Cisco ASA Security Target - Common Criteria Adaptive Security Appliances Security Target 2 Table of Contents 1 SECURITY TARGET INTRODUCTION

  • View
    217

  • Download
    4

Embed Size (px)

Text of Cisco ASA Security Target - Common Criteria Adaptive Security Appliances Security Target 2 Table of...

  • Americas Headquarters:

    Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

    2016 Cisco Systems, Inc. This document can be reproduced in full without any modifications.

    Cisco Adaptive Security Appliances

    Security Target

    Version 3.1

    December 14, 2016

  • Cisco Adaptive Security Appliances Security Target

    2

    Table of Contents

    1 SECURITY TARGET INTRODUCTION .............................................................................91.1 ST and TOE Reference ................................................................................................... 91.2 TOE Overview................................................................................................................ 9

    1.2.1 TOE Product Type ...................................................................................................... 91.2.2 Supported non-TOE Hardware/ Software/ Firmware ............................................... 11

    1.3 TOE DESCRIPTION.................................................................................................... 121.4 TOE Evaluated Configuration ...................................................................................... 131.5 Physical Scope of the TOE ........................................................................................... 141.6 Logical Scope of the TOE............................................................................................. 15

    1.6.1 Security Audit ........................................................................................................... 151.6.2 Cryptographic Support.............................................................................................. 161.6.3 Full Residual Information Protection........................................................................ 161.6.4 Identification and authentication............................................................................... 161.6.5 Security Management ............................................................................................... 161.6.6 Protection of the TSF................................................................................................ 171.6.7 TOE Access .............................................................................................................. 171.6.8 Trusted path/Channels .............................................................................................. 171.6.9 Filtering..................................................................................................................... 17

    1.7 Excluded Functionality ................................................................................................. 182 Conformance Claims.............................................................................................................19

    2.1 Common Criteria Conformance Claim......................................................................... 192.2 Protection Profile Conformance ................................................................................... 19

    2.2.1 Protection Profile Additions ..................................................................................... 192.3 Protection Profile Conformance Claim Rationale ........................................................ 19

    2.3.1 TOE Appropriateness................................................................................................ 192.3.2 TOE Security Problem Definition Consistency........................................................ 192.3.3 Statement of Security Requirements Consistency .................................................... 20

    3 SECURITY PROBLEM DEFINITION................................................................................21

  • Cisco Adaptive Security Appliances Security Target

    3

    3.1 Assumptions.................................................................................................................. 213.2 Threats........................................................................................................................... 213.3 Organizational Security Policies................................................................................... 23

    4 SECURITY OBJECTIVES................................................................................................... 244.1 Security Objectives for the TOE................................................................................... 244.2 Security Objectives for the Environment...................................................................... 27

    5 SECURITY REQUIREMENTS ...........................................................................................285.1 Conventions .................................................................................................................. 285.2 TOE Security Functional Requirements ....................................................................... 285.3 SFRs Drawn from NDPP.............................................................................................. 30

    5.3.1 Security audit (FAU)................................................................................................. 305.3.2 Cryptographic Support (FCS) ................................................................................... 325.3.3 User data protection (FDP) ....................................................................................... 375.3.4 Identification and authentication (FIA) .................................................................... 375.3.5 Security management (FMT).................................................................................... 395.3.6 Protection of the TSF (FPT) ..................................................................................... 405.3.7 TOE Access (FTA) ................................................................................................... 415.3.8 Trusted Path/Channels (FTP).................................................................................... 425.3.9 Packeting Filtering (FPF).......................................................................................... 43

    5.4 SFRs from the TFFWEP PP ......................................................................................... 445.4.1 Stateful Traffic Filtering (FFW) ............................................................................... 44

    5.5 TOE SFR Dependencies Rationale for SFRs Found in NDPP..................................... 475.6 Security Assurance Requirements ................................................................................ 47

    5.6.1 SAR Requirements.................................................................................................... 475.6.2 Security Assurance Requirements Rationale ............................................................ 47

    5.7 Assurance Measures...................................................................................................... 486 TOE Summary Specification ................................................................................................49

    6.1 TOE Security Functional Requirement Measures ........................................................ 496.2 TOE Bypass and interference/logical tampering Protection Measures ........................ 72

    7 RATIONALE........................................................................................................................747.1 Security objectives rationale ......................................................................................... 74

    7.1.1 Tracing of security objectives to SPD ...................................................................... 74

  • Cisco Adaptive Security Appliances Security Target

    4

    7.1.2 Justification of tracing............................................................................................... 757.1.3 Security objectives conclusion.................................................................................. 77

    7.2 Rationale for requirements/TOE Objectives................................................................. 777.3 Rationale for TOE Security Objectives ........................................................................ 78

    8 Supplemental TOE Summary Specification Information......................................................828.1 Tracking of Stateful Firewall Connections ................................................................... 82

    8.1.1 Establishment and Maintenance of Stateful Connections......................................... 828.1.2 Viewing Connections and Connection States ........................................................... 828.1.3 Examples................................................................................................................... 86

    8.2 Key Zeroization ............................................................................................................ 878.3 NIST Special Publication 800-56A .............................................................................. 898.4 NIST Special Publication 800-56B............................................................................... 978.5 FIPS PUB 186-3, Appendix B Compliance................................................................ 104

    9 Annex A: References ..........................................................................................................107

  • Cisco Adaptive Security Appliances Security Target

    5

    List of Tables

    TABLE1ACRONYMS ........................................................................................................................................................................................... 6TABLE2:STANDTOEIDE

Recommended

View more >