3e Technologies International 3e-636 Series Network Security Device. Security Target

Size: px
Start display at page:

Download "3e Technologies International 3e-636 Series Network Security Device. Security Target"

Transcription

1 3e Technologies International 3e-636 Series Network Security Device Security Target Revision J March 12, 2015 Version 1.0 Page 1

2 2015 3e Technologies International, Inc. All rights reserved. 3e Technologies International 636 Series Network Security Device Security Target This document, as well as the software described in it, is furnished under license and may be used or copied only in accordance with the terms of such license. The content of this document is furnished for informational use only, is subject to change without notice, and should not be construed as a commitment by 3eTI. 3eTI assumes no responsibility or liability for any errors or inaccuracies that may appear in this document. Except as permitted by license, no part of this document may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, without prior written permission of 3eTI.All registered names, product names and trademarks of other companies used in this guide are for descriptive purposes only and are the acknowledged property of the respective company. Document ID Number: Revision J Contact: 3e Technologies International, Inc Key West Avenue 5th Floor Rockville, MD USA Telephone: +1 (301) Fax: +1 (301) Website: Page 2

3 Table of Contents 1 Security Target Introduction Security Target References Document References TOE References TOE Overview Type of TOE TOE Usage Hardware, Firmware, and Software Required by the TOE TOE Security Functionality TOE Description Acronyms Terminology TOE Description Physical Scope of the TOE Logical Scope of the TOE Conformance Claims Common Criteria Conformance Protection Profile Claim Conformance Rationale Security Problem Definition Threats to Security Organization Security Policies Secure Usage Assumptions Security Objectives Security Objectives for the TOE Security Objectives for the Operational Environment Extended Security Requirements Definition Network Device Protection Profile Extended Security Requirements Definition Security Requirements TOE Security Functional Requirements Security Audit (FAU) Requirements Cryptographic Support (FCS) Requirements User Data Protection (FDP) Requirements Identification and Authentication (FIA) Requirements Security Management (FMT) Requirements Page i

4 6.1.6 Protection of TSF (FPT) Requirements TOE Access (FTA) Requirements Trusted Path/Channels (FTP) Requirements TOE Security Assurance Requirements Development (ADV) Guidance documents (AGD) Life-cycle Support (ALC) Tests (ATE) Vulnerability Assessment (AVA) TOE Summary Specification Audit Functions Cryptographic Support Functions User Data Protection Functions User Identification and Authentication Security Management Functions Protection of the TSF Functions TOE Access (FTA) Trusted Path/Channels Functions Page ii

5 List of Tables and Figures Table 1-1: US Government and Standards Document References... 4 Table 1-2: 3eTI Document References... 4 Table 1-3: Acronyms... 7 Table 1-4: Terms... 8 Figure 1-1: 3e-636L3/3e-636L2TOE Operational Configuration... 9 Table 3-1: Threats to Security Table 3-2: Organizational Security Policies Table 3-3: Secure Usage Assumptions Table 4-1: Security Objectives Table 4-2: Security Objectives for the Operational Environment Table 6-1: 636 Security Functional Requirements Table 6-2: Auditable Events Table 6-3: TOE Security Assurance Requirements Table 7-1: 636L3 FIPS-140 Tested Algorithms Table 7-2: NIST SP800-56A Implementation Table 7-3: NIST SP800-56B Implementation Table 7-4: TOE CSPs Use and Management Table 7-5: Management of TSF Data Page iii

6 1 Security Target Introduction This section presents security target (ST) identification information and an overview of the ST. The structure and content of this ST comply with the requirements specified in the Common Criteria (CC), Part 1, Annex A. 1.1 Security Target References ST Title: 3eTI 3e-636 Series Network Security Device Security Target ST Version: Version 1.0, Revision J Vendor: 3e Technology International, Inc. ST Publication Date: March 12, 2015 Keywords: filter, 802.1X Encryption, VLAN, VPN, IPSec, access control, data packet inspection, traffic Document References The following documents were used to develop the Security Target. Table 1-1: US Government and Standards Document References Reference Document [CC_PART1] Common Criteria for Information Technology Security Evaluation-Part 1: Introduction and general model, July 2009, version 3.1R3, CCMB [CC_PART2] Common Criteria for Information Technology Security Evaluation-Part 2: Security functional components, July 2009, version 3.1R3, CCMB [CC_PART3] Common Criteria for Information Technology Security Evaluation-Part 2: Security assurance components, July 2009, version 3.1R3, CCMB [CEM] Common Methodology for Information Technology Security Evaluation, Evaluation methodology, July 2009, version 3.1R3, CCMB [NDPP V1.1] US Government, Protection Profile for Network Devices, June 08, 2012 [PKE PP] US Government Family of Protection Profiles: Public Key-Enabled Applications for Basic Robustness Environments, May , Version 2.8 [FIPS PUB 140-2] National Institute of Standards and Technology, FIPS PUB Security Requirements for Cryptographic Modules, December [FIPS PUB ] Digital Signature Standard (DSS), June 2009 [NIST SP A] NIST Special Publication A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography [NIST SP ] NIST Special Publication , Recommendation for Key Management [NIST SP ] NIST Special Publication , Recommendation for EAP Methods Used in Wireless Network Access Authentication, September [IEEE 802.1X] IEEE 802.1X-2004, Standard for Local and metropolitan area networks, Port- Based Network Access Control, 2004 RFC 4301 Security Architecture for the Internet Protocol RFC 4303 IP Encapsulating Security Payload (ESP) RFC 4106 The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) Reference Table 1-2: 3eTI Document References Document

7 Reference Document 636 UG 3e Technologies International Inc., 636-series User s Guide 1.2 TOE References TOE Identification: 3eTI 3e-636 Series Network Security Devices The TOE consists of the following 636 Series product: 3e-636L3 Network Security Device; Hardware Version 1.0, Firmware Version 5.1 build 73 3e-636L2 High Speed Encryption Network Security Device, Hardware Version 1.0, Firmware Version 5.1 build TOE Overview Type of TOE The Target of Evaluation [TOE] is a Network Device as defined by the protection profile: A network device is a device composed of hardware and software that is connected to the network and has an infrastructure role in the overall enterprise TOE Usage 3eTI s 636 Network Security Devices offer the multiple capabilities necessary for protecting embedded devices and safety-critical industrial control systems (ICS) against attacks from internal and external attacks. The 3e-636 Series Network Security Devices share the identical hardware platform. Both devices provide the same functionalities of access control, traffic filter and data packet inspection for network data traffic between the private networks. GUI Management interfaces over TLS/HTTPS share many similarities with minor differences in the encryption configuration options Hardware, Firmware, and Software Required by the TOE The TOE consists on the hardware, firmware and software residing on the Network Security Device as listed in Section 1.2 above. The evaluated configuration of the TOE requires the following Operational Environment support which is not included in the TOE s physical boundary. Administrator Workstations: Trusted administrators access the TOE through the TLS/HTTPS protocol. Audit Servers: The TOE relies upon the audit server for storage of audit records. The TOE itself stores limited amount of the audit records in its internal persistence storage. Those audit records are accessible and exportable through the Web GUI interface. NTP Servers (Optional): The TOE relies upon an NTP server to provide reliable time. If the time is configured locally, the TOE will use its own reliable hardware clock to maintain time as well. Page 5

