Cisco Nexus 7000 Series Switch Security Target ST] Nexus 7000...Cisco Nexus 7000 Series Switch Security Target Version 1.0 ... The Nexus 7k switches are modular and are available in

  • View
    222

  • Download
    6

Embed Size (px)

Text of Cisco Nexus 7000 Series Switch Security Target ST] Nexus 7000...Cisco Nexus 7000 Series Switch...

  • Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA 2015 Cisco Systems, Inc. All rights reserved.

    Cisco Nexus 7000 Series Switch

    Security Target Version 1.0 July 23, 2015

  • Cisco Nexus 7000 Series Switch Security Target

    2

    Table of Contents

    1 SECURITY TARGET INTRODUCTION ............................................................................. 8 1.1 ST and TOE Reference .................................................................................................... 8 1.2 TOE Overview ................................................................................................................. 8

    TOE Product Type .................................................................................................... 9 1.2.1 Supported non-TOE Hardware/ Software/ Firmware ............................................. 11 1.2.2

    1.3 TOE DESCRIPTION ..................................................................................................... 11 1.4 TOE Evaluated Configuration ........................................................................................ 13 1.5 Physical Scope of the TOE ............................................................................................. 14 1.6 Logical Scope of the TOE .............................................................................................. 15

    Security Audit ......................................................................................................... 16 1.6.1 Cryptographic Support ............................................................................................ 16 1.6.2 Full Residual Information Protection ...................................................................... 17 1.6.3 Identification and authentication ............................................................................. 17 1.6.4 Information Flow Control ....................................................................................... 17 1.6.5 Security Management ............................................................................................. 18 1.6.6 Protection of the TSF .............................................................................................. 19 1.6.7 TOE Access ............................................................................................................ 19 1.6.8 Trusted path/Channels ............................................................................................ 19 1.6.9

    1.7 Excluded Functionality .................................................................................................. 19 2 Conformance Claims ............................................................................................................. 21

    2.1 Common Criteria Conformance Claim .......................................................................... 21 2.2 Protection Profile Conformance ..................................................................................... 21

    3 SECURITY PROBLEM DEFINITION ................................................................................ 22 3.1 Assumptions ................................................................................................................... 22 3.2 Threats ............................................................................................................................ 22 3.3 Organizational Security Policies .................................................................................... 23

    4 SECURITY OBJECTIVES ................................................................................................... 24 4.1 Security Objectives for the TOE .................................................................................... 24 4.2 Security Objectives for the Environment ....................................................................... 24

    5 SECURITY REQUIREMENTS ............................................................................................ 26 5.1 Extended TOE Security Functional Components ........................................................... 26

    Cryptographic Support (FCS) ................................................................................. 26 5.1.1 Cryptographic Protocols (FCS_SSH_EXT) ........................................................... 27 5.1.2 User data protection (FDP) ..................................................................................... 28 5.1.3 Identification and authentication (FIA) .................................................................. 29 5.1.4 Protection of Administrator Passwords (FPT_APW_EXT) ................................... 32 5.1.5

    5.2 Conventions .................................................................................................................... 33 5.3 TOE Security Functional Requirements ........................................................................ 34 5.4 SFRs ............................................................................................................................... 35

    Security audit (FAU) ............................................................................................... 35 5.4.1 Cryptographic Support (FCS) ................................................................................. 36 5.4.2 User data protection (FDP) ..................................................................................... 38 5.4.3

  • Cisco Nexus 7000 Series Switch Security Target

    3

    Identification and authentication (FIA) .................................................................. 40 5.4.4 Security Management (FMT) ................................................................................. 40 5.4.5 Protection of the TSF (FPT) ................................................................................... 43 5.4.6 TOE Access (FTA) ................................................................................................. 43 5.4.7 Trusted Path/Channels (FTP) .................................................................................. 43 5.4.8

    5.5 TOE SFR Hierarchies and Dependencies ...................................................................... 44 5.6 Extended TOE Security Functional Components Definition ......................................... 45

    Security Assurance Requirements Rationale .......................................................... 47 5.6.15.7 Assurance Measures ....................................................................................................... 48

    6 TOE Summary Specification ..................................................................................................... 50 6.1 TOE Security Functional Requirement Measures .......................................................... 50 6.2 TOE Bypass and interference/logical tampering Protection Measures .......................... 60 6.3 Rationale for requirements/TOE Objectives .................................................................. 62 6.4 Rationale for TOE Security Objectives .......................................................................... 62 6.5 Security objectives rationale .......................................................................................... 66

    Tracing of security objectives to SPD .................................................................... 66 6.5.1 Justification of tracing ............................................................................................. 66 6.5.2

    7 Annex A: Key Zeroization .................................................................................................... 68 7.1 Key Zeroization .............................................................................................................. 68

    8 Annex B: References ............................................................................................................. 69

  • Cisco Nexus 7000 Series Switch Security Target

    4

    List of Tables TABLE 1 ACRONYMS ........................................................................................................................................................................................... 5 TABLE 2 TERMINOLOGY .................................................................................................................................................................................... 6 TABLE 3 ST AND TOE IDENTIFICATION ......................................................................................................................................................... 8 TABLE 4 IT ENVIRONMENT COMPONENTS .................................................................................................................................................. 11 TABLE 5: HARDWARE MODELS AND SPECIFICATIONS ............................................................................................................................... 11 TABLE 6 FIPS REFERENCES ........................................................................................................................................................................... 16 TABLE 7 TOE PROVIDED CRYPTOGRAPHY .................................................................................................................................................. 16 TABLE 8 EXCLUDED FUNCTIONALITY ........................................................................................................................................................... 19 TABLE 9 TOE ASSUMPTIONS ................................................................................................................................................................