Security Target Novell Identity Manager 4.0.2

Security Target Novell Identity Manager 4.0.2

Security Target: Novell Identity Manager 4.0.2 Security Target Novell Identity Manager 4.0.2 Document Version 1.3 March 8, 2013 Document Version 1.3 © NetIQ Page 1 of 36 Security Target: Novell Identity Manager 4.0.2 Prepared For: Prepared By: NetIQ, Inc.1 Apex Assurance Group, LLC 1233 West Loop South 530 Lytton Avenue, Ste. 200 Suite 810 Palo Alto, CA 94301 Houston, TX 77027 www.netiQ.com www.apexassurance.com Abstract This document provides the basis for an evaluation of a specific Target of Evaluation (TOE), Identity Manager 4.0.2. This Security Target (ST) defines a set of assumptions about the aspects of the environment, a list of threats that the product intends to counter, a set of security objectives, a set of security reQuirements and the IT security functions provided by the TOE which meet the set of reQuirements. 1 Due to the acQuisition of Novell by the Attachmate Group, the Novell name on this product has been changed to NetIQ. Document Version 1.3 © NetIQ Page 2 of 36 Security Target: Novell Identity Manager 4.0.2 Table of Contents 1 Introduction .................................................................................................................................................. 6 1.1 ST Reference ................................................................................................................................................... 6 1.2 TOE Reference ................................................................................................................................................. 6 1.3 Document Organization .................................................................................................................................. 6 1.4 Document Conventions ................................................................................................................................... 7 1.5 Document Terminology ................................................................................................................................... 7 1.6 TOE Overview .................................................................................................................................................. 8 1.7 TOE Description ............................................................................................................................................. 10 1.7.1 Virtual Machines ................................................................................................................................... 12 1.7.2 Hardware and Software Supplied by the IT Environment ..................................................................... 14 1.7.3 Logical Boundary ................................................................................................................................... 15 1.7.4 TOE Security Functional Policies ............................................................................................................ 15 1.7.5 TOE Vendor Documentation ................................................................................................................. 16 2 Conformance Claims .................................................................................................................................... 17 2.1 CC Conformance Claim .................................................................................................................................. 17 2.2 PP Claim ........................................................................................................................................................ 17 2.3 Package Claim ............................................................................................................................................... 17 2.4 Conformance Rationale ................................................................................................................................ 17 3 Security Problem Definition ......................................................................................................................... 18 3.1 Threats .......................................................................................................................................................... 18 3.2 Organizational Security Policies .................................................................................................................... 18 3.3 Assumptions .................................................................................................................................................. 19 4 Security Objectives ...................................................................................................................................... 20 4.1 Security Objectives for tHe TOE ..................................................................................................................... 20 4.2 Security Objectives for tHe Operational Environment ................................................................................... 20 4.3 Security Objectives Rationale ........................................................................................................................ 20 5 Extended Components Definition ................................................................................................................ 23 6 Security Requirements ................................................................................................................................. 24 6.1 Security Functional Requirements ................................................................................................................ 24 6.1.1 Security Audit (FAU) .............................................................................................................................. 24 6.1.2 Information Flow Control (FDP) ............................................................................................................ 25 6.1.3 Identification and Authentication (FIA) ................................................................................................. 26 6.1.4 Protection of the TSF (FPT) .................................................................................................................... 27 6.2 Security Assurance Requirements ................................................................................................................. 28 6.3 Security Requirements Rationale .................................................................................................................. 28 6.3.1 Security Functional Requirements ........................................................................................................ 28 6.3.2 Dependency Rationale .......................................................................................................................... 28 6.3.3 Sufficiency of Security Requirements .................................................................................................... 29 6.3.4 Security Assurance Requirements ......................................................................................................... 31 6.3.5 Security Assurance Requirements Rationale ......................................................................................... 31 6.3.6 Security Assurance Requirements Evidence ......................................................................................... 31 Document Version 1.3 © NetIQ Page 3 of 36 Security Target: Novell Identity Manager 4.0.2 7 TOE Summary Specification ......................................................................................................................... 34 7.1 TOE Security Functions .................................................................................................................................. 34 7.2 Security Audit ................................................................................................................................................ 34 7.3 Identification and AutHentication ................................................................................................................. 34 7.4 User Data Protection .................................................................................................................................... 35 7.5 Security Management ................................................................................................................................... 36 Document Version 1.3 © NetIQ Page 4 of 36 Security Target: Novell Identity Manager 4.0.2 List of Tables Table 1 – ST Organization and Section Descriptions ..................................................................................................... 6 Table 2 – Acronyms Used in Security Target ................................................................................................................. 7 Table 3 - Virtual Machine Environment ReQuirements ............................................................................................... 13 Table 4 - IT Environment Component ReQuirements ................................................................................................. 15 Table 5 – Logical Boundary Descriptions .................................................................................................................... 15 Table 6 – Threats Addressed by the TOE .................................................................................................................... 18 Table 7 – Organizational Security Policies .................................................................................................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    36 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us