8 1.3.4 TOE Security Functionality The following security functionality is within scope of this NDPP evaluation.. Security Audit o Generate audit logs for security-relevant events o Supports secure communications to remote syslog servers Cryptography o Validated cryptographic algorithms o Data zeroization User Data Protection o Residual information clearing Identification and Authentication o Password and user access policies Security Management o Local and remote administration Protection of the security functionality o Self-test on power-up o Trusted update TOE Access o Role-based access control o Session timeout and lockout Trusted Path/Channels o Trusted path for remote administrators Evaluation Clarification: The TOE provides additional security features, such as IPSec to provide transport layer security as VPN Client, which may be briefly described in this ST to help the reader understand what the product does. However, as this evaluation is strict compliance to the Network Device Protection Profile these additional features are considered out of scope. Page 6

9 1.4 TOE Description Acronyms The following acronyms and abbreviations are used in this Security Target: Acronym AES AS CA CAVP CBC CC CCM CCTL CEM CM CMVP COTS CPD CPU CPV CRL CSP DN DSA DSS EAL ECCCDH ECDSA ECB EE PROM FIPS GUI HLD HMAC HTTPS IEEE IETF IP IT LAN LDAP MAC Mbps NIAP NIC NIST OCSP Table 1-3: Acronyms Definition Advanced Encryption Standard Authentication Server Certificate Authority Cryptographic Algorithm Validation Program Cipher Block Chaining (AES mode) Common Criteria for Information Technology Security Evaluation Counter with Cipher Block Chaining-Message Authentication Code (AES mode) Common Criteria Testing Laboratory Common Evaluation Methodology for Information Technology Security Configuration Management Cryptographic Module Validation Program Commercial Off-The-Shelf Certificate Path Development Central Processing Unit Certificate Path Validation Certificate Revocation List Critical Security Parameter Distinguished Name Digital Signature Algorithm Digital Signature Standard Evaluation Assurance Level Elliptic Curve Cryptography Cofactor Diffie-Hellman Elliptic Curve Digital Signature Algorithm Electronic Codebook (AES Mode) Electrically Erasable Programmable Read-Only Memory Federal Information Processing Standard Graphic User Interface High Level Design Hashed Message Authentication Code Secure Hypertext Transfer Protocol Institute of Electrical and Electronics Engineers Internet Engineering Task Force Internet Protocol Information Technology Local Area Network Lightweight Directory Access Protocol Media Access Control Megabits per second National Information Assurance Partnership Network Interface Card National Institute of Standards and Technology Online Certificate Status Protocol Page 7

10 Acronym Definition OS Operating System PKI Public Key Infrastructure PP Protection Profile PSK Pre-shared key PSP Public Security Parameter RADIUS Remote Authentication Dial-In User Service RFC Request for Comments RSA Rivest, Shamir, and Adleman SAR Security Assurance Requirement SDRAM Synchronous Dynamic Random Access Memory SFP Security Function Policy SFR Security Functional Requirement SHA-1 US Secure Hash Algorithm 1 SNMP Simple Network Management Protocol SOF Strength of Function SP Security Parameter ST Security Target TCP Transmission Control Protocol TK Temporal Key TLS Transport Layer Security TOE Target of Evaluation TOI Time of Interest (used in certificate processing) TSF TOE Security Function TSP TOE Security Policy UDP User Datagram Protocol VLAN Virtual Local Area Network WAN Wide Area Network Terminology The following terminology is used in the Security Target: Table 1-4: Terms Term Definition 802.1X The IEEE 802.1X standard provides a framework for many authentication types at the link layer. IPsec Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. Cryptographic Module The set of hardware, software, firmware, or some combination thereof that implements cryptographic logic or processes, including cryptographic algorithms, and is contained within the cryptographic boundary of the module. Page 8

11 1.4.3 TOE Description The Target of Evaluation (TOE) is network devices that provide high speed information assurance that combines a number of different capabilities to create a tailored cyber defense. Acting as an IPsec client, the 3e-636L3 authenticates the IPsec Gateway during IKEv2 negotiation. It provides further data integrity and confidentiality using the ESP mode of the IPsec. AES with 128/256 bits key is used for network data encryption while SHS, CCM or GCM is used for data integrity. The 3e-636L2 provides high speed IEEE802.3 MAC layer encryption. All 3e-636-HSE devices can communicate securely on the same VLAN using the symmetric encryption key. Data integrity is offered through HMAC-SHS or CCM mode of encryption. Figure 1-1 depicts a normal operational scenario with the TOE. The 3e-636L3 uses IPSec tunnel while 3e-636L2 operates with symmetric encryption on the VLAN. The TOE relies upon an NTP Server and an Audit Server in its Operational Environment. The TOE may also be configured to communicate with DHCP and SNMP Management Servers in the Operational Environment, but does not depend upon them to support its security functionality. Figure 1-1: 3e-636L3/3e-636L2TOE Operational Configuration Evaluation Clarification: The TOE components use IPSec to provide transport layer security as VPN Client. While the TOE meets (vendor assertion) the FCS_IPSEC_EXT.1 SFR, the NDPP states The intent of the above requirement is to use a cryptographic protocol to protect external communications with authorized IT entities that the TOE interacts with to perform its functions. This is not, however, to be used to specify VPN Gateway functionality; a separate VPN Protection Profile should be used in these instances. Therefore, the VPN IPSec feature is not evaluated. Page 9

12 Similarly, the TOE uses encrypted VLAN payload to offer data link layer security, the VLAN feature is not evaluated under the NDPP either Physical Scope of the TOE The TOE physical boundary defines all hardware and firmware that is required to support the TOE s logical boundary and the TOE s security functions. The TOE hardware platform uses FreeScale MPC8378E CPU and the TOE s firmware contains embedded Linux Kernel customized by 3eTI based on kernel version 2.6. In short, the TOE s physical boundary is the physical device/appliance for both models. Figure 1-1 in Section depicts the evaluated TOE configurations and the Operational Environment. The table below describes the ports and interfaces implemented by the TOE Port/Interfaces Management/Control I/O Data Input Data Output Status Output Same on 3e-636L3 and 3e- 636L2 Local Management Ethernet port (1) X Yes Plain text Ethernet port (1) Cipher text Ethernet port (1) X X X Yes X X X Yes Auxiliary Ethernet port (1) Power N/A N/A N/A Disabled on both devices Yes LED X Yes Reset Pin X Yes The Operational Environment components relied upon by the TOE and not included in the physical boundary are described in Section Logical Scope of the TOE The Logical Scope of the TOE includes Audit, Cryptographic Services, User Data Protection, Identification and Authentication, Management, Protection of the TSF, TOE Access security functionality and Trusted Path/Channels. Page 10

