Micro Focus Data Protector Premium Edition, 2020.05 (A.10.70) Security Target Version 1.0 6 May 2020 Prepared for: Micro Focus LLC 4555 Great America Parkway Santa Clara, CA 95054 Prepared by: Accredited Testing and Evaluation Labs 6841 Benjamin Franklin Drive Columbia, MD 21046 TABLE OF CONTENTS 1. INTRODUCTION ............................................................................................................................................... 1 1.1 SECURITY TARGET, TOE AND CC IDENTIFICATION ........................................................................................ 1 1.2 CONFORMANCE CLAIMS ................................................................................................................................. 1 1.3 CONVENTIONS ................................................................................................................................................ 2 1.4 GLOSSARY ...................................................................................................................................................... 3 1.5 ABBREVIATIONS AND ACRONYMS .................................................................................................................. 3 2. TOE DESCRIPTION .......................................................................................................................................... 5 2.1 TOE OVERVIEW ............................................................................................................................................. 5 2.2 TOE ARCHITECTURE ...................................................................................................................................... 5 2.2.1 Physical Boundaries .............................................................................................................................. 7 2.2.2 Logical Boundaries ................................................................................................................................ 7 2.3 UNEVALUATED AND EXCLUDED FUNCTIONALITY .......................................................................................... 8 2.4 TOE DOCUMENTATION .................................................................................................................................. 9 3. SECURITY PROBLEM DEFINITION .......................................................................................................... 10 3.1 THREATS ...................................................................................................................................................... 10 3.2 ASSUMPTIONS .............................................................................................................................................. 10 4. SECURITY OBJECTIVES .............................................................................................................................. 11 4.1 SECURITY OBJECTIVES FOR THE TOE ........................................................................................................... 11 4.2 SECURITY OBJECTIVES FOR THE ENVIRONMENT ........................................................................................... 11 5. IT SECURITY REQUIREMENTS .................................................................................................................. 12 5.1 EXTENDED REQUIREMENTS .......................................................................................................................... 12 5.2 TOE SECURITY FUNCTIONAL REQUIREMENTS ............................................................................................. 13 5.2.1 Cryptographic Support (FCS).............................................................................................................. 14 5.2.2 User Data Protection (FDP) ............................................................................................................... 17 5.2.3 Identification and Authentication (FIA) ............................................................................................... 17 5.2.4 Security Management (FMT) ............................................................................................................... 18 5.2.5 Privacy (FPR) ...................................................................................................................................... 18 5.2.6 Protection of the TSF (FPT) ................................................................................................................ 18 5.2.7 Trusted Path/Channels (FTP) .............................................................................................................. 19 5.3 TOE SECURITY ASSURANCE REQUIREMENTS ............................................................................................... 20 6. TOE SUMMARY SPECIFICATION .............................................................................................................. 21 6.1 TIMELY SECURITY UPDATES ........................................................................................................................ 21 6.2 CRYPTOGRAPHIC SUPPORT ........................................................................................................................... 21 6.2.1 Random Bit Generation ....................................................................................................................... 21 6.2.2 Cryptographic Key Management ......................................................................................................... 22 6.2.3 Cryptographic Operations ................................................................................................................... 22 6.2.4 Cryptographic Protocols ..................................................................................................................... 23 6.2.5 Credential Storage ............................................................................................................................... 24 6.3 USER DATA PROTECTION ............................................................................................................................. 24 6.4 IDENTIFICATION AND AUTHENTICATION ...................................................................................................... 25 6.4.1 Certificate Authentication .................................................................................................................... 25 6.4.2 Certificate Validation .......................................................................................................................... 25 6.5 SECURITY MANAGEMENT ............................................................................................................................. 26 6.5.1 Secure by Default Configuration ......................................................................................................... 26 6.5.2 Supported Configuration Mechanism .................................................................................................. 27 6.5.3 Specification of Management Functions .............................................................................................. 27 6.6 PRIVACY ....................................................................................................................................................... 27 Page i of ii 6.7 PROTECTION OF THE TSF ............................................................................................................................. 27 6.7.1 Anti-Exploitation Capabilities ............................................................................................................. 27 6.7.2 Supported APIs and Third-Party Libraries ......................................................................................... 28 6.7.3 Software Identification and Versioning ............................................................................................... 28 6.7.4 Trusted Update .................................................................................................................................... 28 6.8 TRUSTED PATH/CHANNELS .......................................................................................................................... 28 7. PROTECTION PROFILE CLAIMS ............................................................................................................... 29 8. RATIONALE ..................................................................................................................................................... 30 8.1 TOE SUMMARY SPECIFICATION RATIONALE ................................................................................................ 30 LIST OF TABLES Table 1 TOE Security Functional Components ...................................................................................................... 14 Table 2 Assurance Components ............................................................................................................................... 20 Table 3 Cryptographic Functions ............................................................................................................................ 23 Table 4 Security Functions vs. Requirements Mapping ......................................................................................... 31 Page ii of ii 1. Introduction This section introduces the Target of Evaluation (TOE) and describes its general functionality, and provides the Security Target (ST) and TOE identification, ST and TOE conformance claims,
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages50 Page
-
File Size-