| Date post: | 30-Jan-2018 |
| Category: | Documents |
| View: | 216 times |
| Download: | 3 times |
IronPort Email Security Appliances
Security Target
Version 1.0
November 29, 2010
Prepared for:
Cisco IronPort Systems LLC 950 Elm Avenue
San Bruno, CA 94066
Prepared By:
Science Applications International Corporation
Common Criteria Testing Laboratory
6841 Benjamin Franklin Drive
Columbia, MD 21046
Security Target Version 1.0
1
Table of Contents
1. SECURITY TARGET INTRODUCTION ........................................................................................................... 3
1.1 SECURITY TARGET, TOE AND CC IDENTIFICATION ........................................................................................ 3 1.2 CONFORMANCE CLAIMS ................................................................................................................................. 4 1.3 CONVENTIONS ................................................................................................................................................ 4 1.4 GLOSSARY ...................................................................................................................................................... 4
2. TOE DESCRIPTION .......................................................................................................................................... 7
2.1 TOE OVERVIEW ............................................................................................................................................. 7 2.2 TOE ARCHITECTURE ...................................................................................................................................... 7
2.2.1 TOE Capabilities ................................................................................................................................... 7 2.2.2 Physical Boundaries .............................................................................................................................. 8 2.2.3 Logical Boundaries .............................................................................................................................. 11 2.2.4 Features Excluded from Evaluation .................................................................................................... 12
2.3 TOE DOCUMENTATION ................................................................................................................................ 12
3. SECURITY PROBLEM DEFINITION .......................................................................................................... 14
3.1 ASSUMPTIONS .............................................................................................................................................. 14 3.1.1 Intended Usage Assumptions ............................................................................................................... 14 3.1.2 Physical Assumptions .......................................................................................................................... 14 3.1.3 Personnel Assumptions ........................................................................................................................ 14
3.2 THREATS ...................................................................................................................................................... 14 3.2.1 TOE Threats......................................................................................................................................... 14 3.2.2 IT System Threats ................................................................................................................................ 15
3.3 ORGANIZATIONAL SECURITY POLICIES ........................................................................................................ 15
4. SECURITY OBJECTIVES .............................................................................................................................. 16
4.1 INFORMATION TECHNOLOGY (IT) SECURITY OBJECTIVES ............................................................................ 16 4.2 SECURITY OBJECTIVES FOR THE ENVIRONMENT ........................................................................................... 16
5. IT SECURITY REQUIREMENTS .................................................................................................................. 18
5.1 EXTENDED COMPONENTS DEFINITION ......................................................................................................... 18 5.2 TOE SECURITY FUNCTIONAL REQUIREMENTS ............................................................................................. 18
5.2.1 Security Audit (FAU) ........................................................................................................................... 19 5.2.2 Cryptographic Support (FCS).............................................................................................................. 21 5.2.3 Identification and Authentication (FIA) ............................................................................................... 21 5.2.4 Security Management (FMT) ............................................................................................................... 22 5.2.5 Protection of the TOE Security Functions (FPT) ................................................................................ 23 5.2.6 IDS Component Requirements (IDS) ................................................................................................... 23
5.3 TOE SECURITY ASSURANCE REQUIREMENTS ............................................................................................... 24 5.3.1 Development (ADV) ............................................................................................................................. 25 5.3.2 Guidance Documents (AGD) ............................................................................................................... 26 5.3.3 Life-cycle Support (ALC) ..................................................................................................................... 27 5.3.4 Tests (ATE) .......................................................................................................................................... 28 5.3.5 Vulnerability Assessment (AVA) .......................................................................................................... 29
6. TOE SUMMARY SPECIFICATION .............................................................................................................. 30
6.1 TOE SECURITY FUNCTIONS .......................................................................................................................... 30 6.1.1 Security Audit ....................................................................................................................................... 30 6.1.2 Cryptographic Support ........................................................................................................................ 32 6.1.3 Identification and Authentication ........................................................................................................ 32 6.1.4 Security Management .......................................................................................................................... 33 6.1.5 Protection of the TSF ........................................................................................................................... 35 6.1.6 Intrusion Detection .............................................................................................................................. 35
Security Target Version 1.0
2
7. PROTECTION PROFILE CLAIMS ............................................................................................................... 39
7.1 TOE TYPE .................................................................................................................................................... 39 7.2 SECURITY PROBLEM DEFINITION .................................................................................................................. 39 7.3 SECURITY OBJECTIVES ................................................................................................................................. 39 7.4 SECURITY REQUIREMENTS ........................................................................................................................... 39
8. RATIONALE ..................................................................................................................................................... 42
8.1 SECURITY OBJECTIVES RATIONALE .............................................................................................................. 42 8.2 SECURITY FUNCTIONAL REQUIREMENTS RATIONALE .................................................................................. 43 8.3 SECURITY ASSURANCE REQUIREMENTS RATIONALE .................................................................................... 44 8.4 REQUIREMENT DEPENDENCY RATIONALE .................................................................................................... 44 8.5 TOE SUMMARY SPECIFICATION RATIONALE ................................................................................................ 45 8.6 PP CLAIMS RATIONALE ................................................................................................................................ 45
LIST OF TABLES
Table 1: TOE Security Functional Components ..................................................................................................... 19 Table 2: Auditable Events ................................................................................................