13 Audit The TOE generates auditable events for actions on the TOE with the capability of selective audit record generation. The records of these events can be viewed within the TOE Management Interface or they can be exported to audit systems in the Operational Environment. The TOE generates records for its own actions, containing information about the user/process associated with the event, the success or failure of the event, and the time that the event occurred. Additionally, all administrator actions relating to the management of TSF data and configuration data are logged by the TOE s audit generation functionality Cryptographic Services The TOE uses a random number generator and secures communication channels with the following cryptographic algorithms: AES, RSA, ECDSA, SHA, HMAC. The TOE is designed to zeroize Critical Security Parameters (CSPs) to mitigate the possibility of disclosure or modification User Data Protection The TSF ensures that network packets sent from the TOE do not include data left over from processing the previous network information Identification and Authentication The TOE provides Identification and Authentication security functionality to ensure that all users are properly identified and authenticated before accessing TOE functionality The TOE enforces a local password-based authentication mechanism to perform administrative user authentication. Passwords are obscured when being displayed during any attempted login Management The Web Management Application of the TOE provides the capabilities for configuration and administration. The Web Management Application can be accessed via the dedicated local Ethernet port configured for out-of-band management. There is no local access such as a serial console port. Therefore, the local and remote management is considered the same for this evaluation. An authorized administrator has the ability to modify, edit, and delete security parameters such as audit data, configuration data, and user authentication data. The Web Management Application also offers an authorized administrator the capability to manage how security functions behave. For example an administrator can enable/disable certain audit functions query and set encryption/decryption algorithms used for network packets Protection of the TSF Internal testing of the TOE hardware, software, and software updates against tampering ensures that all security functions are running and available before the TOE accepting any communications. The TSF prevents reading of pre-shared keys, symmetric keys, and private keys, and passwords. The TOE uses electronic signature verification before any firmware/software updates are installed. Page 11

14 TOE Access The TOE provides the following TOE Access functionality: TSF-initiated session termination when a connection (remote or local) is idle for a configurable time period Administrative termination of own session TOE Access Banners Trusted Path/Channels The TOE protects interactive communication with administrators using TLS/HTTPS, both integrity and disclosure protection is ensured. The TOE protects communication with network entities, such as a log server, using TLS connection and optionally using a dedicated physical port to prevent unintended disclosure or modification of logs and management information Logical Dependencies on the Operational Environment The TOE relies upon the Operational Environment for the following security functionality: Audit storage Reliable time stamps from a Network Time Protocol (NTP) server Page 12

15 2 Conformance Claims 2.1 Common Criteria Conformance This ST claims conformance to Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 3, July International Standard ISO/IEC The requirements in this Security Target are Part 2 extended, and Part 3 conformant. 2.2 Protection Profile Claim This ST claims Strict Compliance to the US Government Protection Profile for Network Devices, Version 1.1, 8 June 2012 with Errata Conformance Rationale This security target claims strict conformance to only one Protection Profile [PP] NDPP. The security problem definition of this ST is consistent with the statement of the security problem definition in the PP, as the ST claims exact conformance to the PP and no other threats, organizational security policies, or assumptions are added. The security objectives of this ST are consistent with the statement of the security objectives in the PP as the ST claims exact conformance to the PP and no other security objectives are added. The security requirements of this ST are consistent with the statement of the security requirements in the PP as the ST claims exact conformance to the PP. Page 13

16 3 Security Problem Definition The Security Problem Definition defines: a) Communications with the TOE b) Malicious Updates c) Undetected System Activity d) Accessing the TOE e) User Data Disclosure f) TSF Failure This document identifies threats are identified as T.threat with threat specifying a unique name. Policies are identified as P.policy with policy specifying a unique name. Assumptions are identified as A.assumption with assumption specifying a unique name. 3.1 Threats to Security Table 3-1 below lists the threats to security. Table 3-1: Threats to Security # Threat Name Threat Definition 1 T.UNAUTHORIZED_ACCESS A user may gain unauthorized access to the TOE data and TOE executable code. A malicious user, process, or external IT entity may masquerade as an authorized entity in order to gain unauthorized access to data or TOE resources. A malicious user, process, or external IT entity may misrepresent itself as the TOE to obtain identification and authentication data. 2 T.UNAUTHORIZED_UPDATE A malicious party attempts to supply the end user with an update to the product that may compromise the security features of the TOE. 3 T.ADMIN_ERROR An administrator may unintentionally install or configure the TOE incorrectly, resulting in ineffective security mechanisms. 4 T.UNDETECTED_ACTIONS Malicious remote users or external IT entities may take actions that adversely affect the security of the TOE. These actions may remain undetected and thus their effects cannot be effectively mitigated. 5 T.USER_DATA_REUSE User data may be inadvertently sent to a destination not intended by the original sender. 6 T.TSF_FAILURE Security mechanisms of the TOE may fail, leading to a compromise of the TSF. Page 14

17 3.2 Organization Security Policies An organizational security policy is a set of rules, practices, and procedures imposed by an organization to address its security needs. Table 3-2 below lists the Organizational Security Policies enforced by the TOE. Table 3-2: Organizational Security Policies # Policy Name Policy Definition 7 P.ACCESS_BANNER The TOE shall display an initial banner describing restrictions of use, legal agreements, or any other appropriate information to which users consent by accessing the TOE. 3.3 Secure Usage Assumptions Table 3-3 below lists the secure usage assumptions. Table 3-3: Secure Usage Assumptions # Assumption Name Assumption Definition 1 A.NO_GENERAL_PURPOSE It is assumed that there are no general-purpose computing capabilities (e.g., compilers or user applications) available on the TOE, other than those services necessary for the operation, administration and support of the TOE. 2 A.PHYSICAL Physical security, commensurate with the value of the TOE and the data it contains, is assumed to be provided by the environment. 3 A.TRUSTED_ADMIN TOE Administrators are trusted to follow and apply all administrator guidance in a trusted manner. Page 15

