Version | Date | Comment |
---|---|---|
4.0 | 2015-08-14 | Release - significant revision |
1. Introduction
1.1. Overview
1.2. Terms
1.2.1. Common Criteria Terms
1.2.2. Technology Terms
1.3. Compliant Targets of Evaluation
1.3.1. TOE Boundary
1.3.2. TOE Platform
1.4. Use Cases
3. Security Problem Definition
3.1. Threats
3.2. Assumptions
4.1. Security Objectives for the TOE
4.2. Security Objectives for the Operational Environment
4.3. Security Objectives Rationale
5.1. Security Functional Requirements
5.1.1. Cryptographic Support (FCS)
5.1.2. User Data Protection (FDP)
5.1.3. Security Management (FMT)
5.1.4. Protection of the TSF (FPT)
5.1.5. Audit Data Generation (FAU)
5.1.6. Identification and Authentication (FIA)
5.1.7. Trusted Path/Channels (FTP)
5.2. Security Assurance Requirements
5.2.1. Class ASE: Security Target
5.2.2. Class ADV: Development
5.2.3. Class AGD: Guidance Documentation
5.2.4. Class ALC: Life-cycle Support
5.2.5. Class ATE: Tests
5.2.6. Class AVA: Vulnerability Assessment
Appendix A: Optional Requirements
Appendix B: Selection-Based Requirements
Appendix C: Objective Requirements
Appendix D: Inherently Satisfied Requirements
Appendix E: Entropy Documentation and Assessment
Appendix F: References
Appendix G: Acronyms
Threat, Assumption, or OSP | Security Objectives | Rationale |
T.NETWORK_ATTACK | O.PROTECTED_COMMS, O.INTEGRITY, O.MANAGEMENT | |
T.NETWORK_EAVESDROP | O.PROTECTED_COMMS, O.MANAGEMENT | |
T.LOCAL_ATTACK | O.INTEGRITY | |
T.LIMITED_PHYSICAL_ACCESS | O.PROTECTED_STORAGE | |
A.PLATFORM | OE.PLATFORM | |
A.PROPER_USER | OE.PROPER_USER | |
A.PROPER_ADMIN | OE.PROPER_ADMIN |
RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: [selection: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.3 , ANSI X9.31-1998, Section 4.1] ,
ECC schemes using “NIST curves” P-256, P-384 and [selection: P-521 , no other curves ] that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4
] .FIPS 186-4 ECC Key Generation Test
For each supported NIST curve, i.e., P-256, P-384 and P-521, the evaluator will require the implementation under test (IUT) to generate 10 private/public key pairs. The private key shall be generated using an approved random bit generator (RBG). To determine correctness, the evaluator will submit the generated key pairs to the public key verification (PKV) function of a known good implementation.FIPS 186-4 Public Key Verification (PKV) Test
For each supported NIST curve, i.e., P-256, P-384 and P-521, the evaluator will generate 10 private/public key pairs using the key generation function of a known good implementation and modify five of the public key values so that they are incorrect, leaving five values unchanged (i.e., correct). The evaluator will obtain in response a set of 10 PASS/FAIL values.Elliptic curve-based key establishment schemes that meets the following: NIST Special Publication 800-56A, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” ,
No other schemes
] .For volatile memory, the destruction shall be executed by a single direct overwrite [selection: consisting of a pseudorandom pattern using the TSF’s RBG , consisting of zeroes ] followed by a read-verify. If the read-verification of the overwritten data fails, the process shall be repeated again. ,
For non-volatile EEPROM, the destruction shall be executed by a single, direct overwrite consisting of a pseudorandom pattern using the TSF’s RBG (as specified in FCS_RBG_EXT.1), followed by a read-verify. If the read-verification of the overwritten data fails, the process shall be repeated again. ,
For non-volatile flash memory, the destruction shall be executed by [selection: a single, direct overwrite consisting of zeroes , a block erase ] followed by a read-verify. If the read-verification of the overwritten data fails, the process shall be repeated again. ,
For non-volatile memory other than EEPROM and flash, the destruction shall be executed by overwriting three or more times with a random pattern that is changed before each write
] .AES Key Wrap (KW) (as defined in NIST SP 800-38F),
AES Key Wrap with Padding (KWP) (as defined in NIST SP 800-38F),
AES-GCM (as defined in NIST SP 800-38D),
AES-CCM (as defined in NIST SP 800-38C),
AES-CCMP-256 (as defined in NIST SP800-38C and IEEE 802.11ac-2013),
AES-GCMP-256 (as defined in NIST SP800-38D and IEEE 802.11ac-2013),
no other modes
] and cryptographic key sizes 128-bit and 256-bit.# Input: PT, IV, Key for i = 1 to 1000: if i == 1: CT[1] = AES-CBC-Encrypt(Key, IV, PT) PT = IV else: CT[i] = AES-CBC-Encrypt(Key, PT) PT = CT[i-1]The ciphertext computed in the 1000th iteration (i.e., CT[1000]) is the result for that trial. This result shall be compared to the result of running 1000 iterations with the same values using a known good implementation.
