View
7
Download
0
Embed Size (px)
EMC Documentum
EMC Documentum Content ServerTM V5.3
and EMC Documentum AdministratorTM V5.3
Security Target V2.0 December 8, 2005
ST prepared by
Suite 5200, 4925 Jones Branch Drive♦McLean, VA 22102-3305♦703 848-0883♦Fax 703 848-0960
ii
TABLE OF CONTENTS SECTION PAGE
1 Security Target Introduction ....................................................................................................1 1.1 Security Target Identification ............................................................................................................... 1 1.2 Security Target Overview...................................................................................................................... 1 1.3 Common Criteria Conformance........................................................................................................... 1 1.4 Document Organization ......................................................................................................................... 1
2 TOE Description .......................................................................................................................3 2.1 Product Type............................................................................................................................................ 3 2.2 EMC Documentum Content Server Components ............................................................................. 3
2.2.1 EMC Documentum Content Server ..................................................................................................................... 3 2.2.2 Connection Broker ................................................................................................................................................ 4 2.2.3 Administrator Interfaces ....................................................................................................................................... 4
2.3 TSF Physical Boundary and Scope of the Evaluation....................................................................... 5 2.4 Logical Boundary .................................................................................................................................... 6 2.5 TOE Security Environment................................................................................................................... 7
3 TOE Security Environment ......................................................................................................8 3.1 Assumptions ............................................................................................................................................. 8 3.2 Threats ...................................................................................................................................................... 8
4 Security Objectives..................................................................................................................10 4.1 Security Objectives for the TOE......................................................................................................... 10 4.2 Security Objectives for the Environment.......................................................................................... 10
4.2.1 Security Objectives for the IT Environment...................................................................................................... 10 4.2.2 Non-IT Security Objectives ................................................................................................................................ 11
5 IT Security Requirements .......................................................................................................12 5.1 Conventions............................................................................................................................................ 12 5.2 TOE Security Functional Requirements ........................................................................................... 12
5.2.1 Class FAU: Security Audit ................................................................................................................................. 13 5.2.2 Class FDP: User Data Protection ....................................................................................................................... 15 5.2.3 Class FIA: Identification and Authentication .................................................................................................... 16 5.2.4 Class FMT: Security Management (FMT) ........................................................................................................ 17 5.2.5 Class FPT: Protection of the TOE Security Functions ..................................................................................... 22 5.2.6 Strength of Function............................................................................................................................................ 22
5.3 Security requirements for the IT Environment ............................................................................... 23 5.3.1 Class FAU: Security Audit ................................................................................................................................. 23 5.3.2 Class FIA: Identification and Authentication .................................................................................................... 23 5.3.3 Class FPT: Protection of the TOE Security Functions ..................................................................................... 24
5.4 TOE Security Assurance Requirements............................................................................................ 24 6 TOE Summary Specification ..................................................................................................26
iii
6.1 IT Security Functions ........................................................................................................................... 26 6.1.1 Overview.............................................................................................................................................................. 26 6.1.2 Security Audit Function ...................................................................................................................................... 26 6.1.3 Manage User Access Function ........................................................................................................................... 29 6.1.4 Security Management Function.......................................................................................................................... 36 6.1.5 SOF Claims.......................................................................................................................................................... 38
6.2 Assurance Measures ............................................................................................................................. 38 7 PP Claims ...............................................................................................................................42 8 Rationale.................................................................................................................................43
8.1 Security Objectives Rationale ............................................................................................................. 43 8.1.1 Threats to Security .............................................................................................................................................. 43 8.1.2 Assumptions ........................................................................................................................................................ 46
8.2 Security Requirements Rationale ....................................................................................................... 48 8.2.1 Functional Requirements .................................................................................................................................... 48 8.2.2 Dependencies....................................................................................................................................................... 51 8.2.3 Strength of Function............................................................................................................................................ 52 8.2.4 Assurance Requirements..................................................................................................................................... 52 8.2.5 Rationale that IT Security Requirements are Internally Consistent................................................................. 52 8.2.6 Explicitly Stated Requirements Rationale ......................................................................................................... 53 8.2.7 Requirements for the IT Environment ............................................................................................................... 54
8.3 TOE Summary Specification Rationale ............................................................................................ 56 8.3.1 IT Security Functions.......................................................................................................................................... 56 8.3.2 Assurance Measures............................................................................................................................................ 59
8.4 PP Claims Rationale ............................................................................................................................. 62 9 Appendix..........................