18 4 Security Objectives This section defines TOE security objectives and objectives for the Operational Environment. 4.1 Security Objectives for the TOE Table 4-1 below lists the Security Objectives for the TOE. Table 4-1: Security Objectives # TOE Security Objective TOE Security Objective Definition 1 O.PROTECTED_COMMUNICATIONS The TOE will provide protected communication channels for administrators, other parts of a distributed TOE, and authorized IT entities. 2 O.DISPLAY_BANNER The TOE will display an advisory warning regarding use of the TOE. 3 O.SESSION_LOCK The TOE shall provide mechanisms that mitigate the risk of unattended sessions being hijacked. 4 O.RESIDUAL_INFORMATION_CLEARING The TOE will ensure that any data contained in a protected resource is not available when the resource is reallocated. 5 O.TOE_ADMINISTRATION The TOE will provide mechanisms to ensure that only administrators are able to log in and configure the TOE, and provide protections for logged-in administrators. 6 O.TSF_SELF_TEST The TOE will provide the capability to test some subset of its security functionality to ensure it is operating properly. 7 O.VERIFIABLE_UPDATES The TOE will provide the capability to help ensure that any updates to the TOE can be verified by the administrator to be unaltered and (optionally) from a trusted source. 8 O.SYSTEM_MONITORING The TOE will provide the capability to generate audit data and send those data to an external IT entity. 4.2 Security Objectives for the Operational Environment Table 4-2 below lists the Security Objectives for the Operational Environment. Table 4-2: Security Objectives for the Operational Environment # TOE Security Objective TOE Security Objective Definition 1 OE.NO_GENERAL_PURPOSE There are no general-purpose computing capabilities (e.g., compilers or user applications) available on the TOE, other than those services necessary for the operation, administration and support of the TOE. 2 OE.PHYSICAL Physical security, commensurate with the value of the TOE and the data it contains, is provided by the environment. 3 OE.TRUSTED_ADMIN TOE Administrators are trusted to follow and apply all administrator guidance in a trusted manner. Page 16

19 5 Extended Security Requirements Definition All of the extended requirements in this ST have been drawn from the NDPP. The NDPP defines the following extended SFRs and since they are not redefined in this ST, the NDPP should be consulted for more information in regard to those CC extensions. 5.1 Network Device Protection Profile Extended Security Requirements Definition FAU_STG_EXT.1 Extended: External Audit Trail Storage FCS_CKM_EXT.4 Extended: Cryptographic Key Zeroization FCS_RBG_EXT.1 Extended: Cryptographic Operation (Random Bit Generation) FCS_TLS_EXT.1 Extended: TLS FCS_HTTPS_EXT.1 Extended: HTTPS FIA_PMG_EXT.1 Extended: Password Management FIA_UAU_EXT.2 Extended: Password-based Authentication Mechanism FIA_UIA_EXT.1 Extended: User Identification and Authentication FPT_APW_EXT.1 Extended: Protection of Administrator Passwords FPT_SKP_EXT.1 Extended: Protection of TSF Data (for reading of all symmetric keys) FPT_TST_EXT.1 Extended: TSF Testing FPT_TUD_EXT.1 Extended: Trusted Update FTA_SSL_EXT.1 Extended: TSF-initiated Session Locking NOTE: The PP authors were not consistent in following their own conventions. Several of the Extended SFR naming conventions had the Extended: missing from its title. The ST author fixed this error to be consistent within this ST. The fixes are shown in red and are only shown in this section. The FCS_TLS_EXT.1 used the word Explicitly instead of Extended. This has been fixed to be consistent within this ST. The FCS_HTTPS_EXT.1 used the word Explicitly instead of Extended. This has been fixed to be consistent within this ST. Page 17

20 6 Security Requirements The following conventions have been applied in this document: Security Functional Requirements: Part 2 of the CC defines the approved set of operations that may be applied to functional requirements: iteration, assignment, selection, and refinement. Extended Security Functional Requirements: Extended requirements were written by the PP author when Part 2 of the CC did not offer suitable requirements to meet the authors needs. Extended requirements will be indicated with the _EXT inserted within the component name (e.g., FAU_STG_EXT.1) Iteration: allows a component to be used more than once with varying operations. In the ST, iteration is indicated by a reference in parenthesis placed at the end of the component. For example FCS_COP.1 (1) and FCS_COP.1 (2) indicate that the ST includes two iterations of the FCS_COP.1 requirement, (1) and (2). ST Author Assignment: allows the specification of an identified parameter. Assignments made by the ST author are indicated using italic+bold text and are surrounded by brackets (e.g., [assignment]). ST Author Selection: allows the specification of one or more elements from a list. Selections made by the ST author are indicated using bold text and are surrounded by brackets (e.g., [selection]). ST Author Refinement: The refinement operation is used to add detail to a requirement, and thus further restricts a requirement. Refinement of security requirements made by the ST author is denoted by the word Refinement in bold text after the element number and the additional text in the requirement in bold text. PP Author Selections, Assignments, & Refinements: PP author selections and assignments are shown in normal text. Refinements made by the PP authors will not be identified as refinements in this ST. The Refinement identifier is reserved for identifying any refinements made by the ST author. 6.1 TOE Security Functional Requirements The following table describes the SFRs that are satisfied by 3eTI s 636 series Network Device. Table 6-1: 636 Security Functional Requirements Functional Class Functional Components # Security Audit (FAU) FAU_GEN.1 Audit Data Generation 1 FAU_GEN.2 User Identity Association 2 FAU_STG_EXT.1 Extended: External Audit Trail Storage 3 Cryptographic Support Cryptographic Key Generation (for 4 (FCS) FCS_CKM.1 asymmetric keys) FCS_CKM_EXT.4 Extended: Cryptographic Key Zeroization 5 Cryptographic Operation (for data 6 FCS_COP.1 (1) encryption/decryption) FCS_COP.1 (2) Cryptographic Operation (for cryptographic signature) 7 Page 18

Samsung SDS Co., LTD Samsung SDS CellWe EMM (MDMPP11) Security Target

Samsung SDS Co., LTD Samsung SDS CellWe EMM (MDMPP11) Security Target Samsung SDS Co., LTD Samsung SDS CellWe EMM (MDMPP11) Security Target Version 0.6 2015/05/08 Prepared for: Samsung SDS 123, Olympic-ro 35-gil, Songpa-gu, Seoul, Korea 138-240 Prepared By: www.gossamersec.com

More information

National Information Assurance Partnership

National Information Assurance Partnership National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report 3eTI 3e-636 Series Network Security Devices Report Number: CCEVS-VR-VID10580 Dated: March 25,

More information

Protection Profile for Network Devices

Protection Profile for Network Devices Protection Profile for Network Devices Information Assurance Directorate 08 June 2012 Version 1.1 Table of Contents 1 INTRODUCTION... 1 1.1 Compliant Targets of Evaluation... 1 2 SECURITY PROBLEM DESCRIPTION...

More information

3eTI Technologies International 3e-525/523 Series Wireless Network Access Points. Security Target

3eTI Technologies International 3e-525/523 Series Wireless Network Access Points. Security Target 3eTI Technologies International 3e-525/523 Series Wireless Network Access Points Security Target Version 1.0 Revision I October 8 th, 2015 Page 1 2015 3e Technologies International, Inc. All rights reserved.

