U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments

Size: px
Start display at page:

Download "U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments"

Transcription

1 U.S. Government Protection Profile for Application-level Firewall In Basic Robustness Environments Information Assurance Directorate Version 1.1 July 25, 2007

2 Forward This Protection Profile US Government Protection Profile for Application-level Firewall in Basic Robustness Environments (PP) was updated using Version 3.1 of the Common Criteria (CC). Editor s note: The purpose of this update was to bring the PP up to the new CC 3.1 standard without changing the authors original meaning or purpose of the documented requirements. The original PP was developed using version 2.x of the CC. The CC version 2.3 was the final version 2 update that included all international interpretations. CC version 3.1 used the final CC version 2.3 Security Functional Requirements (SFR)s as the new set of SFRs for version 3.1. Some minor changes were made to the SFRs in version 3.1, including moving a few SFRs to Security Assurance Requirements (SAR)s. There may be other minor differences between some SFRs in the version 2.3 PP and the new version 3.1 SFRs. These minor differences were not modified to ensure the author s original intent was preserved. The version 3.1 SARs were rewritten by the common criteria international community. The NIAP/CCEVS staff developed an assurance equivalence mapping between the version 2.3 and 3.1 SARs. The assurance equivalent version 3.1 SARs replaced the version 2.3 SARs in the PP. Any issue that may arise when claiming compliance with this PP can be resolved using the observation report (OR) and observation decision (OD) process. Further information, including the status and updates of this protection profile can be found on the CCEVS website: Comments on this document should be directed to The should include the title of the document, the page, the section number, the paragraph number, and the detailed comment and recommendation. Protection Profile Title: U.S. Department of Defense Application-Level Firewall Protection Profile for Basic Robustness Environments. Criteria Version: This Protection Profile (PP) was originally developed using Version 2.1 of the Common Criteria (CC). Constraints: Targets of Evaluation (TOEs) developed to satisfy this Protection Profile shall conform to CC Part 2 and CC Part 3. 2

3 Table of contents Forward... 2 Conventions and Terminology... 4 Document Organization APPLICATION LEVEL FIREWALL PROTECTION PROFILE (PP) INTRODUCTION PP IDENTIFICATION PP OVERVIEW TARGET OF EVALUATION (TOE) DESCRIPTION TOE SECURITY ENVIRONMENT ASSUMPTIONS THREATS Threats Addressed by the TOE Threat to be Addressed by Operating Environment ORGANIZATIONAL SECURITY POLICIES SECURITY OBJECTIVES INFORMATION TECHNOLOGY (IT) SECURITY OBJECTIVES SECURITY OBJECTIVES FOR THE ENVIRONMENT IT SECURITY REQUIREMENTS TOE SECURITY REQUIREMENTS TOE Security Requirements TOE Security Assurance Requirements RATIONALE RATIONALE FOR IT SECURITY OBJECTIVES RATIONALE FOR SECURITY OBJECTIVES FOR THE ENVIRONMENT RATIONALE FOR SECURITY REQUIREMENTS RATIONALE FOR ASSURANCE REQUIREMENTS RATIONALE FOR NOT SATISFYING ALL DEPENDENCIES Appendices A.1 References A.2 Acronyms A.3 Robustness Environment Characterization

4 Conventions and Terminology CONVENTIONS The notation, formatting, and conventions used in this Protection Profile are largely consistent with those used in version 2 of the Common Criteria (CC). Selected presentation choices are discussed here to aid the Protection Profile user. The CC allows several operations to be performed on functional requirements; refinement, selection, assignment, and iteration are defined in paragraph of Part 2 of the CC. Each of these operations is used in this Protection Profile. The refinement operation is used to add detail to a requirement, and thus further restricts a requirement. Refinement of security requirements is denoted by bold text. For an example, see FMT_SMR.1 in this Protection Profile. The selection operation is used to select one or more options provided by the CC in stating a requirement. Selections are denoted by underlined italicized text. For an example, see FDP_RIP.1 in this Protection Profile The assignment operation is used to assign a specific value to an unspecified parameter, such as the length of a password. Assignment is indicated by showing the value in square brackets, [ assignment_value ]. For an example, see FIA_AFL.1 in this Protection Profile. The iteration operation is used when a component is repeated with varying operations. Iteration is denoted by showing the iteration number in parenthesis following the component identifier, (iteration_number). For example, see FDP_IFC in this Protection Profile. The security target writer operation is used to denote points in which the final determination of attributes is left to the security target writer. Security target writer operations are indicated by the words {determined by the security target writers} in braces. For example, see FIA_ATD.1 in this Protection Profile. As a vehicle for providing a further understanding of and context for functional requirements, "Requirements Overview" sections have been selectively added to this Protection Profile. When they appear in the text, these overviews precede either a component or set of components. They provide a discussion of the relationship between security requirements so that the Protection Profile user can see why a component or group of components was chosen and what effect it is expected to have as a group of related functions. As an example, see the Requirements Overview, which precedes the ADV_RCR.1 assurance component. Application Notes are provided to help the developer, either to clarify the intent of a requirement, identify implementation choices, or to define "pass-fail" criteria for a requirement. For those components where Application Notes are appropriate, the Application Notes will 4

5 follow the requirement component. For an example, see the Application Note which follows FMT_MSA.3 in this Protection Profile. TERMINOLOGY In the Common Criteria, many terms are defined in Section 2.3 of Part 1. The following are a subset of those definitions. They are listed here to aid the user of the Protection Profile. User -- Any entity (human user or external IT entity) outside the TOE that interacts with the TOE. Human user -- Any person who interacts with the TOE. External IT entity -- Any IT product or system, untrusted or trusted, outside of the TOE that interacts with the TOE. Role -- A predefined set of rules establishing the allowed interactions between a user and the TOE. Identity -- A representation (e.g. a string) uniquely identifying an authorized user, which can either be the full or abbreviated name of that user or a pseudonym. Authentication data -- Information used to verify the claimed identity of a user. From the above definitions given by the CC, the following terms can be derived: Authorized external IT entity Any IT product or system, outside the scope of the TOE that may administer the security parameters of the TOE. Such entities are not subject to any access control requirements once authenticated to the TOE and are therefore trusted to not compromise the security policy enforced by the TOE. Authorized Administrator A role which human users may be associated with to administer the security parameters of the TOE. Such users are not subject to any access control requirements once authenticated to the TOE and are therefore trusted to not compromise the security policy enforced by the TOE. Document Organization Section 1 is the introductory material for the Protection Profile. Section 2 provides a general definition for application-filter firewalls. Section 3 is a discussion of the expected environment for the firewall, in particular the assumptions that must be true about aspects such as physical, personnel, and connectivity conditions. This section then defines the set of threats that are to be addressed by either the 5

6 technical countermeasures implemented in the firewall's hardware and software, or through the environmental controls. Section 4 defines the security objectives for both the firewall and the environment in which the firewall resides. Section 5 contains the functional and assurance requirements derived from the Common Criteria, Part 2 and Part 3, respectively, that must be satisfied by the firewall. Section 6 provides a rationale to explicitly demonstrate that the IT security objectives satisfy the threats. The section then explains how the set of requirements are complete relative to the objectives; that each security objective is addressed by one or more relevant component requirements. Appendices: References are provided as background material for further investigation by users of the Protection Profile. Acronyms are provided to facilitate comprehension of frequently used terms. Robustness Environment Characterization, contains a discussion characterizing the level of robustness TOEs compliant with the PP can achieve. The PPRB created a discussion that provides a definition of factors for TOE environments as well as an explanation of how a given level of robustness is categorized. 6

7 1 APPLICATION LEVEL FIREWALL PROTECTION PROFILE (PP) INTRODUCTION 1.1 PP IDENTIFICATION Title: U. S. Department of Defense Application-Level Firewall Protection Profile for Basic Robustness Environments Sponsor: National Security Agency (NSA) CC Version: CC Version 2.1 PP Version: Version 1.1, dated July 25, 2007 Keywords: information flow control, firewall, network security, proxy server, application gateway, protection profile 1.2 PP OVERVIEW This Application Level Firewall Protection Profile defines the minimum-security requirements for firewalls used by U. S. Government organizations handling unclassified information in a Basic Robustness environment (see appendix A3). Firewalls may consist of one or more devices that act as part of an organization's overall security defense by isolating an organization's internal network from the Internet or other external networks. The Protection Profile defines the assumptions about the security aspects of the environment in which the firewall is used. It also defines the threats that are addressed by the firewall, defines implementation-independent security objectives of the firewall and its environment, defines the functional and assurance requirements to meet those objectives, and provides a rationale demonstrating how the requirements meet the security objectives. STs that claim conformance to this PP shall meet a minimum standard of demonstrable-pp conformance as defined in section D3 of part 1. RELATED PROTECTION PROFILES U.S. Government Traffic-Filter Firewall Protection Profile for Basic Robustness Environments. 7

