Security Target: Novell Identity Manager 4.0.2 Security Target Novell Identity Manager 4.0.2 Document Version 1.3 March 8, 2013 Document Version 1.3 © NetIQ Page 1 of 36 Security Target: Novell Identity Manager 4.0.2 Prepared For: Prepared By: NetIQ, Inc.1 Apex Assurance Group, LLC 1233 West Loop South 530 Lytton Avenue, Ste. 200 Suite 810 Palo Alto, CA 94301 Houston, TX 77027 www.netiQ.com www.apexassurance.com Abstract This document provides the basis for an evaluation of a specific Target of Evaluation (TOE), Identity Manager 4.0.2. This Security Target (ST) defines a set of assumptions about the aspects of the environment, a list of threats that the product intends to counter, a set of security objectives, a set of security reQuirements and the IT security functions provided by the TOE which meet the set of reQuirements. 1 Due to the acQuisition of Novell by the Attachmate Group, the Novell name on this product has been changed to NetIQ. Document Version 1.3 © NetIQ Page 2 of 36 Security Target: Novell Identity Manager 4.0.2 Table of Contents 1 Introduction .................................................................................................................................................. 6 1.1 ST Reference ................................................................................................................................................... 6 1.2 TOE Reference ................................................................................................................................................. 6 1.3 Document Organization .................................................................................................................................. 6 1.4 Document Conventions ................................................................................................................................... 7 1.5 Document Terminology ................................................................................................................................... 7 1.6 TOE Overview .................................................................................................................................................. 8 1.7 TOE Description ............................................................................................................................................. 10 1.7.1 Virtual Machines ................................................................................................................................... 12 1.7.2 Hardware and Software Supplied by the IT Environment ..................................................................... 14 1.7.3 Logical Boundary ................................................................................................................................... 15 1.7.4 TOE Security Functional Policies ............................................................................................................ 15 1.7.5 TOE Vendor Documentation ................................................................................................................. 16 2 Conformance Claims .................................................................................................................................... 17 2.1 CC Conformance Claim .................................................................................................................................. 17 2.2 PP Claim ........................................................................................................................................................ 17 2.3 Package Claim ............................................................................................................................................... 17 2.4 Conformance Rationale ................................................................................................................................ 17 3 Security Problem Definition ......................................................................................................................... 18 3.1 Threats .......................................................................................................................................................... 18 3.2 Organizational Security Policies .................................................................................................................... 18 3.3 Assumptions .................................................................................................................................................. 19 4 Security Objectives ...................................................................................................................................... 20 4.1 Security Objectives for tHe TOE ..................................................................................................................... 20 4.2 Security Objectives for tHe Operational Environment ................................................................................... 20 4.3 Security Objectives Rationale ........................................................................................................................ 20 5 Extended Components Definition ................................................................................................................ 23 6 Security Requirements ................................................................................................................................. 24 6.1 Security Functional Requirements ................................................................................................................ 24 6.1.1 Security Audit (FAU) .............................................................................................................................. 24 6.1.2 Information Flow Control (FDP) ............................................................................................................ 25 6.1.3 Identification and Authentication (FIA) ................................................................................................. 26 6.1.4 Protection of the TSF (FPT) .................................................................................................................... 27 6.2 Security Assurance Requirements ................................................................................................................. 28 6.3 Security Requirements Rationale .................................................................................................................. 28 6.3.1 Security Functional Requirements ........................................................................................................ 28 6.3.2 Dependency Rationale .......................................................................................................................... 28 6.3.3 Sufficiency of Security Requirements .................................................................................................... 29 6.3.4 Security Assurance Requirements ......................................................................................................... 31 6.3.5 Security Assurance Requirements Rationale ......................................................................................... 31 6.3.6 Security Assurance Requirements Evidence ......................................................................................... 31 Document Version 1.3 © NetIQ Page 3 of 36 Security Target: Novell Identity Manager 4.0.2 7 TOE Summary Specification ......................................................................................................................... 34 7.1 TOE Security Functions .................................................................................................................................. 34 7.2 Security Audit ................................................................................................................................................ 34 7.3 Identification and AutHentication ................................................................................................................. 34 7.4 User Data Protection .................................................................................................................................... 35 7.5 Security Management ................................................................................................................................... 36 Document Version 1.3 © NetIQ Page 4 of 36 Security Target: Novell Identity Manager 4.0.2 List of Tables Table 1 – ST Organization and Section Descriptions ..................................................................................................... 6 Table 2 – Acronyms Used in Security Target ................................................................................................................. 7 Table 3 - Virtual Machine Environment ReQuirements ............................................................................................... 13 Table 4 - IT Environment Component ReQuirements ................................................................................................. 15 Table 5 – Logical Boundary Descriptions .................................................................................................................... 15 Table 6 – Threats Addressed by the TOE .................................................................................................................... 18 Table 7 – Organizational Security Policies .................................................................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages36 Page
-
File Size-