More information

Protection Profile for Wireless Local Area Network (WLAN) Access Systems

Protection Profile for Wireless Local Area Network (WLAN) Access Systems Protection Profile for Wireless Local Area Network (WLAN) Access Systems Information Assurance Directorate 01 December 2011 Version 1.0 Table of Contents 1 Introduction to the PP... 1 1.1 PP Overview of

More information

Security Target. ST Version 1.1. August 26, 2014

Security Target. ST Version 1.1. August 26, 2014 Security Target Juniper Networks M, T, MX and PTX Routers and EX9200 Switches running Junos OS 13.3R1.8 and Juniper QFX and EX Switches Running Junos OS 13.2X50-D19 and Junos OS 13.2X51-D20 ST Version

More information

Dell Networking Switches Security Target. Version 1.0 January 22, 2015

Dell Networking Switches Security Target. Version 1.0 January 22, 2015 Version 1.0 January 22, 2015 Revision History Date Version Author Description 06/16/2014 0.1 Cygnacom Solutions First Draft 08/01/2014 0.2 Cygnacom Solutions Vendor review & OS v9.6 updates 08/31/2014

More information

collaborative Protection Profile for Network Devices

collaborative Protection Profile for Network Devices collaborative Protection Profile for Network Devices Version 0.1 05-Sep-2014 Acknowledgements This collaborative Protection Profile (cpp) was developed by the Network international Technical Community

More information

Security Requirements for Network Devices

Security Requirements for Network Devices Security Requirements for Network Devices Information Assurance Directorate 10 December 2010 Version 1.0 Table of Contents 1 INTRODUCTION... 1 1.1 Compliant Targets of Evaluation... 1 2 SECURITY PROBLEM

More information

Cisco Email Security Appliance. Security Target. Version 1.0. October 2014

Cisco Email Security Appliance. Security Target. Version 1.0. October 2014 Cisco Email Security Appliance Security Target Version 1.0 October 2014 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA 2014 Cisco Systems, Inc. All rights

More information

HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target

HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target Version 1.0 February 12, 2014 Prepared for: Hewlett-Packard Long Down Avenue Stoke Gifford Bristol BS34 8QZ UK Prepared By: Leidos

More information

Cisco Unified Communications Manager

Cisco Unified Communications Manager Cisco Unified Communications Manager Security Target Version 1.0 10 August 2015 EDCS - 1502591 Page 1 of 53 Table of Contents 1 SECURITY TARGET INTRODUCTION... 8 1.1 ST and TOE Reference... 8 1.2 TOE Overview...

More information

Mobile Billing System Security Target

Mobile Billing System Security Target Mobile Billing System Security Target Common Criteria: EAL1 Version 1.2 25 MAY 11 Document management Document identification Document ID Document title Product version IDV_EAL1_ASE IDOTTV Mobile Billing

More information

Protection Profile for IPsec Virtual Private Network (VPN) Clients

Protection Profile for IPsec Virtual Private Network (VPN) Clients Protection Profile for IPsec Virtual Private Network (VPN) Clients Information Assurance Directorate 30 December 2012 Version 1.1 Table of Contents 1 Introduction to the PP... 1 1.1 PP Overview of the

More information

Protection Profile for USB Flash Drives

Protection Profile for USB Flash Drives Protection Profile for USB Flash Drives Mitigating the Risk of a Manipulated, Misplaced, or Stolen USB Flash Drive Information Assurance Directorate 01 December 2011 Version 1.0 Table of Contents 1 Introduction

More information

Microsoft Windows Common Criteria Evaluation

Microsoft Windows Common Criteria Evaluation Microsoft Windows Common Criteria Evaluation Microsoft Windows 8 Microsoft Windows RT Microsoft Windows Server 2012 IPsec VPN Client Security Target Document Information Version Number 1.0 Updated On January

More information

Common Criteria NDPP SIP Server EP Assurance Activity Report

Common Criteria NDPP SIP Server EP Assurance Activity Report Common Criteria NDPP SIP Server EP Assurance Activity Report Pascal Patin ISSUED BY Acumen Security, LLC. 1 Revision History: Version Date Changes Initial Release 7/20/2015 Initial Release Version 1.0

More information

Protection Profile for Server Virtualization

Protection Profile for Server Virtualization Protection Profile for Server Virtualization 29 October 2014 Version 1.0 i 0 Preface 0.1 Objectives of Document This document presents the Common Criteria (CC) Protection Profile (PP) to express the fundamental

More information

Supporting Document Mandatory Technical Document. Evaluation Activities for Network Device cpp. September-2014. Version 0.1

Supporting Document Mandatory Technical Document. Evaluation Activities for Network Device cpp. September-2014. Version 0.1 Supporting Document Mandatory Technical Document Evaluation Activities for Network Device cpp September-2014 Version 0.1 CCDB- Foreword This is a supporting

More information

Security Target. NetIQ Access Manager 4.0. Document Version 1.13. August 7, 2014. Security Target: NetIQ Access Manager 4.0

Security Target. NetIQ Access Manager 4.0. Document Version 1.13. August 7, 2014. Security Target: NetIQ Access Manager 4.0 Security Target NetIQ Access Manager 4.0 Document Version 1.13 August 7, 2014 Document Version 1.13 NetIQ Page 1 of 36 Prepared For: Prepared By: NetIQ, Inc. 1233 West Loop South Suite 810 Houston, TX

More information

Certification Report

Certification Report Certification Report EAL 4+ Evaluation of Entrust Authority Security Manager and Security Manager Administration v8.1 SP1 Issued by: Communications Security Establishment Canada Certification Body Canadian

More information

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc. Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0 Accellion, Inc. December 24, 2009 Copyright Accellion, Inc. 2009. May be reproduced only in its original entirety

More information

SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING

SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING Document No. 1735-005-D0001 Version: 1.0, 3 June 2014 Prepared for: Fortinet, Incorporated 326 Moodie Drive Ottawa, Ontario Canada, K2H

More information

Protection Profile for Mobile Device Management

Protection Profile for Mobile Device Management 31 December 2014 Version 2.0 REVISION HISTORY Version Date Description 1.0 21 October 2013 Initial Release 1.1 7 February 2014 Typographical changes and clarifications to front-matter 2.0 31 December 2014

More information

Protection Profile for Full Disk Encryption

Protection Profile for Full Disk Encryption Protection Profile for Full Disk Encryption Mitigating the Risk of a Lost or Stolen Hard Disk Information Assurance Directorate 01 December 2011 Version 1.0 Table of Contents 1 Introduction to the PP...