SHA-256,
SHA-384,
SHA-512,
no other algorithms
] and message digest sizes 160 and [selection:256,
384,
512,
no other message digest sizes
] bits that meet the following: FIPS Pub 180-4.RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section 4 ,
ECDSA schemes using “NIST curves” P-256, P-384 and [selection: P-521, no other curves] that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section 5
] .SHA-1,
SHA-256,
SHA-384,
SHA-512,
no other algorithms
] with key sizes [assignment: key size (in bits) used in HMAC] and message digest sizes [selection: 160, 256, 384, 512, no other size] bits that meet the following: FIPS Pub 198-1 The Keyed-Hash Message Authentication Code and FIPS Pub 180-4 Secure Hash Standard.NIST Special Publication 800-90A using [selection: Hash_DRBG (any), HMAC_DRBG (any), CTR_DRBG (AES)] ,
FIPS Pub 140-2 Annex C: X9.31 Appendix 2.4 using AES
] .software-based noise source,
platform-based noise source
] with a minimum of [selection:128 bits,
256 bits
] of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate.TLS_DHE_RSA_WITH_AES_128_CBC_SHA as defined in RFC 5246,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA as defined in RFC 5246,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 as defined in RFC 5246,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA as defined in RFC 4492,
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289,
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA as defined in RFC 4492,
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289,
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA as defined in RFC 4492,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA as defined in RFC 4492,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289,
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289,
TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246,
TLS_RSA_WITH_AES_256_CBC_SHA as defined in RFC 5246,
TLS_RSA_WITH_AES_256_CBC_SHA256 as defined in RFC 5246,
no other cipher suite
] .provide an interface which allows a VPN client to protect all IP traffic using IPsec ,
provide a VPN client which can protects all IP traffic using IPsec
] with the exception of IP traffic required to establish the VPN connection.Management Function | Administrator | User |
configure minimum password length | O | O |
configure minimum number of special characters in password | O | O |
configure minimum number of numeric characters in password | O | O |
configure minimum number of uppercase characters in password | O | O |
configure minimum number of lowercase characters in password | O | O |
enable/disable screen lock | O | O |
configure screen lock inactivity timeout | O | O |
configure remote connection inactivity timeout | O | O |
enable/disable unauthenticated logon | X | X |
configure lockout policy for unsuccessful authentication attempts through [selection: timeouts between attempts, limiting number of attempts during a time period] | O | O |
configure host-based firewall | O | O |
configure name/address of directory server to bind with | O | O |
configure name/address of remote management server from which to receive management settings | O | O |
configure name/address of audit/logging server to which to send audit/logging records | O | O |
configure local audit storage capacity | O | O |
configure audit rules | O | O |
configure name/address of network time server | O | O |
enable/disable automatic software update | O | O |
configure WiFi interface | O | O |
enable/disable Bluetooth interface | O | O |
configure USB interfaces | O | O |
enable/disable [assignment: list of other external interfaces] | O | O |
[assignment: list of other management functions to be provided by the TSF] | O | O |
all executable code stored in mutable media,
[assignment: list of other executable code] ,
no other executable code
] prior to its execution through the use of [selection:a digital signature using a hardware-protected asymmetric key,
a hardware-protected hash
]File and object events (Successful and unsuccessful attempts to create, access, delete, modify, modify permissions),
User and Group management events (Successful and unsuccessful add, delete, modify, disable,
Audit and log data access events (Success/Failure),
Cryptographic verification of software (Success/Failure),
Program initiations (Success/Failure e.g. due to software restriction policy) ,
System reboot, restart, and shutdown events (Success/Failure),
Kernel module loading and unloading events (Success/Failure),
Administrator or root-level access events (Success/Failure),
Command line input (Success/Failure),
[assignment: other specifically defined auditable events] .
