Transcription
BMC Atrium Discovery andDependency Mapping 10.0Security TargetVersion 0.1210 February 2015
Copyright 2015 BMC Software, Inc. All rights reserved.BMC, BMC Software, and the BMC Software logo are the exclusive properties of BMC Software, Inc., are registered with the U.S. Patent and TrademarkOffice, and may be registered or pending registration in other countries. All other BMC trademarks, service marks, and logos may be registered orpending registration in the U.S. or in other countries. All other trademarks or registered trademarks are the property of their respective owners.IBM and DB2 are registered trademarks of International Business Machines Corporation.Linux is a registered trademark of Linus Torvalds.Microsoft, Windows and Windows Server are registered trademarks of Microsoft CorporationOracle, Java and Solaris are registered trademark of Oracle.UNIX is a registered trademark of The Open Group.BMC Software considers information included in this documentation to be proprietary and confidential. Your use of this information is subject to the termsand conditions of the applicable End User License Agreement for the product and the proprietary and restricted rights notices included in thisdocumentation.Restricted Rights LegendU.S. Government Restricted Rights to Computer Software. UNPUBLISHED -- RIGHTS RESERVED UNDER THE COPYRIGHT LAWS OF THEUNITED STATES. Use, duplication, or disclosure of any data and computer software by the U.S. Government is subject to restrictions, as applicable, setforth in FAR Section 52.227-14, DFARS 252.227-7013, DFARS 252.227-7014, DFARS 252.227-7015, and DFARS 252.227-7025, as amended fromtime to time. Contractor/Manufacturer is BMC Software, Inc., 2101 City West Blvd., Houston, TX 77042-2827, USA. Any contract notices should be sentto this address.
Document Revision HistoryDateRevisionAuthorChanges made15 February 20130.01Catherine SkrbinaInitial Draft2 March 20130.02Catherine SkrbinaSecond Draft27 March 20130.03Catherine SkrbinaThird Draft21 October 20130.04Ron StarmanCirculated for initial internal review27 February 20140.05Ron StarmanSubmitted for Registration24 March 20140.06TMAddressed evaluator verdicts29 May 20140.07TMUpdated TOE diagram, addressedevaluator ORs24 June 20140.08TMTOE version change4 September 20140.09TMAddressed certifier comments25 September 20140.10TMAddressed evaluator comments5 February 20150.11TMAddressed evaluator comments10 February 20150.12TMUpdated CAVP numbers3BMC SOFTWARE, INC
TABLE OF CONTENTS1SECURITY TARGET INTRODUCTION 61.11.21.31.41.5Security Target Reference. 6TOE Reference . 6Document References . 6Document Conventions . 7Document Terminology . 71.5.1CC Terminology. 71.5.2Abbreviations . 81.5.3ADDM Terminology . 91.6TOE Overview. 101.6.1General . 101.6.2TOE Type. 121.6.3Required non-TOE Hardware and Software . 121.7TOE Description. 131.7.1Product Type and Evaluated Component Names . 131.7.2Logical Scope and Boundary . 161.7.3Functionalities Excluded from the Evaluated TOE . 182CONFORMANCE CLAIMS 192.12.22.33SECURITY PROBLEM DEFINITION 203.13.23.34Security Objectives for the TOE . 22Security Objectives for the Environment . 22Security Objectives Rationale. 23EXTENDED COMPONENTS DEFINITION 255.15.26Threats . 20Organizational Security Policies . 20Assumptions. 20SECURITY OBJECTIVES 224.14.24.35Common Criteria Conformance Claim . 19Protection Profile Claim . 19Assurance Package Claim . 19Discovery (DDM DIS) . 25Determine Dependency Relationships (DDM DEP). 25SECURITY REQUIREMENTS 276.1Security Functional Requirements . 27BMC SOFTWARE, INC4
6.1.16.1.26.1.36.1.46.1.56.1.66.1.76.1.8Security Audit (FAU) . 29Cryptographic Support (FCS) . 30User Data Protection (FDP) . 31Identification and Authentication (FIA) . 32Security Management (FMT) . 33Protection of the TSF (FPT) . 35Trusted Path/Channels (FTP) . 36Discovery and Dependency Mapping (DDM). 366.2Security Assurance Requirements. 376.3Security Requirements Rationale. 376.3.1Security Functional Requirements Rationale . 376.3.2Rationale for SFR Dependencies . 416.3.3Security Assurance Requirements Rationale. 427TOE SUMMARY SPECIFICATION 437.17.27.37.47.57.67.77.87.95Mapping of the TSFs to SFRs . 43Security Audit Data Generation . 44Cryptographic Support. 48User Data Protection. 51Identification and Authentication. 52Security Management. 53Protection of the TSF . 58Trusted Path/Channel . 58Discovery and Dependency Mapping . 58BMC SOFTWARE, INC
1 SECURITY TARGET INTRODUCTIONThis section presents Security Target (ST) identification information and an overview of the ST for BMC Atrium Device and Dependency Mapping 10(hereinafter referred to as BMC Atrium Discovery or ADDM).An ST contains the information technology (IT) security requirements of an identified Target of Evaluation (TOE) and specifies the functional andassurance security measures offered by that TOE to meet stated requirements. An ST principally defines: A security problem expressed as a set of assumptions about the security aspects of the environment, a list of threats that the product isintended to counter, and any known rules with which the product must comply (TOE Security Environment section). A set of security objectives and a set of security requirements to address the security problem (Security Objectives and IT SecurityRequirements sections, respectively).The structure and content of this ST comply with the requirements specified in Annex A Specification of Security Targets of [CCP1] and Section 11 ClassASE: Security Target evaluation of [CCP3].1.1Security Target ReferenceST Title:BMC Atrium Discovery and Dependency Mapping 10 Security TargetST Version:Version 0.12ST Date:10 February 20151.2TOE ReferenceTOE Identification:BMC Atrium Discovery and Dependency Mapping 10TOE DeveloperBMC Software, Inc.TOE TypeApplication Discovery and Management1.3Document ReferencesThe following references are used in this ST:Abbreviation[ANSI X9.31][CC]DocumentANSI Standard X9.31. Digital Signatures Using Reversible Public Key Cryptography for the Financial Servicesindustry (rDSA). January 1998[FIPS140-2]Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012,CCMB-2012-09-(001 to 003)Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and GeneralModel; CCMB-2012-09-001, Version 3.1, Revision 4, July 2012Common Criteria for Information Technology Security Evaluation, Part 2: Security FunctionalComponents; CCMB-2012-09-002, Version 3.1, Revision 4, September 2012Common Criteria for Information Technology Security Evaluation, Part 3: Security AssuranceComponents; CCMB-2012-09-003, Version 3.1, Revision 4, September 2012Common Methodology for Information Technology Security Evaluation; CCMB-2012-09-004, Version 3.1,Revision 4, September 2012FIPS PUB 140-2. Security Requirements for Cryptographic Modules. May 2001[FIPS180-3]FIPS PUB 180-3. Secure Hash Standard (SHS). October 2008[FIPS186-2][FIPS197]FIPS PUB 186-
ST Title: BMC Atrium Discovery and Dependency Mapping 10 Security Target ST Version: Version 0.12 ST Date: 10 February 2015 1.2 TOE Reference TOE Identification: BMC Atrium Discovery and Dependency Mapping 10 TOE Developer BMC Software, Inc. TOE Type Application Discovery and Management 1.3 Document References