More information

Pulse Secure, LLC. January 9, 2015

Pulse Secure, LLC. January 9, 2015 Pulse Secure Network Connect Cryptographic Module Version 2.0 Non-Proprietary Security Policy Document Version 1.1 Pulse Secure, LLC. January 9, 2015 2015 by Pulse Secure, LLC. All rights reserved. May

More information

McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Security Target

McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Security Target McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Release Date: 5 October 2012 Version: 1.0 Prepared By: Primasec Ltd. Prepared For: McAfee Inc. 3965 Freedom Circle Santa Clara, CA 95054 Document Introduction

More information

Mapping Between Collaborative Protection Profile for Network Devices, Version 1.0, 27-Feb-2015 and NIST SP 800-53 Revision 4

Mapping Between Collaborative Protection Profile for Network Devices, Version 1.0, 27-Feb-2015 and NIST SP 800-53 Revision 4 Mapping Between Collaborative Protection Profile for Network Devices, Version 1.0, 27-Feb-2015 and NIST SP 800-53 Revision 4 Introduction Several of the NIST SP 800-53/CNSS 1253 controls are either fully

More information

Protection Profile for Mobile Device Management

Protection Profile for Mobile Device Management Protection Profile for Mobile Device Management 7 March 2014 Version 1.1 1 Revision History Version Date Description 1.0 21 October 2013 Initial Release 1.1 7 March 2014 Typographical changes and clarifications

More information

Security Target, Version 2.5 June 27, 2013

Security Target, Version 2.5 June 27, 2013 Dell SonicWALL, Inc. SonicOS Enhanced v5.9.0 on NSA Series and TZ Series Appliances Security Target Document Version: 2.5 Prepared for: Prepared by: Dell SonicWALL, Inc. 2001 Logic Avenue San Jose, CA

More information

National Information Assurance Partnership

National Information Assurance Partnership National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Security Requirements for Voice Over IP Application Protection Profile for Mobility Voice

More information

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy

Secure Network Communications FIPS 140 2 Non Proprietary Security Policy Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles

More information

Extended Package for Mobile Device Management Agents

Extended Package for Mobile Device Management Agents Extended Package for Mobile Device Management Agents 31 December 2014 Version 2.0 REVISION HISTORY Version Date Description 1.0 21 October 2013 Initial Release 1.1 7 February 2014 Typographical changes

More information

Marimba Client and Server Management from BMC Software Release 6.0.3

Marimba Client and Server Management from BMC Software Release 6.0.3 Marimba Client and Server Management from BMC Software Release 6.0.3 Version 2.3.0 4 June, 2007 Prepared by: BMC Software, Inc. 2101 City West Blvd. Houston, Texas 77042 TABLE OF CONTENTS 1. Introduction...

More information

Protection Profile for Voice Over IP (VoIP) Applications

Protection Profile for Voice Over IP (VoIP) Applications Protection Profile for Voice Over IP (VoIP) Applications 21 October 2013 Version 1.2 Table of Contents 1 INTRODUCTION... 1 1.1 Overview of the TOE... 1 1.2 Usage of the TOE... 1 2 SECURITY PROBLEM DESCRIPTION...

More information

Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target

Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target Revision 1.0 August 2011 1 Table of Contents 1 SECURITY TARGET INTRODUCTION... 6 1.1 ST and TOE Reference... 6 1.2 Acronyms

More information

National Information Assurance Partnership

National Information Assurance Partnership National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Protection Profile for Software Full Disk Encryption, Version 1.1 Report Number: CCEVS-VR-PP-0003

More information

Imperva SecureSphere Security Target

Imperva SecureSphere Security Target Imperva SecureSphere Security Target Version 0.4 12 November 2015 Prepared for: Imperva Inc. 3400 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 United States Prepared by: Leidos Inc. (formerly Science

More information

Assurance Activities Report for a Target of Evaluation. Security Target (Version 0.9)

Assurance Activities Report for a Target of Evaluation. Security Target (Version 0.9) Assurance Activities Report for a Target of Evaluation Cisco Integrated Services Router (ISR) 800 Series Security Target (Version 0.9) Assurance Activities Report (AAR) Version 1.0 10/31/2014 Evaluated

More information

AAR Test Summary. FireEye CM, FX, EX, and NX Series Appliances

AAR Test Summary. FireEye CM, FX, EX, and NX Series Appliances AAR Test Summary FireEye CM, FX, EX, and NX Series Appliances FireEye CM, FX, EX, and NX Series Appliances Series Security Target, version 1.0 Protection Profile for Network Devices (NDPP), version 1.1,

More information

Cisco Aggregation Services Router (ASR) 900 Series

Cisco Aggregation Services Router (ASR) 900 Series Cisco Aggregation Services Router (ASR) 900 Series Security Target Version 1.0 26 March 2015 Table of Contents 1 SECURITY TARGET INTRODUCTION...8 1.1 ST AND TOE REFERENCE... 8 1.2 TOE OVERVIEW... 8 1.2.1

More information

NIST SP 800-53 Revision 4 Mapping: Protection Profile for Application Software Version 1.0 2014-10-15

NIST SP 800-53 Revision 4 Mapping: Protection Profile for Application Software Version 1.0 2014-10-15 Introduction NIST SP 800-53 Revision 4 Mapping: Protection Profile for Application Software Version 1.0 2014-10-15 Several of the NIST SP 800-53/CNSS 1253 s are either fully or partially addressed by compliant

More information

McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target

McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target Release Date: September 2010 Document ID: Version: Draft J Prepared By: Primasec Ltd. Prepared For: McAfee Inc. 3965 Freedom Circle

More information

Security Target: Symantec Endpoint Protection Version 11.0

Security Target: Symantec Endpoint Protection Version 11.0 Security Target: Symantec Endpoint Protection Version 11.0 ST Version 1.6 June 2, 2008 Document Version 1.6 Symantec Corporation Page 1 of 68 Prepared For: Prepared By: Symantec Corporation 20330 Stevens

More information

Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2. Security Target

Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2. Security Target Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2 Security Target Evaluation Assurance Level: EAL2+ Document Version: 0.7 Prepared for: Prepared by: Enterasys Networks, Inc. Corsec Security,

More information

FIPS 140-2 Security Policy LogRhythm 6.0.4 Log Manager

FIPS 140-2 Security Policy LogRhythm 6.0.4 Log Manager FIPS 140-2 Security Policy LogRhythm 6.0.4 Log Manager LogRhythm 3195 Sterling Circle, Suite 100 Boulder CO, 80301 USA September 17, 2012 Document Version 1.0 Module Version 6.0.4 Page 1 of 23 Copyright

More information

Protection Profile for Software Full Disk Encryption

Protection Profile for Software Full Disk Encryption Protection Profile for Software Full Disk Encryption Mitigating the Risk of a Lost or Stolen Hard Disk Information Assurance Directorate 14 February 2013 Version 1.0 Table of Contents 1 Introduction to

More information

Cisco AnyConnect Secure Mobility Desktop Client

Cisco AnyConnect Secure Mobility Desktop Client Cisco AnyConnect Secure Mobility Desktop Client Security Target Version 1.0 September 16, 2015 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA 2015 Cisco

More information

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION COMMON CRITERIA PROTECTION PROFILE EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION Draft Version 1.0 TURKISH STANDARDS INSTITUTION TABLE OF CONTENTS Common Criteria Protection Profile...