][assignment: a positive integer number] ,
an administrator configurable positive integer within a [assignment: range of acceptable values]
] unsuccessful authentication attempts for [selection:authentication based on user name and password,
authentication based on user name and a PIN that releases an asymmetric key stored in OE-protected storage,
authentication based on X.509 certificates
] occur related to [assignment: list of authentication events] .authentication based on user name and password,
authentication based on user name and a PIN that releases an asymmetric key stored in OE-protected storage,
authentication based on X.509 certificates
] to support user authentication.TLS as conforming to FCS_TLSC_EXT.1,
DTLS as conforming to FCS_DTLS_EXT.1,
IPsec as conforming to the Extended Package for IPsec VPN Clients,
SSH as conforming to the Extended Package for Secure Shell
] to provide a trusted communication channel between itself and authorized IT entities supporting the following capabilities: [selection: audit server, authentication server, management server, [assignment: other capabilities] ] that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data.file path,
file digital signature,
version,
hash,
[assignment: other characteristics]
]Requirement | Rationale for Satisfaction |
FIA_UAU.1 - Timing of authentication | FIA_AFL.1 implicitly requires that the OS perform all necessary actions, including those on behalf of the user who has not been authenticated, in order to authenticate; therefore it is duplicative to include these actions as a separate assignment and test. |
FIA_UID.1 - Timing of identification | FIA_AFL.1 implicitly requires that the OS perform all necessary actions, including those on behalf of the user who has not been identified, in order to authenticate; therefore it is duplicative to include these actions as a separate assignment and test. |
FMT_SMR.1 - Security roles | FMT_MOF_EXT.1 specifies role-based management functions that implicitly defines user and privileged accounts; therefore, it is duplicative to include separate role requirements. |
FPT_STM.1 - Reliable time stamps | FAU_GEN.1.2 explicitly requires that the OS associate timestamps with audit records; therefore it is duplicative to include a separate timestamp requirement. |
FTA_SSL.1 - TSF-initiated session locking | FMT_MOF_EXT.1 defines requirements for managing session locking; therefore, it is duplicative to include a separate session locking requirement. |
FTA_SSL.2 - User-initiated locking | FMT_MOF_EXT.1 defines requirements for user-initiated session locking; therefore, it is duplicative to include a separate session locking requirement. |
FAU_STG.1 - Protected audit trail storage | FPT_ACF_EXT.1 defines a requirement to protect audit logs; therefore, it is duplicative to include a separate protection of audit trail requirements. |
FAU_GEN.2 - User identity association | FAU_GEN.1.2 explicitly requires that the OS record any user account associated with each event; therefore, it is duplicative to include a separate requirement to associate a user account with each event. |
FAU_SAR.1 - Audit review | FPT_ACF_EXT.1.2 requires that audit logs (and other objects) are protected from reading by unprivileged users; therefore, it is duplicative to include a separate requirement to protect only the audit information. |
Identifier | Title |
---|---|
[CC] |
|
[CEM] | |
[CESG] | |
[CSA] | |
[OMB] |
Acronym | Meaning |
---|---|