rsa security analytics v10.6 security target - new cc sa v10 6 st...rsa proprietary rsa proprietary...
If you can't read please download the document
Post on 28-May-2018
213 views
Embed Size (px)
TRANSCRIPT
RSA Proprietary
RSA Proprietary Page 1 of 51
RSA Security Analytics v10.6
Security Target
Version 1.0
March 17, 2016
Prepared for:
RSA The Security Division of EMC2
10700 Parkridge Blvd.
Suite 600
Reston, VA 20191
Prepared By:
Leidos Inc. (formerly Science Applications International Corporation)
Common Criteria Testing Laboratory
6841 Benjamin Franklin Drive, Columbia, Maryland 21046
RSA Proprietary 17 March 2017 Version 1.0
RSA Proprietary Page 2 of 51
TABLE OF CONTENTS
1 SECURITY TARGET INTRODUCTION ........................................................................................................ 4
1.1 SECURITY TARGET, TOE AND CC IDENTIFICATION ....................................................................................... 4 1.2 CONFORMANCE CLAIMS ................................................................................................................................. 4 1.3 CONVENTIONS ................................................................................................................................................ 5 1.4 GLOSSARY ...................................................................................................................................................... 5 1.5 TERMINOLOGY ............................................................................................................................................... 5
2 TOE DESCRIPTION .......................................................................................................................................... 7
2.1 TOE OVERVIEW ............................................................................................................................................. 7 2.2 TOE ARCHITECTURE ...................................................................................................................................... 7
2.2.1 SA Product Components ........................................................................................................................... 7 2.2.2 TOE Physical Boundaries ....................................................................................................................... 10 2.2.3 TOE Logical Boundaries ........................................................................................................................ 15
2.3 TOE DOCUMENTATION ................................................................................................................................ 16
3 SECURITY PROBLEM DEFINITION .......................................................................................................... 18
3.1 ASSUMPTIONS .............................................................................................................................................. 18 3.1.1 Intended Usage Assumptions .................................................................................................................. 18 3.1.2 Physical Assumptions ............................................................................................................................. 18 3.1.3 Personnel Assumptions ........................................................................................................................... 18
3.2 THREATS ...................................................................................................................................................... 18
4 SECURITY OBJECTIVES .............................................................................................................................. 20
4.1 SECURITY OBJECTIVES FOR THE TOE........................................................................................................... 20 4.2 SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT ................................................................... 20
5 IT SECURITY REQUIREMENTS .................................................................................................................. 21
5.1 EXTENDED COMPONENT DEFINITION ........................................................................................................... 21 5.1.1 Extended Family Definitions .................................................................................................................. 21
5.2 TOE SECURITY FUNCTIONAL REQUIREMENTS ............................................................................................. 25 5.2.1 Security audit (FAU) .............................................................................................................................. 26 5.2.2 Cryptographic Support (FCS) ................................................................................................................ 27 5.2.3 Identification and authentication (FIA) .................................................................................................. 28 5.2.4 Security Monitoring with Security Information and Event Management ............................................... 29 5.2.5 Security management (FMT) .................................................................................................................. 29 5.2.6 Protection of the TSF (FPT) ................................................................................................................... 30 5.2.7 TOE Access (FTA) .................................................................................................................................. 30 5.2.8 Trusted path/channels (FTP) .................................................................................................................. 30
5.3 TOE SECURITY ASSURANCE REQUIREMENTS .............................................................................................. 31 5.3.1 Development (ADV) ................................................................................................................................ 31 5.3.2 Guidance documents (AGD) ................................................................................................................... 32 5.3.3 Life-cycle support (ALC) ........................................................................................................................ 33 5.3.4 Tests (ATE) ............................................................................................................................................. 34 5.3.5 Vulnerability assessment (AVA).............................................................................................................. 34
6 TOE SUMMARY SPECIFICATION .............................................................................................................. 36
6.1 SECURITY AUDIT .......................................................................................................................................... 36 6.2 CRYPTOGRAPHIC SUPPORT ........................................................................................................................... 37 6.3 IDENTIFICATION AND AUTHENTICATION ....................................................................................................... 38 6.4 SECURITY MONITORING WITH SECURITY INFORMATION AND EVENT MANAGEMENT .................................. 39 6.5 SECURITY MANAGEMENT ............................................................................................................................. 41 6.6 PROTECTION OF THE TSF ............................................................................................................................. 42 6.7 TOE ACCESS ................................................................................................................................................ 42 6.8 TRUSTED PATH/CHANNELS ........................................................................................................................... 42
RSA Proprietary 17 March 2017 Version 1.0
RSA Proprietary Page 3 of 51
7 RATIONALE ..................................................................................................................................................... 43
7.1 SECURITY OBJECTIVES RATIONALE ............................................................................................................. 43 7.1.1 Security Objectives Rationale for the TOE and Environment ................................................................ 43
7.2 SECURITY REQUIREMENTS RATIONALE ........................................................................................................ 46 7.2.1 Security Functional Requirements Rationale ......................................................................................... 46 7.2.2 Security Assurance Requirements Rationale .......................................................................................... 49
7.3 REQUIREMENT DEPENDENCY RATIONALE .................................................................................................... 49 7.4 TOE SUMMARY SPECIFICATION RATIONALE ............................................................................................... 50
LIST OF TABLES
Table 5-1 TOE Security Functional Components........................................................................................................... 26 Table 5-2 Auditable Events ............................................................................................................................................ 26 Table 5-3 EAL2 Augmented with ALC_FLR.1 Assurance Components....................................................................... 31 Table 8-1 Objective to Requirement Correspondence ....................................................