More information

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik Common Criteria Protection Profile Cryptographic Modules, Security Level Enhanced BSI-CC-PP-0045 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Enhanced - is issued

More information

Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP-0081-2012 Version 1.0

Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP-0081-2012 Version 1.0 Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP-0081-2012 Version 1.0 German Federal Office for Information Security PO Box 20 03 63 D-53133 Bonn Tel.:

More information

Certification Report

Certification Report Certification Report McAfee Network Security Platform v7.1 (M-series sensors) Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification

More information

U.S. Government Protection Profile for Database Management Systems

U.S. Government Protection Profile for Database Management Systems U.S. Government Protection Profile for Database Management Systems Information Assurance Directorate Version 1.3 December 24, 2010 Protection Profile Title: 1 U.S. Government Protection Profile for Database

More information

Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller. July 24, 2015 Version 1

Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller. July 24, 2015 Version 1 Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller July 24, 2015 Version 1 1 Table of Contents 1 Introduction... 4 1.1 Conformance Claims...4 1.2 How to

More information

U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments

U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments Information Assurance Directorate Version 1.1 July 25, 2007 Forward This Protection Profile US Government

More information

Secure File Transfer Appliance Security Policy Document Version 1.9. Accellion, Inc.

Secure File Transfer Appliance Security Policy Document Version 1.9. Accellion, Inc. Secure File Transfer Appliance Security Policy Document Version 1.9 Accellion, Inc. November 11, 2010 Copyright Accellion, Inc. 2010. May be reproduced only in its original entirety [without revision].

More information

Security Requirements for Mobile Operating Systems

Security Requirements for Mobile Operating Systems Security Requirements for Mobile Operating Systems Information Assurance Directorate 25 January 2013 Version 1.0 Table of Contents 1 INTRODUCTION... 1 1.1 First Generation Protection Profiles... 1 1.2

More information

Security Target. Symantec TM Network Access Control Version 12.1.2. Document Version 0.12. February 14, 2013

Security Target. Symantec TM Network Access Control Version 12.1.2. Document Version 0.12. February 14, 2013 Security Target Symantec TM Network Access Control Version 12.1.2 Document Version 0.12 February 14, 2013 Document Version 0.12 Symantec Page 1 of 39 Prepared For: Prepared By: Symantec Corporation 350

More information

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

FIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0 FIPS 40-2 Non- Proprietary Security Policy McAfee SIEM Cryptographic Module, Version.0 Document Version.4 December 2, 203 Document Version.4 McAfee Page of 6 Prepared For: Prepared By: McAfee, Inc. 282

More information

Australasian Information Security Evaluation Program

Australasian Information Security Evaluation Program Australasian Information Security Evaluation Program Juniper Networks, Inc. JUNOS 12.1 X46 D20.6 for SRX-Series Platforms Certification Report 2015/90 3 July 2015 Version 1.0 Commonwealth of Australia

More information

Joint Interpretation Library

Joint Interpretation Library for smart cards and similar devices Document purpose: provide requirements to developers and guidance to evaluators to fulfill the Security Architecture requirements of CC V3 ADV_ARC family. Version 2.0

More information

Security Target. McAfee Enterprise Mobility Management 9.7. Document Version 0.9. July 5, 2012

Security Target. McAfee Enterprise Mobility Management 9.7. Document Version 0.9. July 5, 2012 Security Target McAfee Enterprise Mobility Management 9.7 Document Version 0.9 July 5, 2012 Document Version 0.9 McAfee Page 1 of 39 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa

More information

FIPS 140-2 Security Policy LogRhythm 6.0.4 or 6.3.4 Windows System Monitor Agent

FIPS 140-2 Security Policy LogRhythm 6.0.4 or 6.3.4 Windows System Monitor Agent FIPS 140-2 Security Policy LogRhythm 6.0.4 or 6.3.4 Windows System Monitor Agent LogRhythm, Inc. 4780 Pearl East Circle Boulder, CO 80301 May 1, 2015 Document Version 2.0 Module Versions 6.0.4 or 6.3.4

More information

Firewall Protection Profile

Firewall Protection Profile samhällsskydd och beredskap 1 (38) ROS-ISÄK Ronny Janse 010-2404426 ronny.janse@msb.se Firewall Protection Profile samhällsskydd och beredskap 2 (38) Innehållsförteckning 1. Introduction... 4 1.1 PP reference...

More information

EMC Corporation Data Domain Operating System Version 5.2.1.0. Security Target. Evaluation Assurance Level (EAL): EAL2+ Document Version: 0.

EMC Corporation Data Domain Operating System Version 5.2.1.0. Security Target. Evaluation Assurance Level (EAL): EAL2+ Document Version: 0. EMC Corporation Data Domain Operating System Version 5.2.1.0 Security Target Evaluation Assurance Level (EAL): EAL2+ Document Version: 0.11 Prepared for: Prepared by: EMC Corporation 176 South Street Hopkinton,

More information

Nortel Networks, Inc. VPN Client Software (Software Version: 7_11.101) FIPS 140-2 Non-Proprietary Security Policy

Nortel Networks, Inc. VPN Client Software (Software Version: 7_11.101) FIPS 140-2 Non-Proprietary Security Policy Nortel Networks, Inc. VPN Client Software (Software Version: 7_11.101) FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Document Version 0.5 Prepared for: Prepared by: Nortel Networks, Inc.

More information

GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0.

GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0. GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0.1 Security Target Version 2.01 Common Criteria EAL4 augmented

More information

Microsoft Windows Common Criteria Evaluation

Microsoft Windows Common Criteria Evaluation Microsoft Windows Common Criteria Evaluation Microsoft Windows 8 Microsoft Windows Server 2012 Full Disk Encryption Security Target Document Information Version Number 1.0 Updated On April 3, 2014 Microsoft

More information

Xceedium GateKeeper Version 5.2.1 Security Target

Xceedium GateKeeper Version 5.2.1 Security Target ceedium GateKeeper Version 521 Security Target February 3, 2011 Prepared for: ceedium, Inc 30 Montgomery Street Jersey City, NJ 07302 Prepared By: Science Applications International Corporation Common

More information

Security Target. Security Target SQL Server 2008 Team. Author: Roger French Version: 1.04 Date: 2011-09-26

Security Target. Security Target SQL Server 2008 Team. Author: Roger French Version: 1.04 Date: 2011-09-26 SQL Server 2008 Team Author: Roger French Version: 1.04 Date: 2011-09-26 Abstract This document is the (ST) for the Common Criteria certification of the database engine of Microsoft SQL Server 2008 R2.

More information

Protection Profile for Email Clients

Protection Profile for Email Clients Protection Profile for Email Clients 1 April 2014 Version 1.0 Page 1 of 69 1 Introduction... 4 1.1 Overview of the TOE... 4 1.2 Usage of the TOE... 4 2 SECURITY PROBLEM DESCRIPTION... 6 2.1 Threats...

