and EMC Documentum AdministratorTM V5.3 Security Target V2 EMC Documentum EMC Documentum Content ServerTM

  • View
    7

  • Download
    0

Embed Size (px)

Text of and EMC Documentum AdministratorTM V5.3 Security Target V2 EMC Documentum EMC Documentum Content...

  • EMC Documentum

    EMC Documentum Content ServerTM V5.3

    and EMC Documentum AdministratorTM V5.3

    Security Target V2.0 December 8, 2005

    ST prepared by

    Suite 5200, 4925 Jones Branch Drive♦McLean, VA 22102-3305♦703 848-0883♦Fax 703 848-0960

  • ii

    TABLE OF CONTENTS SECTION PAGE

    1 Security Target Introduction ....................................................................................................1 1.1 Security Target Identification ............................................................................................................... 1 1.2 Security Target Overview...................................................................................................................... 1 1.3 Common Criteria Conformance........................................................................................................... 1 1.4 Document Organization ......................................................................................................................... 1

    2 TOE Description .......................................................................................................................3 2.1 Product Type............................................................................................................................................ 3 2.2 EMC Documentum Content Server Components ............................................................................. 3

    2.2.1 EMC Documentum Content Server ..................................................................................................................... 3 2.2.2 Connection Broker ................................................................................................................................................ 4 2.2.3 Administrator Interfaces ....................................................................................................................................... 4

    2.3 TSF Physical Boundary and Scope of the Evaluation....................................................................... 5 2.4 Logical Boundary .................................................................................................................................... 6 2.5 TOE Security Environment................................................................................................................... 7

    3 TOE Security Environment ......................................................................................................8 3.1 Assumptions ............................................................................................................................................. 8 3.2 Threats ...................................................................................................................................................... 8

    4 Security Objectives..................................................................................................................10 4.1 Security Objectives for the TOE......................................................................................................... 10 4.2 Security Objectives for the Environment.......................................................................................... 10

    4.2.1 Security Objectives for the IT Environment...................................................................................................... 10 4.2.2 Non-IT Security Objectives ................................................................................................................................ 11

    5 IT Security Requirements .......................................................................................................12 5.1 Conventions............................................................................................................................................ 12 5.2 TOE Security Functional Requirements ........................................................................................... 12

    5.2.1 Class FAU: Security Audit ................................................................................................................................. 13 5.2.2 Class FDP: User Data Protection ....................................................................................................................... 15 5.2.3 Class FIA: Identification and Authentication .................................................................................................... 16 5.2.4 Class FMT: Security Management (FMT) ........................................................................................................ 17 5.2.5 Class FPT: Protection of the TOE Security Functions ..................................................................................... 22 5.2.6 Strength of Function............................................................................................................................................ 22

    5.3 Security requirements for the IT Environment ............................................................................... 23 5.3.1 Class FAU: Security Audit ................................................................................................................................. 23 5.3.2 Class FIA: Identification and Authentication .................................................................................................... 23 5.3.3 Class FPT: Protection of the TOE Security Functions ..................................................................................... 24

    5.4 TOE Security Assurance Requirements............................................................................................ 24 6 TOE Summary Specification ..................................................................................................26

  • iii

    6.1 IT Security Functions ........................................................................................................................... 26 6.1.1 Overview.............................................................................................................................................................. 26 6.1.2 Security Audit Function ...................................................................................................................................... 26 6.1.3 Manage User Access Function ........................................................................................................................... 29 6.1.4 Security Management Function.......................................................................................................................... 36 6.1.5 SOF Claims.......................................................................................................................................................... 38

    6.2 Assurance Measures ............................................................................................................................. 38 7 PP Claims ...............................................................................................................................42 8 Rationale.................................................................................................................................43

    8.1 Security Objectives Rationale ............................................................................................................. 43 8.1.1 Threats to Security .............................................................................................................................................. 43 8.1.2 Assumptions ........................................................................................................................................................ 46

    8.2 Security Requirements Rationale ....................................................................................................... 48 8.2.1 Functional Requirements .................................................................................................................................... 48 8.2.2 Dependencies....................................................................................................................................................... 51 8.2.3 Strength of Function............................................................................................................................................ 52 8.2.4 Assurance Requirements..................................................................................................................................... 52 8.2.5 Rationale that IT Security Requirements are Internally Consistent................................................................. 52 8.2.6 Explicitly Stated Requirements Rationale ......................................................................................................... 53 8.2.7 Requirements for the IT Environment ............................................................................................................... 54

    8.3 TOE Summary Specification Rationale ............................................................................................ 56 8.3.1 IT Security Functions.......................................................................................................................................... 56 8.3.2 Assurance Measures............................................................................................................................................ 59

    8.4 PP Claims Rationale ............................................................................................................................. 62 9 Appendix..........................