DOCSLIB.ORG

Sandisk Cruzer Enterprise FIPS Edition Security Target

Sandisk Cruzer Enterprise FIPS Edition Security Target

SanDisk Cruzer Enterprise FIPS edition Security Target EAL2 Augmented with ALC_FLR.1 Version 1.1 September 24, 2009 SanDisk Cruzer Enterprise FIPS edition Security Target Document History Version Date Author Description 1.0 03-Aug-09 Jussipekka Leiwo Final version. 1.1 24-Sep-09 Ken Hendrie Minor grammatical changes September 24, 2009 Page 2 of 53 SanDisk Cruzer Enterprise FIPS edition Security Target Table of Contents 1 Document Introduction................................................................................................................6 1.1 Document conventions ..........................................................................................................6 1.2 Terminology ...........................................................................................................................6 1.3 References.............................................................................................................................8 1.4 Document organization..........................................................................................................8 2 ST Introduction.............................................................................................................................9 2.1 ST Reference.........................................................................................................................9 2.2 TOE Reference......................................................................................................................9 2.3 TOE Overview .......................................................................................................................9 2.3.1 Usage and major security features of the TOE .................................................................9 2.3.2 TOE Type ........................................................................................................................11 2.3.3 Hardware, software and firmware required by the TOE..................................................12 2.4 TOE Description ..................................................................................................................12 2.4.1 Physical scope of the TOE ..............................................................................................12 2.4.2 Logical scope of the TOE ................................................................................................13 3 Conformance Claims .................................................................................................................15 4 Security Problem Definition ......................................................................................................15 4.1 Threats.................................................................................................................................16 4.2 Organizational security policies ...........................................................................................18 4.3 Assumptions ........................................................................................................................18 5 Security Objectives ....................................................................................................................19 5.1 Security objectives for the TOE ...........................................................................................19 5.2 Security objectives for the environment...............................................................................19 5.2.1 Security objectives for the IT environment ......................................................................19 5.2.2 Security objectives for the non-IT environment...............................................................20 6 Extended components definition..............................................................................................20 7 IT Security Requirements ..........................................................................................................20 7.1 Overview..............................................................................................................................20 7.2 TOE Security Functional Requirements ..............................................................................20 7.2.1 Cryptographic support .....................................................................................................23 7.2.2 User data protection ........................................................................................................25 7.2.3 Identification and authentication......................................................................................30 7.2.4 Security Management .....................................................................................................31 7.2.5 Protection of the TSF ......................................................................................................34 7.2.6 Trusted Paths/Channels..................................................................................................36 7.3 TOE Security Assurance Requirements..............................................................................37 8 TOE Summary Specification .....................................................................................................38 8.1 Overview..............................................................................................................................38 8.2 Security Functions ...............................................................................................................39 8.2.1 User Data Protection .......................................................................................................39 8.2.2 Protection of the TOE......................................................................................................40 8.2.3 Management and access by external devices ................................................................41 8.2.4 Security management .....................................................................................................41 8.2.5 Firmware upgrading ........................................................................................................41 9 Rationale .....................................................................................................................................42 9.1 Conformance claim rationale...............................................................................................42 9.2 Security objectives rationale................................................................................................42 9.2.1 Security objectives for the TOE.......................................................................................42 September 24, 2009 Page 3 of 53 SanDisk Cruzer Enterprise FIPS edition Security Target 9.2.2 Security objectives for the environment ..........................................................................46 9.3 Security requirements rationale...........................................................................................48 9.3.1 SFR dependency rationale..............................................................................................48 9.3.2 Tracing of SFR to security objectives..............................................................................51 9.3.3 SAR justification ..............................................................................................................53 September 24, 2009 Page 4 of 53 SanDisk Cruzer Enterprise FIPS edition Security Target List of Tables Table 1 – Terminology ............................................................................................................................6 Table 2 – ST identification information....................................................................................................9 Table 3 – TOE identification information.................................................................................................9 Table 4 – TOE Security features and characteristics ...........................................................................10 Table 5 – Assets protected by the TOE ................................................................................................15 Table 6 – Subjects relevant to the TOE ................................................................................................15 Table 7 – Threat statements .................................................................................................................16 Table 8 – Organizational Security Policies ...........................................................................................18 Table 9 – Security objectives for the TOE ............................................................................................19 Table 10 – Security objectives for the IT environment..........................................................................19 Table 11 – Summary of TOE Security Functional Requirements.........................................................20 Table 12 – Summary of TOE security assurance requirements...........................................................38 Table 13 – Mapping of TOE security objectives to threats ...................................................................42 Table 14 – Mapping of security objectives for the environment to threats and OSPs..........................46 Table 15 – TOE SFR dependency demonstration................................................................................48 Table 16 – Mapping

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    53 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us