More information

Security Target. McAfee Enterprise Mobility Management 12.0. Document Version 1.16

Security Target. McAfee Enterprise Mobility Management 12.0. Document Version 1.16 Security Target McAfee Enterprise Mobility Management 12.0 Document Version 1.16 September 17, 2014 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 Primasec Ltd

More information

Application Software Protection Profile (ASPP) Extended Package: File Encryption: Mitigating the Risk of Disclosure of Sensitive Data on a System

Application Software Protection Profile (ASPP) Extended Package: File Encryption: Mitigating the Risk of Disclosure of Sensitive Data on a System Application Software Protection Profile (ASPP) Extended Package: File Encryption: Mitigating the Risk of Disclosure of Sensitive Data on a System 10 November 2014 Version 1.0 1 1 Introduction Table of

More information

DataPower XS40 XML Security Gateway and DataPower XI50 Integration Appliance Version 3.6. Security Target Version 0.75

DataPower XS40 XML Security Gateway and DataPower XI50 Integration Appliance Version 3.6. Security Target Version 0.75 DataPower S40 ML Security Gateway and DataPower I50 Integration Appliance Version 3.6 Security Target Version 0.75 10/09/2008 Prepared for: IBM SOA Appliance Group One Rogers St Cambridge, MA 02142 Prepared

More information

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report TM HP Network Node Management Advanced Edition Software V7.51 with patch PHSS_35278 Report

More information

AppGate Security Server, Version 8.0.4. Security Target. Document Version: 2.9 Date: 2008-04-10

AppGate Security Server, Version 8.0.4. Security Target. Document Version: 2.9 Date: 2008-04-10 AppGate Security Server, Version 8.0.4 Security Target Document Version: 2.9 Date: 2008-04-10 Contents 1 INTRODUCTION...6 1.1 ST Identification...6 1.2 ST Overview...6 1.3 CC Conformance Claim...6 1.4

More information

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT Version 1.3 Crown Copyright 2015 All Rights Reserved 49358431 Page 1 of 12 About this document This document describes the features, testing and deployment

More information

FIPS 140 2 Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

FIPS 140 2 Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive FIPS 140 2 Non Proprietary Security Policy Kingston Technology Company, Inc. DataTraveler DT4000 G2 Series USB Flash Drive Document Version 1.8 December 3, 2014 Document Version 1.8 Kingston Technology

More information

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2 Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version: 1.0.0.2 FIPS 140 2 Non Proprietary Security Policy FIPS Security Level: 1 Document Version: 1.1 Prepared for: Prepared

More information

McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 Security Target

McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 Security Target v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 10 January 2012 Version 1.1 Prepared By: Primasec Ltd For McAfee Inc 2340 Energy Park Drive St. Paul, MN 55108 USA Contents 1 Introduction...

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

More information

Certification Report

Certification Report Certification Report HP Network Automation Ultimate Edition 10.10 Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government

More information

Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team

Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team Author: Microsoft Corp. Version: 1.0 Last Saved: 2011-03-10 File Name: MS_UAG_ST_1.0.docx

More information

Certification Report

Certification Report Certification Report EAL 4 Evaluation of SecureDoc Disk Encryption Version 4.3C Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification

More information

Security Policy. Trapeze Networks

Security Policy. Trapeze Networks MP-422F Mobility Point Security Policy Trapeze Networks August 14, 2009 Copyright Trapeze Networks 2007. May be reproduced only in its original entirety [without revision]. TABLE OF CONTENTS 1. MODULE

More information

JMCS Northern Light Video Conferencing System Security Target

JMCS Northern Light Video Conferencing System Security Target JMCS Northern Light Video Conferencing System Security Target Common Criteria: EAL2 Version 1.2 22 FEB 12 Document management Document identification Document ID Document title Product version NLVC_ST_EAL2

More information

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report National Information Assurance Partnership TM Common Criteria Evaluation and Validation Scheme Validation Report Cisco Intrusion Detection System Sensor Appliance IDS-4200 series Version 4.1(3) Report

More information

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy

VASCO Data Security International, Inc. DIGIPASS GO-7. FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy VASCO Data Security International, Inc. DIGIPASS GO-7 FIPS 140-2 Non-Proprietary Cryptographic Module Security Policy Security Level: 2 Version: 1.7 Date: August 12, 2015 Copyright VASCO Data Security

More information

Certification Report

Certification Report Certification Report EAL 4+ Evaluation of WatchGuard and Fireware XTM Operating System v11.5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Security Policy. Trapeze Networks

Security Policy. Trapeze Networks MX-200R-GS/MX-216R-GS Mobility Exchange WLAN Controllers Security Policy Trapeze Networks August 14, 2009 Copyright Trapeze Networks 2007. May be reproduced only in its original entirety [without revision].

More information

FIPS 140-2 Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0)

FIPS 140-2 Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0) FIPS 140-2 Non-Proprietary Security Policy IBM Internet Security Systems SiteProtector Document Version 2.3 August 5, 2010 Document Version 2.3 IBM Internet Security Systems Page 1 of 24 Prepared For:

More information

Cisco Catalyst Switches (3560-X and 3750-X) Security Target

Cisco Catalyst Switches (3560-X and 3750-X) Security Target Cisco Catalyst Switches (3560- and 3750-) Security Target Revision 1.0 6 June 2012 1 Table of Contents 1 SECURITY TARGET INTRODUCTION... 6 1.1 ST and TOE Reference... 6 1.2 Acronyms and Abbreviations...

More information

EMC Documentum. EMC Documentum Content Server TM V5.3. and EMC Documentum Administrator TM V5.3. Security Target V2.0

EMC Documentum. EMC Documentum Content Server TM V5.3. and EMC Documentum Administrator TM V5.3. Security Target V2.0 EMC Documentum EMC Documentum Content Server TM V5.3 and EMC Documentum Administrator TM V5.3 Security Target V2.0 December 8, 2005 ST prepared by Suite 5200, 4925 Jones Branch Drive McLean, VA 22102-3305

More information

Check Point Endpoint Security Full Disk Encryption Security Target

Check Point Endpoint Security Full Disk Encryption Security Target Check Point Endpoint Security Full Disk Encryption Security Target ST Version 2.4 June 22, 2009 Prepared for: 5 Ha Solelim St. Tel Aviv, Israel 67897 Prepared by: Metatron Ltd. 66 Yosef St., Modiin, Israel

More information

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2 BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

More information

Cisco Unified Wireless Network and Wireless Intrusion Detection System: Security Target

Cisco Unified Wireless Network and Wireless Intrusion Detection System: Security Target Cisco Unified Wireless Network and Wireless Intrusion Detection System: Security Target This document provides the basis for an evaluation of a specific Target of Evaluation (TOE), the Cisco Aironet 1130,

More information

Senforce Endpoint Security Suite Version 3.1.175 Security Target

Senforce Endpoint Security Suite Version 3.1.175 Security Target Senforce Endpoint Security Suite Version 3.1.175 Security Target Version 1.0 06/19/07 Prepared for: Senforce Technologies, Inc. 147 W Election Rd Ste 110 Draper UT 84020 Prepared By: Science Applications

More information

Certification Report

Certification Report Certification Report EAL 2+ Evaluation of Symantec Endpoint Protection Version 12.1.2 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and

More information

Certification Report

Certification Report Certification Report EAL 4+ Evaluation of ncipher nshield Family of Hardware Security Modules Firmware Version 2.33.60 Issued by: Communications Security Establishment Canada Certification Body Canadian

More information