8 2 TARGET OF EVALUATION (TOE) DESCRIPTION The purpose of a firewall is to provide controlled and audited access to services, both from inside and outside an organization's network, by allowing, denying, and/or redirecting the flow of data through the firewall. Although there are a number of firewall architectures and technologies, firewalls fall into two major categories: traffic-filter and application-level firewalls. This Protection Profile specifies the minimum-security requirements for TOEs composed of an application-level firewall. The TOE mediates information flows between clients and servers located on internal and external networks governed by the TOE. TOEs must employ proxies to screen information flows. Proxy servers on the TOE, for services such as FTP and Telnet, require authentication at the TOE by client users before requests for such services can be authorized. Thus, only valid requests are relayed by the proxy server to the actual server on either an internal or external network. TOEs meeting this Protection Profile additionally impose traffic-filtering controls on information flows mediated by the TOE. Information flows between clients and servers according to the site's security policy rules. By default, these security policy rules deny all inbound and outbound information flows. Only an authorized administrator has the authority to change the security policy rules. Users of the TOE consist of human users and host-like entities, called external IT entities. Human users may or may not be associated with the single role on the TOE for authorized administrators. If the information flow security policy rules permit human users (who are not authorized administrators) on an internal or external network to send and receive information to FTP or Telnet servers on an external or internal network, respectively, such users will have to be identified and authenticated (using a single-use authentication mechanism) by the TOE before information is relayed by the proxy server on the TOE to the FTP or Telnet server. Of the human users, only authorized administrators may access the TOE through remote means from an internal or external network. If an authorized administrator accesses the TOE remotely, and after successful identification and authentication (using a single-use authentication mechanism), a channel using DES encryption with securely generated and distributed key values must be used. In addition to remote access, and after successful identification and authentication, authorized administrators may access the TOE through local means without encryption, such as through a console (that may be included as part of the TOE). Though not recommended, the human users who are not authorized administrators may identify and authenticate from a local console to use non-security functions on the TOE. The only security functions available to human users who are not authorized administrators are the controlled usage of the identification and authentication functions. External IT entities sending information through the TOE do not have to be identified and authenticated, unless those functions are supported by the underlying service (e.g., FTP). However, external IT entities attempting to send information to the TOE must always be 8

9 identified and authenticated. Those external IT entities that are successfully identified and authenticated (using a single-use authentication mechanism) are authorized external IT entities. This subset of the external IT entities are permitted to perform a limited number of security functions. They are "authorized" to violate the TSP in a well understood and permitted manner. A router sending routing table updates to the TOE, serves as an example of an authorized external IT entity. This router would identify itself to the TOE and then use a single-use authentication mechanism to authenticate. The TOE would then accept routing table updates from the authorized external IT entity. There are no requirements mandating authorized external IT entities. Audit trail data is stamped with a dependable date and time when recorded. Audit events include modifications to the group of users associated with the authorized administrator role, all use of the identification and authentication mechanisms (including any attempted reuse of authentication data), all information flow control decisions made by the TOE according to the security policy rules, and the use of all security functions. If the audit trail becomes filled, then the only auditable events that may be performed are those performed by the authorized administrator. The TOE includes tools to perform searching and sorting on the collected audit trail data according to attributes of the data recorded and ranges of some of those attributes. 9

10 3 TOE SECURITY ENVIRONMENT Protection Profile-compliant TOEs are intended to be used either in environments in which, at most, sensitive but unclassified information is processed, or the sensitivity level of information in both the internal and external networks is equivalent. For all Federal agencies, including Department of Defense agencies, for the use of cryptographic modules in the protection of sensitive but unclassified information, compliance with FIPS PUB is required. FIPS PUB defines security requirements for cryptographic modules. A cryptographic module is that part of a system or application that provides cryptographic services such as encryption, authentication, or electronic signature generation and verification. Products and systems compliant with this Protection Profile are expected to utilize cryptographic modules for remote administration compliant with this FIPS PUB. 3.1 ASSUMPTIONS The following conditions are assumed to exist in the operational environment. A.PHYSEC The TOE is physically secure. A.LOWEXP The threat of malicious attacks aimed at discovering exploitable vulnerabilities is considered low. A.GENPUR There are no general-purpose computing capabilities (e.g., the ability to execute arbitrary code or applications) and storage repository capabilities on the TOE. A.PUBLIC The TOE does not host public data. A.NOEVIL Authorized administrators are non-hostile and follow all administrator guidance; however, they are capable of error. A.SINGEN Information can not flow among the internal and external networks unless it passes through the TOE. A.DIRECT Human users within the physically secure boundary protecting the TOE may attempt to access the TOE from some direct connection (e.g., a console port) if the connection is part of the TOE. A.NOREMO Human users who are not authorized administrators cannot access the TOE remotely from the internal or external networks. 10

11 A.REMACC Authorized administrators may access the TOE remotely from the internal and external networks. 3.2 THREATS The following threats are addressed either by the TOE or the environment Threats Addressed by the TOE The threats discussed below are addressed by Protection Profile-compliant TOEs. The threat agents are either unauthorized persons or external IT entities not authorized to use the TOE itself. T.NOAUTH An unauthorized person may attempt to bypass the security of the TOE so as to access and use security functions and/or non-security functions provided by the TOE. T.REPEAT An unauthorized person may repeatedly try to guess authentication data in order to use this information to launch attacks on the TOE. T.REPLAY An unauthorized person may use valid identification and authentication data obtained to access functions provided by the TOE. T.ASPOOF An unauthorized person on an external network may attempt to by-pass the information flow control policy by disguising authentication data (e.g., spoofing the source address) and masquerading as a legitimate user or entity on an internal network. T.MEDIAT An unauthorized person may send impermissible information through the TOE, which results in the exploitation of resources on the internal network. T.OLDINF Because of a flaw in the TOE functioning, an unauthorized person may gather residual information from a previous information flow or internal TOE data by monitoring the padding of the information flows from the TOE. T.PROCOM An unauthorized person or unauthorized external IT entity may be able to view, modify, and/or delete security related information that is sent between a remotely located authorized administrator and the TOE. T.AUDACC Persons may not be accountable for the actions that they conduct because the audit records are not reviewed, thus allowing an attacker to escape detection. T.SELPRO An unauthorized person may read, modify, or destroy security critical TOE configuration data. 11

12 T.AUDFUL An unauthorized person may cause audit records to be lost or prevent future records from being recorded by taking actions to exhaust audit storage capacity, thus masking an attackers actions. T. LOWEXP The threat of malicious attacks aimed at discovering exploitable vulnerabilities is considered low Threat to be Addressed by Operating Environment The threat possibility discussed below must be countered by procedural measures and/or administrative methods. T.TUSAGE The TOE may be inadvertently configured, used, and administered in an insecure manner by either authorized or unauthorized persons. 3.3 ORGANIZATIONAL SECURITY POLICIES Federal agencies are required to protect sensitive but unclassified information with cryptography. Products and systems compliant with this Protection Profile are expected to utilize cryptographic modules for remote administration compliant with FIPS PUB (level 1). P.CRYPTO AES (Advanced Encryption Standard as specified in FIPS 197) encryption (as specified in SP ) must be used to protect remote administration functions, and the associated cryptographic module must comply, at a minimum, with FIPS (level 1). 12

13 4 SECURITY OBJECTIVES 4.1 INFORMATION TECHNOLOGY (IT) SECURITY OBJECTIVES The following are the IT security objectives for the TOE: O.IDAUTH The TOE must uniquely identify and authenticate the claimed identity of all users, before granting a user access to TOE functions or, for certain specified services, to a connected network. O.SINUSE The TOE must prevent the reuse of authentication data for users attempting to authenticate to the TOE from a connected network. O.MEDIAT The TOE must mediate the flow of all information between clients and servers located on internal and external networks governed by the TOE, and must ensure that residual information from a previous information flow is not transmitted in any way. O.SECSTA Upon initial start-up of the TOE or recovery from an interruption in TOE service, the TOE must not compromise its resources or those of any connected network. O.ENCRYP The TOE must protect the confidentiality of its dialogue with an authorized administrator through encryption, if the TOE allows administration to occur remotely from a connected network. O.SELPRO The TOE must protect itself against attempts by unauthorized users to bypass, deactivate, or tamper with TOE security functions. O.AUDREC The TOE must provide a means to record a readable audit trail of security-related events, with accurate dates and times, and a means to search and sort the audit trail based on relevant attributes. O.ACCOUN The TOE must provide user accountability for information flows through the TOE and for authorized administrator use of security functions related to audit. O.SECFUN The TOE must provide functionality that enables an authorized administrator to use the TOE security functions, and must ensure that only authorized administrators are able to access such functionality. O.LIMEXT The TOE must provide the means for an authorized administrator to control and limit access to TOE security functions by an authorized external IT entity. 13

14 O.EAL The TOE must be structurally tested and shown to be resistant to obvious vulnerabilities. For a detailed mapping between threats and the IT security objectives listed above, see section 6.1 of the Rationale. 4.2 SECURITY OBJECTIVES FOR THE ENVIRONMENT All of the assumptions stated in section 3.1 are considered to be security objectives for the environment. The following are the Protection Profile non-it security objectives, which, in addition to those assumptions, are to be satisfied without imposing technical requirements on the TOE. That is, they will not require the implementation of functions in the TOE hardware and/or software. Thus, they will be satisfied largely through application of procedural or administrative measures. O.PHYSEC The TOE is physically secure. O.LOWEXP The threat of malicious attacks aimed at discovering exploitable vulnerabilities is considered low. O.GENPUR There are no general-purpose computing capabilities (e.g., the ability to execute arbitrary code or applications) and storage repository capabilities on the TOE. O.PUBLIC The TOE does not host public data. O.NOEVIL Authorized administrators are non-hostile and follow all administrator guidance; however, they are capable of error. O.SINGEN Information cannot flow among the internal and external networks unless it passes through the TOE. O.DIRECT Human users within the physically secure boundary protecting the TOE may attempt to access the TOE from some direct connection (e.g., a console port) if the connection is part of the TOE. O.NOREMO Human users who are not authorized administrators can not access the TOE remotely from the internal or external networks. O.REMACC Authorized administrators may access the TOE remotely from the internal and external networks. O.GUIDAN The TOE must be delivered, installed, administered, and operated in a manner that maintains security. O.ADMTRA Authorized administrators are trained as to establishment and maintenance of security policies and practices. 14

