Home >Documents >IronPort Email Security Appliances Security Target · PDF fileIronPort Email Security...

IronPort Email Security Appliances Security Target · PDF fileIronPort Email Security...

Date post:30-Jan-2018
Category:
View:216 times
Download:3 times
Share this document with a friend
Transcript:
  • IronPort Email Security Appliances

    Security Target

    Version 1.0

    November 29, 2010

    Prepared for:

    Cisco IronPort Systems LLC 950 Elm Avenue

    San Bruno, CA 94066

    Prepared By:

    Science Applications International Corporation

    Common Criteria Testing Laboratory

    6841 Benjamin Franklin Drive

    Columbia, MD 21046

  • Security Target Version 1.0

    1

    Table of Contents

    1. SECURITY TARGET INTRODUCTION ........................................................................................................... 3

    1.1 SECURITY TARGET, TOE AND CC IDENTIFICATION ........................................................................................ 3 1.2 CONFORMANCE CLAIMS ................................................................................................................................. 4 1.3 CONVENTIONS ................................................................................................................................................ 4 1.4 GLOSSARY ...................................................................................................................................................... 4

    2. TOE DESCRIPTION .......................................................................................................................................... 7

    2.1 TOE OVERVIEW ............................................................................................................................................. 7 2.2 TOE ARCHITECTURE ...................................................................................................................................... 7

    2.2.1 TOE Capabilities ................................................................................................................................... 7 2.2.2 Physical Boundaries .............................................................................................................................. 8 2.2.3 Logical Boundaries .............................................................................................................................. 11 2.2.4 Features Excluded from Evaluation .................................................................................................... 12

    2.3 TOE DOCUMENTATION ................................................................................................................................ 12

    3. SECURITY PROBLEM DEFINITION .......................................................................................................... 14

    3.1 ASSUMPTIONS .............................................................................................................................................. 14 3.1.1 Intended Usage Assumptions ............................................................................................................... 14 3.1.2 Physical Assumptions .......................................................................................................................... 14 3.1.3 Personnel Assumptions ........................................................................................................................ 14

    3.2 THREATS ...................................................................................................................................................... 14 3.2.1 TOE Threats......................................................................................................................................... 14 3.2.2 IT System Threats ................................................................................................................................ 15

    3.3 ORGANIZATIONAL SECURITY POLICIES ........................................................................................................ 15

    4. SECURITY OBJECTIVES .............................................................................................................................. 16

    4.1 INFORMATION TECHNOLOGY (IT) SECURITY OBJECTIVES ............................................................................ 16 4.2 SECURITY OBJECTIVES FOR THE ENVIRONMENT ........................................................................................... 16

    5. IT SECURITY REQUIREMENTS .................................................................................................................. 18

    5.1 EXTENDED COMPONENTS DEFINITION ......................................................................................................... 18 5.2 TOE SECURITY FUNCTIONAL REQUIREMENTS ............................................................................................. 18

    5.2.1 Security Audit (FAU) ........................................................................................................................... 19 5.2.2 Cryptographic Support (FCS).............................................................................................................. 21 5.2.3 Identification and Authentication (FIA) ............................................................................................... 21 5.2.4 Security Management (FMT) ............................................................................................................... 22 5.2.5 Protection of the TOE Security Functions (FPT) ................................................................................ 23 5.2.6 IDS Component Requirements (IDS) ................................................................................................... 23

    5.3 TOE SECURITY ASSURANCE REQUIREMENTS ............................................................................................... 24 5.3.1 Development (ADV) ............................................................................................................................. 25 5.3.2 Guidance Documents (AGD) ............................................................................................................... 26 5.3.3 Life-cycle Support (ALC) ..................................................................................................................... 27 5.3.4 Tests (ATE) .......................................................................................................................................... 28 5.3.5 Vulnerability Assessment (AVA) .......................................................................................................... 29

    6. TOE SUMMARY SPECIFICATION .............................................................................................................. 30

    6.1 TOE SECURITY FUNCTIONS .......................................................................................................................... 30 6.1.1 Security Audit ....................................................................................................................................... 30 6.1.2 Cryptographic Support ........................................................................................................................ 32 6.1.3 Identification and Authentication ........................................................................................................ 32 6.1.4 Security Management .......................................................................................................................... 33 6.1.5 Protection of the TSF ........................................................................................................................... 35 6.1.6 Intrusion Detection .............................................................................................................................. 35

  • Security Target Version 1.0

    2

    7. PROTECTION PROFILE CLAIMS ............................................................................................................... 39

    7.1 TOE TYPE .................................................................................................................................................... 39 7.2 SECURITY PROBLEM DEFINITION .................................................................................................................. 39 7.3 SECURITY OBJECTIVES ................................................................................................................................. 39 7.4 SECURITY REQUIREMENTS ........................................................................................................................... 39

    8. RATIONALE ..................................................................................................................................................... 42

    8.1 SECURITY OBJECTIVES RATIONALE .............................................................................................................. 42 8.2 SECURITY FUNCTIONAL REQUIREMENTS RATIONALE .................................................................................. 43 8.3 SECURITY ASSURANCE REQUIREMENTS RATIONALE .................................................................................... 44 8.4 REQUIREMENT DEPENDENCY RATIONALE .................................................................................................... 44 8.5 TOE SUMMARY SPECIFICATION RATIONALE ................................................................................................ 45 8.6 PP CLAIMS RATIONALE ................................................................................................................................ 45

    LIST OF TABLES

    Table 1: TOE Security Functional Components ..................................................................................................... 19 Table 2: Auditable Events ................................................................................................

Click here to load reader

Embed Size (px)
Recommended