who wish to use Red Hat JBoss Enterprise Application Platform 7 in a certified, Common Criteria compliant, secure configuration.

This document is intended to be self-contained in addressing the most important issues at a high level, and refers to existing documentation where more details are needed. Knowledge of the Common Criteria is not required for readers of this document.

JBoss EAP 7 is the subject of this document as the Target of Evaluation (TOE) for Common Criteria certification. JBoss EAP 7 has been evaluated under Common Criteria version 3.1 at level of assurance EAL4. This provides assurance that this product has been structurally tested.

This chapter contains a brief introduction to the Common Criteria certification and the structure of this book.

Requirements for the Evaluated Configuration contains the requirements for deploying the certified product.

Downloading and Verifying the Packages contains the steps that are required to ensure you are using the certified version of JBoss EAP 7.

Start and Stop JBoss EAP 7 provides instructions on how to start and stop the server, and the different modes of operation.

Development Guide for the Common Criteria Certified System contains guidelines for developers creating applications for JBoss EAP 7.

Overview of the Security Functions contains the details of the security implementation and usage limitations of JBoss EAP 7.

Should there be any discrepancy between information contained in this guide and any other product documentation, this guide takes precedence; it addresses the requirements for the evaluated configuration of JBoss EAP 7.

All instances of EAP_HOME in this guide refer to the JBoss EAP root installation directory. For example, if you used the ZIP installation package and extracted the JBoss EAP binary to your Linux /home/USER directory, EAP_HOME refers to the /home/USER/jboss-eap-[version]/ directory.

See About the Use of EAP_HOME in this Document topic in the Installation Guide for more information on this.

The Common Criteria for Information Technology Security Evaluation, usually known as Common Criteria or CC, is an internationally-recognized standard (ISO/IEC 15408) used as the basis for independent evaluation of the security properties of an IT product.

Common Criteria provides consumers with an impartial security assurance of a product to predefined levels. These levels range from EAL1 to EAL7, each placing increased demands on the developer for evidence of testing, in turn providing increased assurance within the product for consumers.

Under the Common Criteria Recognition Arrangement (CCRA), members agree to recognize Common Criteria certificates that have been produced by any certificate authorizing participant, in accordance with the terms laid out in the CCRA. Currently, the CCRA is comprised of more than 20 member nations: Australia, Austria, Canada, the Czech Republic, Finland, France, Germany, Greece, Hungary, India, Israel, Italy, Japan, the Netherlands, New Zealand, Norway, the Republic of Singapore, Spain, the United Kingdom, and the United States amongst others. New members are expected to join in the near future.

A system can be considered to be CC compliant if it matches an evaluated and certified configuration. This implies various requirements concerning hardware and software, as well as requirements concerning the operating environment, users, and the ongoing operating procedures.

You can find further information on Common Criteria at the Common Criteria Portal.

When installing, configuring, and operating JBoss EAP 7 in a Common Criteria evaluated configuration, you must only refer to the product documentation authorized for use with this Common Criteria certification.

The product documentation bundle is available in two certified formats from the Red Hat Customer Portal:

All references to JBoss EAP documentation in this guide refer to the guides contained in the certified formats.