15 For a detailed mapping between threats, assumptions, and the non-it security objectives listed above see section 6 of the Rationale. 15

16 5 IT SECURITY REQUIREMENTS 5.1 TOE SECURITY REQUIREMENTS 23 This section provides functional and assurance requirements that must be satisfied by a Protection Profile-compliant TOE. These requirements consist of functional components from Part 2 of the CC and an Evaluation Assurance Level (EAL) containing assurance components from Part 3 of the CC TOE Security Requirements The functional security requirements for this Protection Profile consist of the following components from Part 2 of the CC, summarized in the following table. Functional Components FMT_SMR.1 Security roles FIA_ATD.1 User attribute definition FIA_UID.2 User identification before any action FIA_AFL.1 Authentication failure handling FIA_UAU.5 Multiple authentication mechanisms FDP_IFC.1 Subset information flow control (1) FDP_IFC.1 Subset information flow control (2) FDP_IFF.1 Simple security attributes (1) FDP_IFF.1 Simple security attributes (2) FMT_MSA.1 Management of security attributes (1) FMT_MSA.1 Management of security attributes (2) FMT_MSA.1 Management of security attributes (3) FMT_MSA.1 Management of security attributes (4) FMT_MSA.3 Static attribute initialization FMT_MTD.1 Management of TSF data (1) FMT_MTD.1 Management of TSF data (2) FMT_MTD.2 Management of limits on TSF data FDP_RIP.1 Subset residual information protection 16

17 Functional Components FCS_COP.1 Cryptographic operation FPT_STM.1 Reliable time stamps FAU_GEN.1 Audit data generation FAU_SAR.1 Audit review FAU_SAR.3 Selectable audit review FAU_STG.1 Protected audit trail storage FAU_STG.4 Prevention of audit data loss FMT_MOF.1 Management of security functions behavior (1) FMT_MOF.1 Management of security functions behavior (2) Table Functional Requirements The following paragraphs are intended to clarify why the functional components in this Protection Profile are presented in the order outlined in Table 5.1. FMT_SMR.1 is the first component because it defines the authorized administrator role, which appears in a number of the components that follow. The class FIA components are listed after FMT_SMR.1. They describe the identification and authentication policy that all users, both human users and external IT entities, must abide by before being able to use other TOE functions. The order of the class FIA components was chosen on the following basis. Since users are already defined in the Terminology section on page vi, the Protection Profile reader is introduced in component FIA_ATD.1 to their security attributes. The next component, FIA_UID.2, forces users to identify themselves to the TOE using the user security attributes of component FIA_ATD.1 before further actions take place. Then, component FIA_AFL.1 describes what results if the user fails to authenticate after some settable number of attempts. Lastly, component FIA_UAU.5 discusses when authentication mechanisms must be used. There are two information flow control SFPs, and they are defined after the class FIA components in FDP_IFC.1. Then the policy rules which must be enforced as well as the attributes of the entities defined in FDP_IFC.1 are written in FDP_IFF.1. Next, the management of the attributes in FDP_IFF.1 are specified in FMT_MSA.1(1), FMT_MSA.1(2), FMT_MSA.1(3) and FMT_MSA.1(4). Component FMT_MSA.3, which FDP_IFF.1 depends on, follows. As part of the installation and start-up of the TOE, FMT_MSA.3 mandates a default deny policy which permits no information to flow through the TOE. FMT_MTD.1(1), FMT_MTD.1(2), and FMT_MTD.2 define the management of TSF data. FDP_RIP.1 is listed 17

18 next, ensuring that resources are cleared before being allocated to hold packets of information at the TOE. Component FCS_COP.1 is a conditional requirement. If the developer allows administration from a remote location outside the physically protected TOE, then evaluation against this Protection Profile shall require the TOE to meet this component. FCS_COP.1 defines a cryptographic algorithm as well as the key size that must be used. The cryptographic module must be FIPS PUB compliant for the reasons stated in Section 3. Since FAU_GEN.1 requires recording the time and date when audit events occur, it follows the FPT_STM.1 component that alerts developers that an accurate time and date must be maintained on the TOE. The class FAU requirements follow to define the audit security functions which must be supported by the TOE. FAU_GEN.1 is the first audit component listed because it depicts all the events that must be audited, including all the information which must be recorded in audit records. The remainder of the class FAU components ensure that the audit records can be read (component FAU_SAR.1), searched and sorted (component FAU_SAR.3), and protected from modification (FAU_STG.1). Lastly, FAU_STG.4 ensures that the TOE is capable of preventing auditable actions, not taken by an authorized administrator, from occurring in the event that the audit trail becomes full. The last component in the profile is FMT_MOF.1. It appears last because it lists all the functions to be provided by the TOE for use only by the authorized administrator. Almost all of these functions are based on components which precede it. Thus it is listed last. FMT_SMR.1 Security roles FMT_SMR The TSF shall maintain the role [authorized administrator]. FMT_SMR The TSF shall be able to associate users with the authorized administrator role. FIA_ATD.1 User attribute definition FIA_ATD The TSF shall maintain the following list of security attributes belonging to individual users: a) [identity; b) association of a human user with the authorized administrator role; c) any other user security attributes {to be determined by the Security Target writer(s)}]. FIA_UID.2 User identification before any action FIA_UID The TSF shall require each user to identify itself before allowing any other TSFmediated actions on behalf of that user. FIA_AFL.1 Authentication failure handling 18

19 FIA_AFL The TSF shall detect when [a non-zero number determined by the authorized administrator] of unsuccessful authentication attempts occur related to [authorized TOE administrator access or authorized TOE IT entity access]. FIA_AFL When the defined number of unsuccessful authentication attempts has been met or surpassed, the TSF shall [prevent the offending user from successfully authenticating until an authorized administrator takes some action to make authentication possible for the user in question]. FIA_UAU.5 Multiple authentication mechanisms FIA_UAU The TSF shall provide [password and single-use authentication mechanisms] to support user authentication. FIA_UAU The TSF shall authenticate any user's claimed identity according to the [following multiple authentication mechanism rules: a) single-use authentication mechanism shall be used for authorized administrators to access the TOE remotely such that successful authentication must be achieved before allowing any other TSF-mediated actions on behalf of that authorized administrator; b) single-use authentication mechanism shall be used for authorized external IT entities accessing the TOE such that successful authentication must be achieved before allowing any other TSF-mediated actions on behalf of that authorized external IT entity; c) single-use authentication mechanism shall be used for human users sending or receiving information through the TOE using FTP or Telnet such that successful authentication must be achieved before allowing any other TSF-mediated actions on behalf of that human user; d) reusable password mechanism shall be used for authorized administrators to access the TOE via a directly connected terminal such that successful authentication must be achieved before allowing any other TSF-mediated actions on behalf of that authorized administrator]. Application Note: TOEs that do not provide capabilities for authorized administrators to access the TOE remotely from either an internal or external network (i.e., for remote administration), or for authorized external IT entities do not have to make such functionality available in order to satisfy this requirement. The intent of this requirement is not to require developers to provide all such capabilities and their associated authentication mechanisms. The requirement applies to those developers that do incorporate such functionality and intend for it to be evaluated. Requirements Overview: This Protection Profile consists of multiple information flow control Security Function Policies (SFPs). The CC allows multiple policies to exist, each having a unique name. This is accomplished by iterating FDP_IFC.1 for each of the two named information flow control policies. The first policy identified is called the UNAUTHENTICATED SFP. The subjects under control of this policy are external IT entities on an internal or external network sending information through the TOE to other external IT entities. The second policy identified is called the AUTHENTICATED SFP. 19

20 The subjects under control of this policy are human users on an internal or external network who must be authenticated to the TOE. The information flowing between subjects in both policies is traffic with attributes, defined in FDP_IFF.1.1, including source and destination addresses. The rules that define each information flow control SFP are found in FDP_IFF.1.2. Component FDP_IFF.1 is iterated twice to correspond to each of the two iterations of FDP_IFC.1. FDP_IFC.1 Subset information flow control (1) FDP_IFC The TSF shall enforce the [UNAUTHENTICATED SFP] on: a) [subjects: unauthenticated external IT entities that send and receive information through the TOE to one another; b) information: traffic sent through the TOE from one subject to another; c) operation: pass information]. FDP_IFC.1 Subset information flow control (2) FDP_IFC The TSF shall enforce the [AUTHENTICATED SFP] on: a) [subjects: a human user or external IT entity that sends and receives FTP and Telnet information through the TOE to one another, only after the human user initiating the information flow has authenticated at the TOE per FIA_UAU.5, b) information: FTP and Telnet traffic sent through the TOE from one subject to another; c) operation: initiate service and pass information]. FDP_IFF.1 Simple security attributes (1)2 FDP_IFF The TSF shall enforce the [UNAUTHENTICATED SFP] based on at least the following types of subject and information security attributes: a) [subject security attributes: presumed address; other subject security attributes {to be determined by the Security Target writer(s)}; b) information security attributes: presumed address of source subject; presumed address of destination subject; transport layer protocol; TOE interface on which traffic arrives and departs; service; other information security attributes {to be determined by the Security Target writer(s)}]. FDP_IFF The TSF shall permit an information flow between a controlled subject and another controlled subject via a controlled operation if the following rules hold: a) [Subjects on an internal network can cause information to flow through the TOE to another connected network if: 20

