Security Target for Mercury Systems ASURRE-StorTM Solid State Self- Encrypting Drives Document ID: 16-3660-R-0027 Version: 1.0 2017-08-21 Prepared For: Mercury Systems, Inc. 3601 E University Dr Phoenix, AZ 85034 Prepared By: Gerrit Kruitbosch, Brad Mitchell UL Verification Services Inc. Security Target for Mercury Systems ASURRE-StorTM Solid State Self-Encrypting Drives Notices: ©2017 Mercury Systems, Inc. All rights reserved. All other brand names are trademarks, registered trademarks, or service marks of their respective companies or organizations It is prohibited to copy, reproduce or retransmit the information contained within this documentation without the express written permission of Mercury Systems, Inc., 3601 E University Dr., Phoenix, AZ 85034. Page 2 of 58 Security Target for Mercury Systems ASURRE-StorTM Solid State Self-Encrypting Drives Table of Contents 1. Security Target (ST) Introduction .......................................................................................................... 6 1.1 Security Target Reference ............................................................................................................. 6 1.2 Target of Evaluation Reference .................................................................................................... 6 1.3 Target of Evaluation Overview ...................................................................................................... 7 1.3.1 TOE Product Type .................................................................................................................. 7 1.3.2 TOE Usage ............................................................................................................................. 7 1.3.3 TOE Major Security Features ................................................................................................ 7 1.3.4 TOE IT environment hardware/software/firmware requirements ....................................... 7 1.4 Target of Evaluation Description .................................................................................................. 7 1.4.1 Target of Evaluation Physical Boundaries ............................................................................. 7 1.4.3 Target of Evaluation Description........................................................................................... 8 1.5 Notation, Formatting, and Conventions ....................................................................................... 9 2. Conformance Claims ........................................................................................................................... 11 2.1 Common Criteria Conformance Claims....................................................................................... 11 2.2 Conformance to Protection Profiles ........................................................................................... 11 2.3 Conformance to Security Packages ............................................................................................. 11 2.4 Conformance Claims Rationale ................................................................................................... 11 3. Security Problem Definition ................................................................................................................ 13 3.1 Threats ........................................................................................................................................ 13 3.2 Organizational Security Policies .................................................................................................. 13 3.3 Assumptions ................................................................................................................................ 14 4. Security Objectives .............................................................................................................................. 16 4.1 Security Objectives for the Operational Environment ................................................................ 16 5. Extended Components Definition ....................................................................................................... 17 5.1 Extended Security Functional Requirements Definitions ........................................................... 17 5.2 Extended Security Assurance Requirements Definitions ............................................................ 17 6. Security Requirements ........................................................................................................................ 18 6.1 Security Functional Requirements .............................................................................................. 18 6.1.1 Class FCS: Cryptographic Support ....................................................................................... 18 6.1.2 Class FDP: User Data Protection ......................................................................................... 36 6.1.3 Class FMT: Security Management ....................................................................................... 38 6.1.4 Class FPT: Protection of the TSF .......................................................................................... 39 6.2 Security Assurance Requirements .............................................................................................. 42 6.2.1 Extended Security Assurance Requirements ...................................................................... 42 Page 3 of 58 Security Target for Mercury Systems ASURRE-StorTM Solid State Self-Encrypting Drives 7. TOE Summary Specification ................................................................................................................ 49 7.1 Cryptographic Support ................................................................................................................ 49 7.1.1 FCS_AFA_EXT.1Key Generation and Derivation ................................................................. 49 7.1.2 Cryptographic Key and Key Material Destruction ............................................................... 51 7.1.3 Cryptographic Operations ................................................................................................... 51 7.2 User Data Protection ................................................................................................................... 51 7.2.1 Protection of Data on Disk .................................................................................................. 51 7.3 Security Management ................................................................................................................. 52 7.3.1 Specification of Management Functions ............................................................................ 52 7.4 Protection of the TSF .................................................................................................................. 53 7.4.1 Protection of Key and Key Material .................................................................................... 53 7.4.2 Trusted Update ................................................................................................................... 53 7.4.3 TSF Testing .......................................................................................................................... 53 8. Terms and Definitions ......................................................................................................................... 55 9. References .......................................................................................................................................... 58 Page 4 of 58 Security Target for Mercury Systems ASURRE-StorTM Solid State Self-Encrypting Drives Table 1: FIPS Approved Cryptographic Algorithms ....................................................................................... 8 Table 2: Threats .......................................................................................................................................... 13 Table 3: Assumptions .................................................................................................................................. 14 Table 4: Security Objectives for the Operational Environment .................................................................. 16 Table 5: Security Functional Requirements ................................................................................................ 18 Table 6: Assurance Requirements .............................................................................................................. 42 Table 7: Conformance Claims ..................................................................................................................... 43 Table 8: Cryptographic Operations ............................................................................................................. 51 Table 9: Self-tests ........................................................................................................................................ 54 Table 10: Conditional self-tests................................................................................................................... 54 Table 11: cPP Glossary ................................................................................................................................ 55 Table 12: CC Abbreviations and Acronyms ................................................................................................. 56 Table 13: TOE Guidance Documentation ...................................................................................................