Security Target

Security Target

Micro Focus Data Protector Premium Edition, 2020.05 (A.10.70) Security Target Version 1.0 6 May 2020 Prepared for: Micro Focus LLC 4555 Great America Parkway Santa Clara, CA 95054 Prepared by: Accredited Testing and Evaluation Labs 6841 Benjamin Franklin Drive Columbia, MD 21046 TABLE OF CONTENTS 1. INTRODUCTION ............................................................................................................................................... 1 1.1 SECURITY TARGET, TOE AND CC IDENTIFICATION ........................................................................................ 1 1.2 CONFORMANCE CLAIMS ................................................................................................................................. 1 1.3 CONVENTIONS ................................................................................................................................................ 2 1.4 GLOSSARY ...................................................................................................................................................... 3 1.5 ABBREVIATIONS AND ACRONYMS .................................................................................................................. 3 2. TOE DESCRIPTION .......................................................................................................................................... 5 2.1 TOE OVERVIEW ............................................................................................................................................. 5 2.2 TOE ARCHITECTURE ...................................................................................................................................... 5 2.2.1 Physical Boundaries .............................................................................................................................. 7 2.2.2 Logical Boundaries ................................................................................................................................ 7 2.3 UNEVALUATED AND EXCLUDED FUNCTIONALITY .......................................................................................... 8 2.4 TOE DOCUMENTATION .................................................................................................................................. 9 3. SECURITY PROBLEM DEFINITION .......................................................................................................... 10 3.1 THREATS ...................................................................................................................................................... 10 3.2 ASSUMPTIONS .............................................................................................................................................. 10 4. SECURITY OBJECTIVES .............................................................................................................................. 11 4.1 SECURITY OBJECTIVES FOR THE TOE ........................................................................................................... 11 4.2 SECURITY OBJECTIVES FOR THE ENVIRONMENT ........................................................................................... 11 5. IT SECURITY REQUIREMENTS .................................................................................................................. 12 5.1 EXTENDED REQUIREMENTS .......................................................................................................................... 12 5.2 TOE SECURITY FUNCTIONAL REQUIREMENTS ............................................................................................. 13 5.2.1 Cryptographic Support (FCS).............................................................................................................. 14 5.2.2 User Data Protection (FDP) ............................................................................................................... 17 5.2.3 Identification and Authentication (FIA) ............................................................................................... 17 5.2.4 Security Management (FMT) ............................................................................................................... 18 5.2.5 Privacy (FPR) ...................................................................................................................................... 18 5.2.6 Protection of the TSF (FPT) ................................................................................................................ 18 5.2.7 Trusted Path/Channels (FTP) .............................................................................................................. 19 5.3 TOE SECURITY ASSURANCE REQUIREMENTS ............................................................................................... 20 6. TOE SUMMARY SPECIFICATION .............................................................................................................. 21 6.1 TIMELY SECURITY UPDATES ........................................................................................................................ 21 6.2 CRYPTOGRAPHIC SUPPORT ........................................................................................................................... 21 6.2.1 Random Bit Generation ....................................................................................................................... 21 6.2.2 Cryptographic Key Management ......................................................................................................... 22 6.2.3 Cryptographic Operations ................................................................................................................... 22 6.2.4 Cryptographic Protocols ..................................................................................................................... 23 6.2.5 Credential Storage ............................................................................................................................... 24 6.3 USER DATA PROTECTION ............................................................................................................................. 24 6.4 IDENTIFICATION AND AUTHENTICATION ...................................................................................................... 25 6.4.1 Certificate Authentication .................................................................................................................... 25 6.4.2 Certificate Validation .......................................................................................................................... 25 6.5 SECURITY MANAGEMENT ............................................................................................................................. 26 6.5.1 Secure by Default Configuration ......................................................................................................... 26 6.5.2 Supported Configuration Mechanism .................................................................................................. 27 6.5.3 Specification of Management Functions .............................................................................................. 27 6.6 PRIVACY ....................................................................................................................................................... 27 Page i of ii 6.7 PROTECTION OF THE TSF ............................................................................................................................. 27 6.7.1 Anti-Exploitation Capabilities ............................................................................................................. 27 6.7.2 Supported APIs and Third-Party Libraries ......................................................................................... 28 6.7.3 Software Identification and Versioning ............................................................................................... 28 6.7.4 Trusted Update .................................................................................................................................... 28 6.8 TRUSTED PATH/CHANNELS .......................................................................................................................... 28 7. PROTECTION PROFILE CLAIMS ............................................................................................................... 29 8. RATIONALE ..................................................................................................................................................... 30 8.1 TOE SUMMARY SPECIFICATION RATIONALE ................................................................................................ 30 LIST OF TABLES Table 1 TOE Security Functional Components ...................................................................................................... 14 Table 2 Assurance Components ............................................................................................................................... 20 Table 3 Cryptographic Functions ............................................................................................................................ 23 Table 4 Security Functions vs. Requirements Mapping ......................................................................................... 31 Page ii of ii 1. Introduction This section introduces the Target of Evaluation (TOE) and describes its general functionality, and provides the Security Target (ST) and TOE identification, ST and TOE conformance claims,

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    50 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us