21 all the information security attribute values are unambiguously permitted by the information flow security policy rules, where such rules may be composed from all possible combinations of the values of the information flow security attributes, created by the authorized administrator; the presumed address of the source subject, in the information, translates to an internal network address; and the presumed address of the destination subject, in the information, translates to an address on the other connected network. b) Subjects on the external network can cause information to flow through the TOE to another connected network if: all the information security attribute values are unambiguously permitted by the information flow security policy rules, where such rules may be composed from all possible combinations of the values of the information flow security attributes, created by the authorized administrator; the presumed address of the source subject, in the information, translates to an external network address; and the presumed address of the destination subject, in the information, translates to an address on the other connected network.] FDP_IFF The TSF shall enforce the [none]. FDP_IFF The TSF shall provide the following [none]. FDP_IFF.1.5 -The TSF shall explicitly authorize an information flow based on the following rules: [none]. FDP_IFF The TSF shall explicitly deny an information flow based on the following rules: a) [The TOE shall reject requests for access or services where the information arrives on an external TOE interface, and the presumed address of the source subject is an external IT entity on an internal network; b) The TOE shall reject requests for access or services where the information arrives on an internal TOE interface, and the presumed address of the source subject is an external IT entity on the external network; c) The TOE shall reject requests for access or services where the information arrives on either an internal or external TOE interface, and the presumed address of the source subject is an external IT entity on a broadcast network; d) The TOE shall reject requests for access or services where the information arrives on either an internal or external TOE interface, and the presumed address of the source subject is an external IT entity on the loopback network; 21

22 e) The TOE shall reject requests in which the subject specifies the route in which information shall flow en route to the receiving subject; and f) For application protocols supported by the TOE (e.g., DNS, HTTP, SMTP, and POP3), the TOE shall deny any access or service requests that do not conform to its associated published protocol specification (e.g., RFC). This shall be accomplished through protocol filtering proxies that are designed for that purpose. Application Note: Rule f) applies when an application-level proxy is provided for the following protocols: DNS, HTTP, SMTP, and POP3. FDP_IFF.1 Simple security attributes (2)3 FDP_IFF The TSF shall enforce the [AUTHENTICATED SFP] based on at least the following types of subject and information security attributes: a) [subject security attributes: presumed address; other subject security attributes {to be determined by the Security Target writer(s)}; b) information security attributes: user identity; presumed address of source subject; presumed address of destination subject; transport layer protocol; TOE interface on which traffic arrives and departs; service (i.e., FTP and Telnet); security-relevant service command; and other information security attributes {to be determined by the Security Target writer(s)}]. FDP_IFF The TSF shall permit an information flow between a controlled subject and another controlled subject via a controlled operation if the following rules hold: a) [Subjects on an internal network can cause information to flow through the TOE to another connected network if: the human user initiating the information flow authenticates according to FIA_UAU.5; all the information security attribute values are unambiguously permitted by the information flow security policy rules, where such rules may be composed from all possible combinations of the values of the information flow security attributes, created by the authorized administrator; the presumed address of the source subject, in the information, translates to an internal network address; 22

23 and the presumed address of the destination subject, in the information, translates to an address on the other connected network. b) Subjects on the external network can cause information to flow through the TOE to another connected network if: the human user initiating the information flow authenticates according to FIA_UAU.5; all the information security attribute values are unambiguously permitted by the information flow security policy rules, where such rules may be composed from all possible combinations of the values of the information flow security attributes, created by the authorized administrator; the presumed address of the source subject, in the information, translates to an external network address; and the presumed address of the destination subject, in the information, translates to an address on the other connected network.] FDP_IFF The TSF shall explicitly deny an information flow based on the following rules: a) [The TOE shall reject requests for access or services where the information arrives on an external TOE interface, and the presumed address of the source subject is an external IT entity on an internal network; b) The TOE shall reject requests for access or services where the information arrives on an internal TOE interface, and the presumed address of the source subject is an external IT entity on the external network; c) The TOE shall reject requests for access or services where the information arrives on either an internal or external TOE interface, and the presumed address of the source subject is an external IT entity on a broadcast network; d) The TOE shall reject requests for access or services where the information arrives on either an internal or external TOE interface, and the presumed address of the source subject is an external IT entity on the loopback network; e) The TOE shall reject requests in which the subject specifies the route in which information shall flow en route to the receiving subject; and f) The TOE shall reject Telnet or FTP command requests that do not conform to generally accepted published protocol definitions (e.g., RFCs). This must be accomplished through protocol filtering proxies designed for that purpose. Application Note: The TOE can make no claim as to the real address of any source or destination subject, therefore the TOE can only suppose that these addresses are accurate. Therefore, a "presumed address" is used to identify source and destination addresses. A "service", listed in FDP_IFF.1.1(b), could be identified, for example, by a source port number and/or destination port number. A "service command", also mentioned in FDP_IFF.1.1(b), could be identified, 23

24 for example, in the case of the File Transfer Protocol (FTP) service as an FTP STOR or FTP RETR. FMT_MSA.1 Management of security attributes (1) FMT_MSA.1.1 (1) - The TSF shall enforce the [UNAUTHENTICATED_SFP] to restrict the ability to [delete attributes from a rule, modify attributes in a rule, add attributes to a rule] the security attributes [listed in section FDP_IFF1.1(1)] to [the authorized administrator]. FMT_MSA.1 Management of security attributes (2) FMT_MSA.1.1(2) - The TSF shall enforce the [AUTHENTICATED_SFP] to restrict the ability to [delete attributes from a rule, modify attributes in a rule, add attributes to a rule] the security attributes [listed in section FDP_IFF1.1(2)] to [the authorized administrator]. FMT_MSA.1 Management of security attributes (3) FMT_MSA.1.1(3) - The TSF shall enforce the [UNAUTHENTICATED_SFP] to restrict the ability to delete and [create] the security attributes [information flow rules described in FDP_IFF.1(1)] to [the authorized administrator]. FMT_MSA.1 Management of security attributes (4) FMT_MSA.1.1(4) - The TSF shall enforce the [AUTHENTICATED_SFP] to restrict the ability to delete and [create] the security attributes [information flow rules described in FDP_IFF.1(2)] to [the authorized administrator]. FMT_MSA.3 Static attribute initialization FMT_MSA The TSF shall enforce the [UNAUTHENTICATED_SFP and AUTHENTICATED_SFP] to provide restrictive default values for information flow security attributes that are used to enforce the SFP. FMT_MSA The TSF shall allow [the authorized administrator] to specify alternative initial values to override the default values when an object or information is created. Application Note: The default values for the information flow control security attributes appearing in FDP_IFF.1 (1) and FDP_IFF.1 (2) are intended to be restrictive in the sense that both inbound and outbound information is denied by the TOE until the default values are modified by an authorized administrator. FMT_MTD.1 Management of TSF data (1) FMT_MTD.1.1(1) - The TSF shall restrict the ability to query, modify, delete, [and assign] the [user attributes defined in FIA_ATD.1.1] to [the authorized administrator]. 24

25 FMT_MTD.1 Management of TSF data (2) FMT_MTD.1.1(2) - The TSF shall restrict the ability to [set] the [time and date used to form the timestamps in FPT_STM.1.1] to [the authorized administrator]. FMT_MTD.2 Management of limits on TSF data FMT_MTD The TSF shall restrict the specification of the limits for [the number of authentication failures] to [the authorized administrator]. FMT_MTD The TSF shall take the following actions, if the TSF data are at, or exceed, the indicated limits: [actions specified in FIA_AFL.1.2]. FDP_RIP.1 Subset residual information protection FDP_RIP The TSF shall ensure that any previous information content of a resource is made unavailable upon the allocation of the resource to [all objects]. Application Note: If, for example, the TOE pads information with bits in order to properly prepare the information before sending it out an interface, these bits would be considered a "resource". The intent of the requirement is that these bits shall not contain the remains of information that had previously passed through the TOE. The requirement is met by overwriting or clearing resources (e.g. packets) before making them available for use. FCS_COP.1 Cryptographic operation FCS_COP The TSF shall perform [encryption of remote authorized administrator sessions] in accordance with a specified cryptographic algorithm: [AES (Advanced Encryption Standard as specified in FIPS 197) encryption (as specified in SP ) and cryptographic key sizes [that are at least 128 binary digits in length] that meet the following: [FIPS PUB (Level 1)]. Application Note: This requirement is applicable only if the TOE includes the capability for the authorized administrator to perform security functions remotely from a connected network. In this case, AES encryption must protect the communications between the authorized administrator and the TOE, and the associated cryptographic module(s) must comply at a minimum with FIPS PUB Level 1. The intent of this requirement is not for the evaluator to perform a FIPS PUB evaluation; rather, the evaluator will check for a certificate, verifying that the module did complete a FIPS PUB evaluation. FPT_STM.1 Reliable time stamps FPT_STM The TSF shall be able to provide reliable time stamps for its own use. 25

26 Application Note: The word "reliable" in the above requirement means that the order of the occurrence of auditable events is preserved. Reliable time stamps, which include both date and time, are especially important for TOEs comprised of greater than one component. FAU_GEN.1 Audit data generation FAU_GEN The TSF shall be able to generate an audit record of the following auditable events: a) Start-up and shutdown of the audit functions; b) All auditable events for the not specified level of audit; and c) [the events listed in Table 5.2]. FAU_GEN The TSF shall record within each audit record at least the following information: a) Date and time of the event, type of event, subject identity, outcome (success or failure) of the event; and b) For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [information specified in column three of Table 5.2]. 26

