openNAC Enterprise Security Target v1.7 Opencloud Factory 2019-05-06 Created by Table of contents 1 ST Introduction ............................................................................................................................... 5 1.1 ST Reference .......................................................................................................................... 5 1.2 TOE Reference ........................................................................................................................ 5 1.3 TOE Overview ......................................................................................................................... 5 1.3.1 Introduction ................................................................................................................... 5 1.3.2 TOE Type ........................................................................................................................ 5 1.3.3 TOE Usage & Major Security Features ........................................................................... 6 1.3.4 Non-TOE Security Features ............................................................................................ 7 1.3.5 Non-TOE Hardware/Software/Firmware ....................................................................... 7 1.3.5.1 TOE required hardware and software ....................................................................... 7 1.3.5.2 Network environment ................................................................................................ 8 1.4 TOE Description...................................................................................................................... 9 1.4.1 Introduction ................................................................................................................... 9 1.4.1.1 TOE Evaluated Configuration ..................................................................................... 9 1.4.2 TOE Logical Scope ........................................................................................................ 10 1.4.2.1 Network Access Control details ............................................................................... 11 1.4.2.1.1 Access Control using Virtual Local Area Networks ............................................ 13 1.4.2.2 Management functions ............................................................................................ 13 1.4.2.3 Role Based Access Control to Management Functions ........................................... 13 1.4.2.4 Protection of Communications ................................................................................ 14 1.4.2.5 Generation of Audit Data ......................................................................................... 14 1.4.3 TOE Physical Scope ....................................................................................................... 14 2 Conformance Claims .................................................................................................................... 16 3 Security Problem Definition ......................................................................................................... 17 3.1 Assets ................................................................................................................................... 17 3.2 Threat Agents ....................................................................................................................... 17 3.3 Threats to Security ............................................................................................................... 17 3.4 Organizational Security Policies ........................................................................................... 18 3.5 Assumptions ......................................................................................................................... 18 4 Security Objectives ....................................................................................................................... 19 4.1 Security objectives for the TOE ............................................................................................ 19 4.2 Security objectives for the operational environment .......................................................... 19 4.3 Security Objectives Rationale .............................................................................................. 20 4.3.1 Threats ......................................................................................................................... 23 openNAC Enterprise Security Target v1.7 - 2 - 4.3.2 Organizational Security Policies ................................................................................... 24 4.3.3 Assumptions ................................................................................................................. 24 5 Extended Components Definition ................................................................................................ 26 5.1 Class FDP: User data protection ........................................................................................... 26 5.1.1 Access control policy (FDP_ACC) .................................................................................. 26 5.1.2 Access control functions (FDP_ACF) ............................................................................ 27 6 Security Requirements ................................................................................................................. 29 6.1 Security Functional Requirements ....................................................................................... 29 6.1.1 FAU: Security audit ....................................................................................................... 29 6.1.1.1 FAU_GEN.1: Audit data generation ......................................................................... 29 6.1.1.2 FAU_GEN.2: User identity association ..................................................................... 30 6.1.2 FDP: User data protection ............................................................................................ 30 6.1.2.1 FDP_ACC.1: Subset access control ........................................................................... 30 6.1.2.2 FDP_ACC.3: Delegated access control ..................................................................... 31 6.1.2.3 FDP_ACF.1: Security attribute based access control ............................................... 32 6.1.2.4 FDP_ACF.2: Delegated Security attribute based access control .............................. 34 6.1.3 FIA: Identification and authentication ......................................................................... 35 6.1.3.1 FIA_ATD.1: User attribute definition ....................................................................... 35 6.1.3.2 FIA_UAU.1: Timing of authentication ...................................................................... 35 6.1.3.3 FIA_UID.1: Timing of identification .......................................................................... 35 6.1.4 FMT: Security management ......................................................................................... 35 6.1.4.1 FMT_MSA.1: Management of security attributes ................................................... 35 6.1.4.2 FMT_MSA.3: Static attribute initialisation ............................................................... 36 6.1.4.3 FMT_SMF.1: Specification of Management Functions ............................................ 36 6.1.4.4 FMT_SMR.1: Security roles ...................................................................................... 36 6.1.5 FPT: Protection of the TSF ............................................................................................ 36 6.1.5.1 FPT_STM.1: Reliable time stamps ............................................................................ 36 6.1.6 FTP: Trusted path/channels ......................................................................................... 36 6.1.6.1 FTP_ITC.1: Inter-TSF trusted channel ....................................................................... 37 6.2 Security Assurance Requirements ....................................................................................... 37 6.3 Security Requirements Rationale......................................................................................... 37 6.3.1 Necessity and sufficiency analysis................................................................................ 38 6.3.2 Security Requirement Sufficiency ................................................................................ 40 6.3.3 SFR Dependency Rationale .......................................................................................... 40 6.3.3.1 Table of SFR dependencies ...................................................................................... 41 openNAC Enterprise Security Target v1.7 - 3 - 6.3.4 SAR Rationale ............................................................................................................... 41 6.3.5 SAR Dependency Rationale .......................................................................................... 41 6.3.5.1 Table of SAR dependencies ...................................................................................... 41 7 TOE Summary Specification ......................................................................................................... 43 7.1 SF.Audit ...............................................................................................................................