hewlett-packard company 5900 series, 5900cp series, · pdf filehewlett-packard hewlett-packard...
TRANSCRIPT
Hewlett-Packard
Hewlett-Packard Company 5900 Series,
5900CP Series, 5920 Series, 5930 Series,
10500 Series, 12500 Series and 12900 Series
Switches
Security Target
Version 2.0
February 16, 2015
Prepared for:
Hewlett-Packard Development Company, L.P.
11445 Compaq Center Drive West
Houston, Texas 77070
Prepared by:
Leidos Inc (formerly Science Applications International Corporation)
Common Criteria Testing Laboratory
6841 Benjamin Franklin Drive, Columbia, Maryland 21046
Security Target Version 2.0, 02/16/2015
2
1. SECURITY TARGET INTRODUCTION ........................................................................................................... 4
1.1 SECURITY TARGET, TOE AND CC IDENTIFICATION ........................................................................................ 4 1.2 CONFORMANCE CLAIMS ................................................................................................................................. 5 1.3 CONVENTIONS ................................................................................................................................................ 5
1.3.1 Abbreviations and Acronyms ................................................................................................................ 6
2. TOE DESCRIPTION .......................................................................................................................................... 7
2.1 TOE OVERVIEW ........................................................................................................................................... 8
2.1.1 5900 Series Switches ............................................................................................................................. 8
2.1.2 5900CP Series Switches ........................................................................................................................ 8
2.1.3 5920 Series Switches ............................................................................................................................. 8
2.1.4 5930 Series Switches ............................................................................................................................. 8
2.1.5 10500 Series Switches ........................................................................................................................... 8
2.1.6 12500 Series Switches ........................................................................................................................... 9
2.1.7 12900 Series Switches ......................................................................................................................... 10
2.2 TOE ARCHITECTURE .................................................................................................................................... 10 2.2.1 Modular Design ................................................................................................................................... 11
2.2.2 Intelligent Resilient Framework .......................................................................................................... 12
2.2.3 Multitenant Device Context ................................................................................................................. 13
2.2.4 Physical Boundaries ............................................................................................................................. 13
2.2.5 Logical Boundaries .............................................................................................................................. 13
2.3 TOE DOCUMENTATION ................................................................................................................................ 15
3. SECURITY PROBLEM DEFINITION .......................................................................................................... 16
4. SECURITY OBJECTIVES .............................................................................................................................. 17
4.1 SECURITY OBJECTIVES FOR THE ENVIRONMENT ........................................................................................... 17
5. IT SECURITY REQUIREMENTS .................................................................................................................. 18
5.1 EXTENDED REQUIREMENTS .......................................................................................................................... 18 5.2 TOE SECURITY FUNCTIONAL REQUIREMENTS ............................................................................................. 19
5.2.1 Security Audit (FAU) .......................................................................................................................... 20
5.2.2 Cryptographic Support (FCS) .............................................................................................................. 21
5.2.3 User Data Protection (FDP) ................................................................................................................. 23
5.2.4 Identification and Authentication (FIA) .............................................................................................. 23
5.2.5 Security Management (FMT) .............................................................................................................. 24
5.2.6 Protection of the TSF (FPT) ................................................................................................................ 24
5.2.7 TOE Access (FTA) .............................................................................................................................. 25
5.2.8 Trusted path/channels (FTP) ................................................................................................................ 25
5.3 TOE SECURITY ASSURANCE REQUIREMENTS ............................................................................................... 27
6. TOE SUMMARY SPECIFICATION .............................................................................................................. 27
6.1 SECURITY AUDIT .......................................................................................................................................... 27 6.2 CRYPTOGRAPHIC SUPPORT ........................................................................................................................... 28 6.3 USER DATA PROTECTION ............................................................................................................................. 37 6.4 IDENTIFICATION AND AUTHENTICATION ...................................................................................................... 37
Security Target Version 2.0, 02/16/2015
3
6.5 SECURITY MANAGEMENT ............................................................................................................................. 38 6.6 PROTECTION OF THE TSF ............................................................................................................................. 38 6.7 TOE ACCESS ................................................................................................................................................ 39 6.8 TRUSTED PATH/CHANNELS .......................................................................................................................... 40
7. PROTECTION PROFILE CLAIMS ............................................................................................................... 41
8. RATIONALE ..................................................................................................................................................... 42
8.1 TOE SUMMARY SPECIFICATION RATIONALE ................................................................................................ 42
APPENDIX A: DOCUMENTATION FOR HP 5900, 5900CP, 5920, 5930 10500, 12500 AND 12900
SWITCHES ................................................................................................................................................................ 44
LIST OF TABLES
Table 1 TOE Series and Devices ................................................................................................................................. 5 Table 2: TOE Security Functional Components ..................................................................................................... 19 Table 3: Auditable Events ......................................................................................................................................... 21 Table 4: Assurance Components .............................................................................................................................. 27 Table 5: Cryptographic Functions ........................................................................................................................... 29 Table 6: NIST SP800-56B Conformance ................................................................................................................. 30 Table 7 SFR Protection Profile Sources .................................................................................................................. 41 Table 8 Security Functions vs. Requirements Mapping ......................................................................................... 43
Security Target Version 2.0, 02/16/2015
4
1. Security Target Introduction
This section identifies the Security Target (ST) and Target of Evaluation (TOE) id