27 Functional Component FMT_SMR.1 FIA_UID.2 FIA_UAU.5 FIA_AFL.1 Auditable Event Modifications to the group of users that are part of the authorized administrator role. All use of the user identification mechanism. Any use of the authentication mechanism. The reaching of the threshold for unsuccessful authentication attempts and the subsequent restoration by the authorized administrator of the users capability to authenticate. Additional Audit Record Content The identity of the authorized administrator performing the modification and the user identity being associated with the authorized administrator role The user identities provided to the TOE The user identities provided to the TOE The identity of the offending user and the authorized administrator FDP_IFF.1 FCS_COP.1 All decisions on requests for information flow. Success and failure, and the type of cryptographic operation The presumed addresses of the source and destination subject. The identity of the external IT entity attempting to perform the cryptographic operation FPT_STM.1 Changes to the time. The identity of the authorized administrator performing the operation FMT_MOF.1 Use of the functions listed in this requirement pertaining to audit. The identity of the authorized administrator performing the operation Table Auditable Events 27

Final. U.S. Department of Defense. Application-level Firewall. Protection Profile. for. Basic Robustness Environments. Version 1.0

Final. U.S. Department of Defense. Application-level Firewall. Protection Profile. for. Basic Robustness Environments. Version 1.0 Final U.S. Department of Defense Application-level Firewall Protection Profile for Basic Robustness Environments Version 1.0 June 22, 2000 Protection Profile Title: U.S. Department of Defense Application-Level

More information

DataPower XS40 XML Security Gateway and DataPower XI50 Integration Appliance Version 3.6. Security Target Version 0.75

DataPower XS40 XML Security Gateway and DataPower XI50 Integration Appliance Version 3.6. Security Target Version 0.75 DataPower S40 ML Security Gateway and DataPower I50 Integration Appliance Version 3.6 Security Target Version 0.75 10/09/2008 Prepared for: IBM SOA Appliance Group One Rogers St Cambridge, MA 02142 Prepared

More information

McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target

McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target McAfee Web Gateway Version 7.0.1.1 EAL 2 + ALC_FLR.2 Security Target Release Date: September 2010 Document ID: Version: Draft J Prepared By: Primasec Ltd. Prepared For: McAfee Inc. 3965 Freedom Circle

More information

McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Security Target

McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Security Target McAfee Web Gateway Version 7.2.0.1 EAL 2 + ALC_FLR.2 Release Date: 5 October 2012 Version: 1.0 Prepared By: Primasec Ltd. Prepared For: McAfee Inc. 3965 Freedom Circle Santa Clara, CA 95054 Document Introduction

More information

Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target

Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target Cisco 800, 1900, 2900, 3900 Series Integrated Service Routers (ISR) Security Target Revision 1.0 August 2011 1 Table of Contents 1 SECURITY TARGET INTRODUCTION... 6 1.1 ST and TOE Reference... 6 1.2 Acronyms

More information

McAfee Firewall Enterprise v7.0.1.02 Security Target

McAfee Firewall Enterprise v7.0.1.02 Security Target McAfee Firewall Enterprise v7.0.1.02 Security Target 8 Nov 2010 Version 1.3 Prepared By: Primasec Ltd For McAfee Inc 2340 Energy Park Drive St. Paul, MN 55108 USA McAfee Inc. Page 1 of 60 Contents 1 Introduction...

More information

McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 Security Target

McAfee Firewall Enterprise v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 Security Target v8.2.0 and McAfee Firewall Enterprise Control Center v5.2.0 10 January 2012 Version 1.1 Prepared By: Primasec Ltd For McAfee Inc 2340 Energy Park Drive St. Paul, MN 55108 USA Contents 1 Introduction...

More information

Firewall Protection Profile V2.0 2008. 4. 24

Firewall Protection Profile V2.0 2008. 4. 24 Firewall Protection Profile V2.0 2008. 4. 24 (This page left blank on purpose for double-side printing) Protection Profile Title Firewall Protection Profile for Government Evaluation Criteria Version This

More information

Firewall Protection Profile

Firewall Protection Profile samhällsskydd och beredskap 1 (38) ROS-ISÄK Ronny Janse 010-2404426 ronny.janse@msb.se Firewall Protection Profile samhällsskydd och beredskap 2 (38) Innehållsförteckning 1. Introduction... 4 1.1 PP reference...

More information

U.S. Government Protection Profile for Database Management Systems

U.S. Government Protection Profile for Database Management Systems U.S. Government Protection Profile for Database Management Systems Information Assurance Directorate Version 1.3 December 24, 2010 Protection Profile Title: 1 U.S. Government Protection Profile for Database

More information

Trust Technology Assessment Program. Validation Report

Trust Technology Assessment Program. Validation Report Trust Technology Assessment Program Validation Report U.S. Government Traffic Filter Firewall Protection Profile for Low-Risk Environments version 1.1 TTAP Report Number: TTAP-VR-0007 June, 1999 Mutual

More information

EAL4+ Security Target

EAL4+ Security Target EAL4+ Security Target Common Criteria: EAL4 augmented with ALC_FLR.3 Version 1.0 21-DEC-10 Document management Document identification Document ID Document title Release authority E14_EAL4_ASE Microsoft

More information

Network Intrusion Prevention System Protection Profile V1.1

Network Intrusion Prevention System Protection Profile V1.1 Network Intrusion Prevention System Protection Profile V1.1 December 21, 2005 (This page left blank on purpose for double-side printing) Protection Profile Title Network Intrusion Prevention System Protection

More information

ARKOON FAST Firewall v3.0 SECURITY TARGET

ARKOON FAST Firewall v3.0 SECURITY TARGET Version Date October 28, 2004 Version 2.7p Ref. AKV3-CRT-EAL2-ST ARKOON FAST Firewall v3.0 SECURITY TARGET 20 Prepared for 40 ARKOON Network Security 13A avenue Victor HUGO F-69160 Tassin La Demi-Lune

More information

Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team

Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team Microsoft Forefront UAG 2010 Common Criteria Evaluation Security Target Microsoft Forefront Unified Access Gateway Team Author: Microsoft Corp. Version: 1.0 Last Saved: 2011-03-10 File Name: MS_UAG_ST_1.0.docx

More information

Security Target. Security Target SQL Server 2008 Team. Author: Roger French Version: 1.04 Date: 2011-09-26

Security Target. Security Target SQL Server 2008 Team. Author: Roger French Version: 1.04 Date: 2011-09-26 SQL Server 2008 Team Author: Roger French Version: 1.04 Date: 2011-09-26 Abstract This document is the (ST) for the Common Criteria certification of the database engine of Microsoft SQL Server 2008 R2.

More information

Security Target. Symantec TM Network Access Control Version 12.1.2. Document Version 0.12. February 14, 2013

Security Target. Symantec TM Network Access Control Version 12.1.2. Document Version 0.12. February 14, 2013 Security Target Symantec TM Network Access Control Version 12.1.2 Document Version 0.12 February 14, 2013 Document Version 0.12 Symantec Page 1 of 39 Prepared For: Prepared By: Symantec Corporation 350

More information

Mobile Billing System Security Target

Mobile Billing System Security Target Mobile Billing System Security Target Common Criteria: EAL1 Version 1.2 25 MAY 11 Document management Document identification Document ID Document title Product version IDV_EAL1_ASE IDOTTV Mobile Billing

More information

Security Target for Cisco Firewall Services Module (FWSM)

Security Target for Cisco Firewall Services Module (FWSM) Security Target for Cisco Firewall Services Module (FWSM) April 2007 This document includes the following sections: Security Target Introduction, page 1 TOE Description, page 3 TOE Security Environment,

More information

IMPP. Identity Management Protection Profile BSI-PP-0024

IMPP. Identity Management Protection Profile BSI-PP-0024 Identity Management Protection Profile IMPP BSI-PP-0024 Version Number 1.17 Date: January 12, 2006 Status: Final Author: David Ochel Owner: Brian Matthiesen Note: This document will become a public document

More information

Security Target: Symantec Endpoint Protection Version 11.0

Security Target: Symantec Endpoint Protection Version 11.0 Security Target: Symantec Endpoint Protection Version 11.0 ST Version 1.6 June 2, 2008 Document Version 1.6 Symantec Corporation Page 1 of 68 Prepared For: Prepared By: Symantec Corporation 20330 Stevens

More information

Security Target. McAfee Enterprise Mobility Management 9.7. Document Version 0.9. July 5, 2012

Security Target. McAfee Enterprise Mobility Management 9.7. Document Version 0.9. July 5, 2012 Security Target McAfee Enterprise Mobility Management 9.7 Document Version 0.9 July 5, 2012 Document Version 0.9 McAfee Page 1 of 39 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa

More information

Security Target SQL Server 2012 Team

Security Target SQL Server 2012 Team Microsoft SQL Server 2012 Database Engine Common Criteria Evaluation (EAL2) Security Target SQL Server 2012 Team Author: Version: 1.2 Roger French (Microsoft Corporation) Date: 2012-08-07 Abstract This

More information

EMC Documentum. EMC Documentum Content Server TM V5.3. and EMC Documentum Administrator TM V5.3. Security Target V2.0

