FlashArray//X running Purity//FA 5.3 Security Target 18-4177-R-0012 Version: 3.2 January 7, 2021 Prepared For: Pure Storage, Inc. 650 Castro Street, Suite #260 Mountain View, CA 94041 Prepared By: Michael C. Baron UL Verification Services Inc. FlashArray//X running Purity//FA 5.3 Security Target Notices: ©2021 Pure Storage, Inc. All rights reserved. All other brand names are trademarks, registered trademarks, or service marks of their respective companies or organizations It is prohibited to copy, reproduce or retransmit the information contained within this documentation without the express written permission of Pure Storage, Inc., 650 Castro Street, Suite #260, Mountain View, CA 94041. Page 2 of 71 FlashArray//X running Purity//FA 5.3 Security Target Table of Contents 1. Security Target (ST) Introduction ........................................................................................ 7 1.1 Security Target Reference ........................................................................................... 7 1.2 Target of Evaluation Reference.................................................................................... 7 1.3 Target of Evaluation Overview ..................................................................................... 8 1.3.1 TOE Product Type ................................................................................................ 8 1.3.2 TOE Usage ........................................................................................................... 8 1.3.3 TOE Major Security Features Summary ................................................................ 8 1.3.4 TOE IT environment hardware/software/firmware requirements............................ 9 1.3.4.1 Network/Software Requirements ....................................................................... 9 1.3.4.2 Hardware Requirements...................................................................................10 1.4 Target of Evaluation Description .................................................................................10 1.4.1 Target of Evaluation Physical Boundaries ............................................................10 1.4.2 Target of Evaluation Description ..........................................................................12 1.5 Notation, formatting, and conventions .........................................................................15 2. Conformance Claims .........................................................................................................17 2.1 Common Criteria Conformance Claims .......................................................................17 2.2 Conformance to Protection Profiles .............................................................................17 2.3 Conformance to Security Packages ............................................................................18 2.4 Conformance Claims Rationale...................................................................................18 3. Security Problem Definition ................................................................................................19 3.1 Threats .......................................................................................................................19 3.2 Organizational Security Policies ..................................................................................20 3.3 Assumptions ...............................................................................................................20 4. Security Objectives ............................................................................................................22 4.1 Security Objectives for the Operational Environment ..................................................22 5. Extended Components Definition .......................................................................................23 5.1 Extended Security Functional Requirements Definitions .............................................23 5.2 Extended Security Assurance Requirement Definitions ..............................................23 6. Security Requirements .......................................................................................................24 6.1 Security Function Requirements .................................................................................24 6.1.1 Security Audit (FAU) ............................................................................................25 6.1.2 Cryptographic Support (FCS) ...............................................................................29 6.1.3 Identification and Authentication (FIA) ..................................................................34 6.1.4 Security Management (FMT) ................................................................................36 6.1.5 Protection of the TSF (FPT) .................................................................................37 Page 3 of 71 FlashArray//X running Purity//FA 5.3 Security Target 6.1.6 TOE Access (FTA) ...............................................................................................38 6.1.7 Trusted path/channels (FTP) ................................................................................39 6.2 Security Assurance Requirements ..............................................................................40 6.2.1 Extended Security Assurance Requirements .......................................................40 6.2.1.1 ASE: Security Target ........................................................................................40 7. TOE Summary Specification ..............................................................................................46 7.1 Security Audit ..............................................................................................................46 7.1.1 Audit Data Generation .........................................................................................46 7.1.2 Audit Storage .......................................................................................................47 7.2 Cryptographic Support ................................................................................................48 7.2.1 Cryptographic Key Generation and Destruction ...................................................50 7.2.2 Cryptographic Operations ....................................................................................53 7.2.3 HTTPS Protocol ...................................................................................................53 7.2.4 Random Bit Generation .......................................................................................54 7.2.5 SSH Server Protocol ............................................................................................54 7.2.6 TLS Client Protocol ..............................................................................................56 7.2.7 TLS Server Protocol .............................................................................................57 7.3 Identification and Authentication .................................................................................59 7.3.1 Authentication Failure Management .....................................................................59 7.3.2 Password Management .......................................................................................60 7.3.3 User Identification and Authentication ..................................................................60 7.3.4 Password-based Authentication Mechanism ........................................................61 7.3.5 Protected Authentication Feedback .....................................................................61 7.3.6 X.509 Certificate Validation ..................................................................................61 7.3.7 X.509 Certificate Authentication ...........................................................................62 7.3.8 X.509 Certificate Requests ..................................................................................62 7.4 Security Management .................................................................................................63 7.4.1 Management of Security Functions Behaviour .....................................................63 7.4.2 Management of TSF Data ....................................................................................63 7.4.3 Specification of Management Functions ...............................................................64 7.4.4 Restrictions on Security Roles .............................................................................65 7.5 Protection of the TSF ..................................................................................................65 7.5.1 Protection of Administrator Passwords.................................................................65 7.5.2 TSF Testing .........................................................................................................65 7.5.3 Trusted Update ....................................................................................................65 7.5.4 Protection of TSF Data ........................................................................................66 Page 4 of 71 FlashArray//X running Purity//FA 5.3 Security Target 7.5.5 Reliable Time Stamps ..........................................................................................66 7.6 TOE Access ................................................................................................................67 7.6.1 Session Termination