Home >Documents >Security Target: Symantec™ Security Information Manager ... · PDF file The TOE is the...

Security Target: Symantec™ Security Information Manager ... · PDF file The TOE is the...

Date post:27-Sep-2020
Category:
View:1 times
Download:0 times
Share this document with a friend
Transcript:
  • Security Target: Symantec™ Security Information Manager Version 4.8.1

    Document Version 1.7 Copyright © Symantec Corporation Page 1 of 42

    Security Target

    Symantec™ Security Information Manager Version 4.8.1

    Document Version 1.7

    January 30, 2014

  • Security Target: Symantec™ Security Information Manager Version 4.8.1

    Document Version 1.7 Copyright © Symantec Corporation Page 2 of 42

    Prepared For:

    Prepared By:

    Symantec Corporation

    350 Ellis Street

    Mountain View, CA 94043

    www.symantec.com

    Apex Assurance Group, LLC

    530 Lytton Avenue, Ste. 200

    Palo Alto, CA 94301

    www.apexassurance.com

    Abstract

    This document provides the basis for an evaluation of a specific Target of Evaluation (TOE), the Symantec™ Security Information Manager Version 4.8.1. This Security Target (ST) defines a set of assumptions about the aspects of the environment, a list of threats that the product intends to counter, a set of security objectives, a set of security requirements and the IT security functions provided by the TOE which meet the set of requirements.

    http://www.symantec.com/ http://www.apexassurance.com/

  • Security Target: Symantec™ Security Information Manager Version 4.8.1

    Document Version 1.7 Copyright © Symantec Corporation Page 3 of 42

    Table of Contents

    1 INTRODUCTION ............................................................................................................................................. 6 1.1 ST REFERENCE .......................................................................................................................................................... 6 1.2 TOE REFERENCE ...................................................................................................................................................... 6 1.3 DOCUMENT ORGANIZATION .................................................................................................................................... 6 1.4 DOCUMENT CONVENTIONS...................................................................................................................................... 7 1.5 DOCUMENT TERMINOLOGY ..................................................................................................................................... 7 1.6 TOE OVERVIEW ........................................................................................................................................................ 8 1.7 TOE DESCRIPTION ................................................................................................................................................. 10

    1.7.1 Events ...................................................................................................................................................................... 11 1.7.2 Conclusions ........................................................................................................................................................... 12 1.7.3 Incidents ................................................................................................................................................................ 12 1.7.4 Physical Boundaries ......................................................................................................................................... 12 1.7.5 Logical Boundaries ........................................................................................................................................... 14 1.7.6 TOE Security Functional Policies ............................................................................................................... 15

    2 CONFORMANCE CLAIMS ........................................................................................................................... 16 2.1 CC CONFORMANCE CLAIM ..................................................................................................................................... 16 2.2 PP CLAIM ................................................................................................................................................................. 16 2.3 PACKAGE CLAIM ...................................................................................................................................................... 16 2.4 CONFORMANCE RATIONALE .................................................................................................................................. 16

    3 SECURITY PROBLEM DEFINITION ........................................................................................................ 17 3.1 THREATS ................................................................................................................................................................... 17

    3.1.1 Threats Addressed by the TOE and the Operational Environment ............................................ 17 3.2 ORGANIZATIONAL SECURITY POLICIES ............................................................................................................... 17 3.3 ASSUMPTIONS .......................................................................................................................................................... 17

    3.3.1 Personnel Assumptions ................................................................................................................................... 18 3.3.2 Physical Environment Assumptions .......................................................................................................... 18 3.3.3 Operational Assumptions .............................................................................................................................. 18

    4 SECURITY OBJECTIVES ............................................................................................................................. 19 4.1 SECURITY OBJECTIVES FOR THE TOE .................................................................................................................. 19 4.2 SECURITY OBJECTIVES FOR THE IT OPERATIONAL ENVIRONMENT ............................................................... 19 4.3 SECURITY OBJECTIVES RATIONALE ..................................................................................................................... 19

    4.3.1 Rationale for Security Objectives of the TOE ........................................................................................ 20 4.3.2 Rationale for Security Objectives of the Operational Environment........................................... 21

    5 EXTENDED COMPONENTS DEFINITION ............................................................................................. 23 5.1 INCIDENT MANAGEMENT (SIM) CLASS OF SFRS ............................................................................................. 23

    5.1.1 SIM_ANL.1 Event Analysis (EXP) ................................................................................................................ 23 5.1.2 SIM_RES.1 Incident Resolution (EXP) ...................................................................................................... 23

    6 SECURITY REQUIREMENTS ..................................................................................................................... 24 6.1 TOE SECURITY FUNCTIONAL REQUIREMENTS .................................................................................................. 24

    6.1.1 Security Audit (FAU) ........................................................................................................................................ 24 6.1.2 User Data Protection (FDP) ......................................................................................................................... 25 6.1.3 Identification and Authentication (FIA) ................................................................................................. 26 6.1.4 Security Management (FMT) ....................................................................................................................... 26 6.1.5 Incident Management (SIM) ........................................................................................................................ 27

    6.2 TOE SECURITY ASSURANCE REQUIREMENTS .................................................................................................... 27

  • Security Target: Symantec™ Security Information Manager Version 4.8.1

    Document Version 1.7 Copyright © Symantec Corporation Page 4 of 42

    6.3 SECURITY REQUIREMENTS RATIONALE .............................................................................................................. 28 6.3.1 Summary of TOE Security Requirements ............................................................................................... 28 6.3.2 Sufficiency of Security Requirements ....................................................................................................... 29

    6.4 TOE SUMMARY SPECIFICATION RATIONALE ..................................................................................................... 31 6.4.1 Sufficiency of IT Security Functions .......................................................................................................... 32

    6.5 RATIONALE FOR EXTENDED SECURITY REQUIREMENTS ................................................................................. 34 6.6 RATIONALE FOR IT SECURITY REQUIREMENT DEPENDENCIES ...................................................................... 34

    6.6.1 Security Assurance Requireme

Click here to load reader

Reader Image
Embed Size (px)
Recommended