EMC Documentum. EMC Documentum Content Server TM V5.3. and EMC Documentum Administrator TM V5.3. Security Target V2.0 EMC Documentum EMC Documentum Content Server TM V5.3 and EMC Documentum Administrator TM V5.3 Security Target V2.0 December 8, 2005 ST prepared by Suite 5200, 4925 Jones Branch Drive McLean, VA 22102-3305

More information

Security Target Microsoft SQL Server Team

Security Target Microsoft SQL Server Team Security Target Microsoft SQL Server Team Author: Roger French Version: 1.27 Date 2008-07-23 File Name: MS_SQL_ST_1.27 Abstract This document is the Security Target (ST) for the Common Criteria evaluation

More information

Security Target for Cisco Secure PIX Firewall 515, 520, 525 Version 5.2(3)

Security Target for Cisco Secure PIX Firewall 515, 520, 525 Version 5.2(3) Security Target for Cisco Secure PIX Firewall 515, 520, 525 Version 5.2(3) Reference: ST January 2001 Version: 1.6 Europe: USA: CISCO Systems Ltd CISCO Systems Inc. 3 The Square 170 West Tasman Drive Stockley

More information

IronMail Secure Email Gateway Software Version 4.0.0 Security Target April 27, 2006 Document No. CipherTrust E2-IM4.0.0

IronMail Secure Email Gateway Software Version 4.0.0 Security Target April 27, 2006 Document No. CipherTrust E2-IM4.0.0 IronMail Secure Email Gateway Software Version 4.0.0 Security Target April 27, 2006 Document No. CipherTrust E2-IM4.0.0 CipherTrust 4800 North Point Parkway Suite 400 Alpharetta, GA 30022 Phone: 678-969-9399

More information

Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP-0081-2012 Version 1.0

Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP-0081-2012 Version 1.0 Protection Profile for Portable Storage Media (PSMPP) Common Criteria Protection Profile BSI-CC-PP-0081-2012 Version 1.0 German Federal Office for Information Security PO Box 20 03 63 D-53133 Bonn Tel.:

More information

Intrusion Detection System System Protection Profile

Intrusion Detection System System Protection Profile Intrusion Detection System System Protection Profile Prepared for National Security Agency 9800 Savage Road Fort Meade MD, 20755 Prepared by Science Applications International Corporation 7125 Gateway

More information

Security Target. Astaro Security Gateway V8 Packet Filter Version 1.000. Assurance Level EAL4+ Common Criteria v3.1

Security Target. Astaro Security Gateway V8 Packet Filter Version 1.000. Assurance Level EAL4+ Common Criteria v3.1 Astaro Security Gateway V8 Packet Filter Version 1.000 Assurance Level EAL4+ Common Criteria v3.1 This Security Target also covers the secunet wall 2 packet filter Version : 1.03 Date: 2011-05-20 Author:

More information

Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2. Security Target

Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2. Security Target Enterasys Networks, Inc. Netsight/Network Access Control v3.2.2 Security Target Evaluation Assurance Level: EAL2+ Document Version: 0.7 Prepared for: Prepared by: Enterasys Networks, Inc. Corsec Security,

More information

Stonesoft Corporation. StoneGate Firewall cc.2 Security Target

Stonesoft Corporation. StoneGate Firewall cc.2 Security Target Stonesoft Corporation StoneGate Firewall 5.2.5.8081.cc.2 Security Target VERSION 2.1 2011-10-06 Stonesoft Corporation Itälahdenkatu 22 A, FIN-0210 Helsinki, Finland TABLE OF CONTENTS 1 INTRODUCTION 5 1.1

More information

Author: Roger French Version: 1.2 Date: 2009-01-23

Author: Roger French Version: 1.2 Date: 2009-01-23 Security Target SQL Server 2008 Team Author: Roger French Version: 1.2 Date: 2009-01-23 Abstract This document is the Security Target (ST) for the Common Criteria certification of the database engine of

More information

Security Target for BorderWare Firewall Server 6.5

Security Target for BorderWare Firewall Server 6.5 Security Target for BorderWare Firewall Server 6.5 Reference: ST January 2002 Version : 2.4 North America: Europe: 50 Burnhamthorpe Rd. W. 1 The Harlequin Centre Suite 502 Southall Lane Mississauga Southall

More information

Security Target. NetIQ Access Manager 4.0. Document Version 1.13. August 7, 2014. Security Target: NetIQ Access Manager 4.0

Security Target. NetIQ Access Manager 4.0. Document Version 1.13. August 7, 2014. Security Target: NetIQ Access Manager 4.0 Security Target NetIQ Access Manager 4.0 Document Version 1.13 August 7, 2014 Document Version 1.13 NetIQ Page 1 of 36 Prepared For: Prepared By: NetIQ, Inc. 1233 West Loop South Suite 810 Houston, TX

More information

SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING

SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING SECURITY TARGET FOR FORTIANALYZER V4.0 MR3 CENTRALIZED REPORTING Document No. 1735-005-D0001 Version: 1.0, 3 June 2014 Prepared for: Fortinet, Incorporated 326 Moodie Drive Ottawa, Ontario Canada, K2H

More information

EMC Corporation Data Domain Operating System Version 5.2.1.0. Security Target. Evaluation Assurance Level (EAL): EAL2+ Document Version: 0.

EMC Corporation Data Domain Operating System Version 5.2.1.0. Security Target. Evaluation Assurance Level (EAL): EAL2+ Document Version: 0. EMC Corporation Data Domain Operating System Version 5.2.1.0 Security Target Evaluation Assurance Level (EAL): EAL2+ Document Version: 0.11 Prepared for: Prepared by: EMC Corporation 176 South Street Hopkinton,

More information

GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0.

GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0. GuardianEdge Data Protection Framework 9.0.1 with GuardianEdge Hard Disk Encryption 9.0.1 and GuardianEdge Removable Storage Encryption 3.0.1 Security Target Version 2.01 Common Criteria EAL4 augmented

More information

Security Target: Symantec Mail Security 8300 Series Appliances Version 5.0

Security Target: Symantec Mail Security 8300 Series Appliances Version 5.0 Security Target: Symantec Mail Security 8300 Series Appliances Version 5.0 ST Version 1.6 August 20, 2007 Document Version 1.6 Symantec Corporation Page 1 of 55 Prepared For: Prepared By: Symantec Corporation

More information

Top Layer Networks. Security Target V2.3

Top Layer Networks. Security Target V2.3 Top Layer Networks IDS Balancer TM Version 2.2 Appliance (IDSB3531-CCV1.0, IDSB3532-CCV1.0, IDSB4508-CCV1.0) Security Target V2.3 August 31, 2004 AppBalancing, AppSafe, DCFD, Flow Mirror, SecureWatch,

More information

Citrix Systems, Inc. NetScaler Platinum Edition Load Balancer Version 9.1 Security Target

Citrix Systems, Inc. NetScaler Platinum Edition Load Balancer Version 9.1 Security Target Citrix Systems, Inc. NetScaler Platinum Edition Load Balancer Version 9.1 Security Target Evaluation Assurance Level: EAL2 augmented with ALC_FLR.2 Document Version: 1 Prepared for: Prepared by: Citrix

More information

Teradata Database Version 2 Release 6.1.0 (V2R6.1.0) Security Target

Teradata Database Version 2 Release 6.1.0 (V2R6.1.0) Security Target Teradata Database Version 2 Release 6.1.0 (V2R6.1.0) Security Target Version 2.0 February 2007 TRP Number: 541-0006458 NCR, Teradata and BYNET are registered trademarks of NCR Corporation. Microsoft, Windows,

More information

AppGate Security Server, Version 8.0.4. Security Target. Document Version: 2.9 Date: 2008-04-10

AppGate Security Server, Version 8.0.4. Security Target. Document Version: 2.9 Date: 2008-04-10 AppGate Security Server, Version 8.0.4 Security Target Document Version: 2.9 Date: 2008-04-10 Contents 1 INTRODUCTION...6 1.1 ST Identification...6 1.2 ST Overview...6 1.3 CC Conformance Claim...6 1.4

More information

Trustwave Secure Web Gateway Security Target

Trustwave Secure Web Gateway Security Target Trustwave Secure Web Gateway Security Target Version 1.5 September 18, 2013 Trustwave 70 West Madison Street Suite 1050 Chicago, IL 60602 Prepared By: Common Criteria Consulting LLC 15804 Laughlin Lane

More information

Extended Package for Mobile Device Management Agents

Extended Package for Mobile Device Management Agents Extended Package for Mobile Device Management Agents 31 December 2014 Version 2.0 REVISION HISTORY Version Date Description 1.0 21 October 2013 Initial Release 1.1 7 February 2014 Typographical changes

More information

Security Target. McAfee Enterprise Mobility Management 12.0. Document Version 1.16

Security Target. McAfee Enterprise Mobility Management 12.0. Document Version 1.16 Security Target McAfee Enterprise Mobility Management 12.0 Document Version 1.16 September 17, 2014 Prepared For: Prepared By: McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 Primasec Ltd

More information

Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller. July 24, 2015 Version 1

Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller. July 24, 2015 Version 1 Network Device Collaborative Protection Profile (NDcPP) Extended Package Session Border Controller July 24, 2015 Version 1 1 Table of Contents 1 Introduction... 4 1.1 Conformance Claims...4 1.2 How to

More information

Marimba Client and Server Management from BMC Software Release 6.0.3

Marimba Client and Server Management from BMC Software Release 6.0.3 Marimba Client and Server Management from BMC Software Release 6.0.3 Version 2.3.0 4 June, 2007 Prepared by: BMC Software, Inc. 2101 City West Blvd. Houston, Texas 77042 TABLE OF CONTENTS 1. Introduction...

More information

Security Target for the Fortinet FortiGate -200B and 620B Unified Threat Management Solution and FortiOS 4.0 CC Compliant Firmware: EAL4+

Security Target for the Fortinet FortiGate -200B and 620B Unified Threat Management Solution and FortiOS 4.0 CC Compliant Firmware: EAL4+ Security Target for the Fortinet FortiGate -200B and 620B Unified Threat Management Solution and FortiOS 4.0 CC Compliant Firmware: EAL4+ EWA Document No. 1708-001-D002 Fortinet Document No. ST0007 Version

More information

Natek Network Access Control (NAC)

Natek Network Access Control (NAC) Natek Network Access Control (NAC) V 5.4.2 Security Target Release Date: 28.08.2014 Version 1.13 AUTHOR: NATEK BİLİŞİM BİLGİSAYAR EĞİTİM DANIŞMANLIK YAZILIM TİCARET SANAYİ ANONİM ŞİRKETİ 1 Revision History

More information

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN

MINISTERIO DE DEFENSA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN REF: 2010-12-INF-626 V1 Distribution: Public Date: 29.04.2011 Created: CERT3 Reviewed: TECNICO Approved: JEFEAREA CERTIFICATION REPORT FOR EADS GROUND SEGMENT SYSTEMS PROTECTION PROFILE (GSS-PP) ISSUE

More information

U.S. DoD. Remote Access. Protection Profile. for. High Assurance Environments

U.S. DoD. Remote Access. Protection Profile. for. High Assurance Environments U.S. DoD Remote Access Protection Profile for High Assurance Environments Version 1.0 June 2000 Document Authors: G. Roger Black, National Security Agency (Team Leader) John M. Boone, Mitretek Systems

More information

Security Target for. Astaro Security Gateway Software V6.300. CC Compliant Software EAL 2+

Security Target for. Astaro Security Gateway Software V6.300. CC Compliant Software EAL 2+ for Astaro Security Gateway Software V6.0 CC Compliant Software EAL 2+ September 04, 06 Version 2.08 Prepared by: Astaro AG, Amalienbadstraße 36 Bau 33a, 76227 Karlsruhe, Germany TABLE OF CONTENTS 1 INTRODUCTION...

More information

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report TM HP Network Node Management Advanced Edition Software V7.51 with patch PHSS_35278 Report

More information

Certification Report

Certification Report Certification Report EAL 4+ Evaluation of WatchGuard and Fireware XTM Operating System v11.5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation

More information

Security Target. Document Version 1.1. March 25, 2013

Security Target. Document Version 1.1. March 25, 2013 Security Target McAfee Enterprise Security Manager with Event Receiver, Enterprise Log Manager, Advanced Correlation Engine, Application Data Monitor and Database Event Monitor 9.1 Document Version 1.1

More information

Senforce Endpoint Security Suite Version 3.1.175 Security Target

Senforce Endpoint Security Suite Version 3.1.175 Security Target Senforce Endpoint Security Suite Version 3.1.175 Security Target Version 1.0 06/19/07 Prepared for: Senforce Technologies, Inc. 147 W Election Rd Ste 110 Draper UT 84020 Prepared By: Science Applications

More information

Security Target: IBM Internet Security Systems GX Series Security Appliances Version 4.1 and SiteProtector Version 2.0 Service Pack 8.

Security Target: IBM Internet Security Systems GX Series Security Appliances Version 4.1 and SiteProtector Version 2.0 Service Pack 8. Security Target IBM Internet Security Systems GX Series Security Appliances Version 4.1 and Document Version 0.6 February 27, 2012 Document Version 0.6 IBM Internet Security Systems Page 1 of 55 Prepared

More information

IBM Internet Security Systems GX6116 Security Appliance Version 2.2 and SiteProtector Version 2.0 Service Pack 7.0 with Reporting Module

IBM Internet Security Systems GX6116 Security Appliance Version 2.2 and SiteProtector Version 2.0 Service Pack 7.0 with Reporting Module Security Target IBM Internet Security Systems GX6116 Security Appliance Version 2.2 and SiteProtector Version 2.0 Service Pack 7.0 with Reporting Module Document Version 2.0 July 6, 2011 Document Version

More information

SenSage, Inc. SenSage 4.6.2. Security Target. Evaluation Assurance Level: EAL2+ Document Version: 1.2

SenSage, Inc. SenSage 4.6.2. Security Target. Evaluation Assurance Level: EAL2+ Document Version: 1.2 SenSage, Inc. SenSage 4.6.2 Security Target Evaluation Assurance Level: EAL2+ Document Version: 1.2 Prepared for: Prepared by: SenSage, Inc. 55 Hawthorne Street San Francisco, CA 94105 United States of

More information

CONTROLLED ACCESS PROTECTION PROFILE

CONTROLLED ACCESS PROTECTION PROFILE CONTROLLED ACCESS PROTECTION PROFILE Version 1.d Information Systems Security Organization National Security Agency 9800 Savage Road Fort George G. Meade, MD 20755-6000 8 October 1999 8 October 1999 2

More information

Top Layer Networks IPS 5500 E Security Target

Top Layer Networks IPS 5500 E Security Target Top Layer Networks IPS 5500 E Security Target Version 1.1 April 10, 2009 Prepared For: Top Layer Networks 2400 Computer Drive Westborough, MA 01581 Prepared By: CygnaCom Solutions Security Evaluations

More information

Security Target. McAfee Host Intrusion Prevention 8 and epolicy Orchestrator 4.5. Document Version 1.1. September 9, 2011

Security Target. McAfee Host Intrusion Prevention 8 and epolicy Orchestrator 4.5. Document Version 1.1. September 9, 2011 Security Target McAfee Host Intrusion Prevention 8 and epolicy Orchestrator 4.5 Document Version 1.1 September 9, 2011 Document Version 1.1 McAfee Page 1 of 61 Prepared For: Prepared By: McAfee, Inc. 2821

More information

Certification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT

Certification Report - Firewall Protection Profile and Firewall Protection Profile Extended Package: NAT Template: CSEC_mall_doc.dot, 7.0 Ärendetyp: 6 Diarienummer: 14FMV10188-21:1 Dokument ID CB-015 HEMLIG/ enligt Offentlighets- och sekretesslagen (2009:400) 2015-06-12 Country of origin: Sweden Försvarets

More information

SECURITY TARGET CITADEL HERCULES ENTERPRISE VULNERABILITY MANAGEMENT (EVM) VERSION 4.1

SECURITY TARGET CITADEL HERCULES ENTERPRISE VULNERABILITY MANAGEMENT (EVM) VERSION 4.1 SECURITY TARGET CITADEL HERCULES ENTERPRISE VULNERABILITY MANAGEMENT (EVM) VERSION 4.1 Document No. 1517-011-D001 Version 1.1, 3 August 2006 Prepared for: Citadel Security Software Inc. Two Lincoln Centre

More information

Protection Profile for Wireless Local Area Network (WLAN) Access Systems

Protection Profile for Wireless Local Area Network (WLAN) Access Systems Protection Profile for Wireless Local Area Network (WLAN) Access Systems Information Assurance Directorate 01 December 2011 Version 1.0 Table of Contents 1 Introduction to the PP... 1 1.1 PP Overview of

More information

HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target

HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target HP StoreOnce Backup System Generation 3 Version 3.6.6 Security Target Version 1.0 February 12, 2014 Prepared for: Hewlett-Packard Long Down Avenue Stoke Gifford Bristol BS34 8QZ UK Prepared By: Leidos

More information

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION

EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION COMMON CRITERIA PROTECTION PROFILE EPASSPORT WITH BASIC ACCESS CONTROL AND ACTIVE AUTHENTICATION Draft Version 1.0 TURKISH STANDARDS INSTITUTION TABLE OF CONTENTS Common Criteria Protection Profile...

More information

Security Target Sophos UTM V9 Packet Filter Version 1.000

Security Target Sophos UTM V9 Packet Filter Version 1.000 Sophos UTM V9 Packet Filter Version 1.000 Assurance Level EAL4+ Common Critera v3.1 Revision 4 Document version: 1.00 Document date: 2015-03-25 Document History Version Date Change(s) Author(s) 0.90 2014-02-19

More information

LogLogic v4.6.1 Open Log Management Platform Security Target. Release Date: 30 June 2009 Version: 2.0

LogLogic v4.6.1 Open Log Management Platform Security Target. Release Date: 30 June 2009 Version: 2.0 LogLogic v4.6.1 Open Log Management Platform Security Target Release Date: 30 June 2009 Version: 2.0 Prepared for: LogLogic Inc. 110 Rose Orchard Way, Suite 200 San Jose, CA 95134 Prepared by: Savvis Federal

More information

Supporting Document Mandatory Technical Document. Evaluation Activities for Stateful Traffic Filter Firewalls cpp. February-2015. Version 1.

Supporting Document Mandatory Technical Document. Evaluation Activities for Stateful Traffic Filter Firewalls cpp. February-2015. Version 1. Supporting Document Mandatory Technical Document Evaluation Activities for Stateful Traffic Filter Firewalls cpp February-2015 Version 1.0 CCDB-2015-01-002 Foreword This is a supporting document, intended

More information

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik Common Criteria Protection Profile Cryptographic Modules, Security Level Enhanced BSI-CC-PP-0045 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Enhanced - is issued

More information

Security Target for Cisco Remote Access VPN

Security Target for Cisco Remote Access VPN Security Target for Cisco Remote Access VPN Reference: ST 16 May 2007 Version 1.17 CISCO Systems Inc. 170 West Tasman Drive San Jose CA 95124-1706 USA Copyright: 2007 Cisco Systems, Inc. Table of Contents

More information

Security Target. Securonix Security Intelligence Platform 4.0. Document Version 1.12. January 9, 2015

Security Target. Securonix Security Intelligence Platform 4.0. Document Version 1.12. January 9, 2015 Security Target Securonix Security Intelligence Platform 4.0 Document Version 1.12 January 9, 2015 Document Version 1.12 Copyright Securonix Page 1 of 41 Prepared For: Prepared By: Securonix 5777 W. Century

More information

Check Point Endpoint Security Full Disk Encryption Security Target

Check Point Endpoint Security Full Disk Encryption Security Target Check Point Endpoint Security Full Disk Encryption Security Target ST Version 2.4 June 22, 2009 Prepared for: 5 Ha Solelim St. Tel Aviv, Israel 67897 Prepared by: Metatron Ltd. 66 Yosef St., Modiin, Israel

More information

Windows Mobile 6.5 Security Target

Windows Mobile 6.5 Security Target EAL4 augmented with ALC_FLR.1 Version 1.0 January 2010 The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication.

More information

IBM WebSphere Message Broker Security Target

IBM WebSphere Message Broker Security Target IBM WebSphere Message Broker Security Target Version 2.1.2 2007-08-22 Document History Version Date Summary Author 1.0 2006-10-23 Final EAL3 ST plus changes by IBM. SAIC / IBM 1.1 2006-12-11 Fixed inconsistencies.

More information

Security Target. McAfee Data Loss Prevention Endpoint 9.4 and epolicy Orchestrator 5.1.3. Document Version 1.0

Security Target. McAfee Data Loss Prevention Endpoint 9.4 and epolicy Orchestrator 5.1.3. Document Version 1.0 Security Target McAfee Data Loss Prevention Endpoint 9.4 and epolicy Orchestrator 5.1.3 Document Version 1.0 November 24, 2015 Prepared For: Prepared By: Intel Corporation. 2821 Mission College Blvd. Santa

More information

Basics of Internet Security

Basics of Internet Security Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational

More information

U. S. Government Protection Profile Anti-Virus Applications for Workstations In Basic Robustness Environments, Version 1.0

U. S. Government Protection Profile Anti-Virus Applications for Workstations In Basic Robustness Environments, Version 1.0 National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Common Criteria Evaluation and Validation Scheme Validation Report U. S. Government Protection Profile Anti-Virus

More information

Check Point Endpoint Security Media Encryption Security Target

Check Point Endpoint Security Media Encryption Security Target Check Point Endpoint Security Media Encryption Security Target Version 1.0 June 23, 2010 Prepared for: 5 Ha Solelim St. Tel Aviv, Israel 67897 Prepared By: Science Applications International Corporation

More information

Extreme Networks, Inc. ExtremeXOS Network Operating System v12.3.6.2

Extreme Networks, Inc. ExtremeXOS Network Operating System v12.3.6.2 Extreme Networks, Inc. ExtremeXOS Network Operating System v12.3.6.2 Security Target Evaluation Assurance Level: EAL3+ Document Version: 0.9 Prepared for: Prepared by: Extreme Networks, Inc. 3585 Monroe

More information

RSA, The Security Division of EMC envision platform v4.0 SP 1. Security Target

RSA, The Security Division of EMC envision platform v4.0 SP 1. Security Target RSA, The Security Division of EMC envision platform v4.0 SP 1 Security Target Evaluation Assurance Level: 3+ Document Version: 0.8 Prepared for: Prepared by: RSA, The Security Division of EMC 174 Middlesex

More information

JMCS Northern Light Video Conferencing System Security Target

JMCS Northern Light Video Conferencing System Security Target JMCS Northern Light Video Conferencing System Security Target Common Criteria: EAL2 Version 1.2 22 FEB 12 Document management Document identification Document ID Document title Product version NLVC_ST_EAL2

More information

Protection Profile for Server Virtualization

Protection Profile for Server Virtualization Protection Profile for Server Virtualization 29 October 2014 Version 1.0 i 0 Preface 0.1 Objectives of Document This document presents the Common Criteria (CC) Protection Profile (PP) to express the fundamental

More information

Australasian Information Security Evaluation Program

Australasian Information Security Evaluation Program Australasian Information Security Evaluation Program Juniper Networks, Inc. JUNOS 12.1 X46 D20.6 for SRX-Series Platforms Certification Report 2015/90 3 July 2015 Version 1.0 Commonwealth of Australia

More information

Symantec Security Information Manager Version 4.8.1

Symantec Security Information Manager Version 4.8.1 Security Target Symantec Security Information Manager Version 4.8.1 Document Version 1.7 January 30, 2014 Document Version 1.7 Copyright Symantec Corporation Page 1 of 42 Prepared For: Prepared By: Symantec

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

TRUSTED SECURITY FILTER SECURITY TARGET

TRUSTED SECURITY FILTER SECURITY TARGET TRUSTED SECURITY FILTER SECURITY TARGET Edition: 4 29 Oct 07 Previous editions: Ed. 1 11 May 2006 Ed. 2 16 Aug 2006 Ed. 3 28 June 2007 Author: KKK Appr.: PÅT All pages in this document shall have the same

More information

Protection Profile for Single-level Operating Systems in Environments Requiring Medium Robustness

Protection Profile for Single-level Operating Systems in Environments Requiring Medium Robustness Protection Profile for Single-level Operating Systems in Environments Requiring Medium Robustness Version 1.22 Information Assurance Directorate National Security Agency 9800 Savage Road Fort George G.

More information

Xceedium GateKeeper Version 5.2.1 Security Target

Xceedium GateKeeper Version 5.2.1 Security Target ceedium GateKeeper Version 521 Security Target February 3, 2011 Prepared for: ceedium, Inc 30 Montgomery Street Jersey City, NJ 07302 Prepared By: Science Applications International Corporation Common

More information

BMC ProactiveNet Performance Management 9.5. Security Target

BMC ProactiveNet Performance Management 9.5. Security Target BMC ProactiveNet Performance Management 9.5 Security Target Version 0.4 18 July 2014 Copyright 2014 BMC Software, Inc. All rights reserved. BMC, BMC Software, and the BMC Software logo are the exclusive

More information

Nexpose Vulnerability Management and Penetration Testing System V.5.1 Security Target

Nexpose Vulnerability Management and Penetration Testing System V.5.1 Security Target Rapid7 Nexpose Vulnerability Management and Penetration Testing System V.5.1 Security Target Version 1.7 May 11, 2012 Prepared for: Rapid7 LLC 545 Boylston Street, Suite 400 Boston, MA 02116 Prepared By:

More information

SECURITY TARGET: SQ-PHOENIX DIGITAL ENCRYPTOR

SECURITY TARGET: SQ-PHOENIX DIGITAL ENCRYPTOR SECURITY TARGET: SQ-PHOENI DIGITAL ENCRYPTOR VERSION 2.7 Prepared by and for: CES Communications Ltd Version 1.3 TABLE OF CONTENTS 1 Security Target Introduction... 1 1.1 ST and TOE Identification... 1

More information

Low Assurance Protection Profile for a Software Based Personal Firewall for home Internet use

Low Assurance Protection Profile for a Software Based Personal Firewall for home Internet use TNO report PP-Software Based Personal Firewall-1.2 Low Assurance Protection Profile for a Software Based Personal Firewall for home Internet use Version 1.2 Date 6 th April 2005 Author(s) Rob Hunter Dirk-Jan

More information

COMMON CRITERIA PROTECTION PROFILE. for SECURE COMMUNICATION MODULE FOR WATER TRACKING SYSTEM (SCM-WTS PP)

COMMON CRITERIA PROTECTION PROFILE. for SECURE COMMUNICATION MODULE FOR WATER TRACKING SYSTEM (SCM-WTS PP) COMMON CRITERIA PROTECTION PROFILE for SECURE COMMUNICATION MODULE FOR WATER TRACKING SYSTEM (SCM-WTS PP) Revision No 1.1 Revision Date 11.07.2014 Document Code File Name SCM-WTS PROTECTION PROFILE Prepared

More information

RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5. Security Target

RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5. Security Target RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5 Security Target Evaluation Assurance Level: EAL2 Augmented with ALC_FLR.1 Document Version: 0.7 Prepared for: Prepared by: RSA, The

More information

Blue Coat Systems, Inc. ProxySG v5.3.1.9 running on SG510, SG810, and SG8100. Security Target

Blue Coat Systems, Inc. ProxySG v5.3.1.9 running on SG510, SG810, and SG8100. Security Target Blue Coat Systems, Inc. ProxySG v5.3.1.9 running on SG510, SG810, and SG8100 Security Target Evaluation Assurance Level: EAL 2+ Document Version: 0.7 Prepared for: Prepared by: Blue Coat Systems, Inc.

More information

Security Target. Symantec Data Loss Prevention 11.1.1. Document Version 1.0. January 23, 2012

Security Target. Symantec Data Loss Prevention 11.1.1. Document Version 1.0. January 23, 2012 Security Target Symantec Data Loss Prevention 11.1.1 Document Version 1.0 January 23, 2012 Document Version 1.0 Symantec Corporation Page 1 of 40 Prepared For: Prepared By: Symantec Corporation 350 Ellis

More information