WIXLIB

McAfee, Inc.McAfee Endpoint Encryption for PCwith McAfee Endpoint Encryption ManagerCommon CriteriaSecurity TargetMcAfee, Inc.2821 Mission College Blvd.Santa Clara, CA 95054888.847.8766www.mcafee.com 2011 McAfee, Inc. This document may be reproduced only in its original entirety [without revision].The information in this document is provided only for educational purposes and for the convenience ofMcAfee‟s customers. The information contained herein is subject to change without notice, and isprovided “as is” without guarantee or warranty as to the accuracy or applicability of the information toany specific situation or circumstance. McAfee, Avert, and Avert Labs are trademarks or registeredtrademarks of McAfee, Inc. in the United States and other countries. All other names and brands maybe the property of others.

www.mcafee.comTable of Contents1SECURITY TARGET INTRODUCTION . 81.11.21.32SECURITY TARGET IDENTIFICATION . 8SECURITY TARGET OVERVIEW . 8COMMON CRITERIA CONFORMANCE CLAIM . 8TOE DESCRIPTION . 82.12.22.32.42.5SCOPE AND BOUNDARIES OF THE TOE. 9MCAFEE ENDPOINT ENCRYPTION FOR PC FAMILY FUNCTIONAL OVERVIEW . 10MCAFEE ENDPOINT ENCRYPTION CLIENT. 11TOKEN-BASED ACCESS CONTROL . 11TOE INTERFACES . 122.5.1 TOE Client Interfaces. 122.5.2 TOE Manager Interfaces . 122.6 TOE CLIENT OPERATIONAL ENVIRONMENT . 132.7 TOE MANAGER OPERATIONAL ENVIRONMENT . 132.8 ROLES AND SERVICES. 132.9 ACCESS TO SERVICES . 162.10CRYPTOGRAPHIC KEY MANAGEMENT . 162.10.1Key generation . 172.10.2Key entry and output . 172.10.3Key storage . 172.10.4Protection of key material . 172.10.5Zeroization of key material . 172.11CRYPTOGRAPHIC ALGORITHMS . 182.12SELF-TESTS . 182.13POWER-UP SELF-TESTS . 182.13.1Conditional self-tests . 183TOE SECURITY ENVIRONMENT . 183.1ASSUMPTIONS . 183.1.1 Personnel Assumptions . 183.1.2 Physical Assumptions . 193.1.3 System Assumptions . 193.2 THREATS . 193.3 ORGANISATIONAL SECURITY POLICIES . 214SECURITY OBJECTIVES . 214.14.25OBJECTIVES FOR THE TOE . 21OBJECTIVES FOR THE ENVIRONMENT . 224.2.1 Security Objectives for the IT Environment . 224.2.2 Security Objectives for the Non-IT Environment . 23IT SECURITY REQUIREMENTS . 235.1TOE SECURITY FUNCTIONAL REQUIREMENTS . 235.1.1 TOE Client Security Functional Requirements . 245.1.2 McAfee Endpoint Encryption Manager . 305.2 TOE SECURITY ASSURANCE REQUIREMENTS . 355.3 SECURITY REQUIREMENTS FOR THE IT ENVIRONMENT . 356TOE SUMMARY SPECIFICATION . 356.1TOE SECURITY FUNCTIONS . 366.1.1 User Access Control – TSF.USER ACCESS CONTROL. 386.1.2 Admin User Access Control – TSF.MGR USER ACCESS CONTROL . 396.1.3 User Authentication – TSF.USER AUTHENTICATION . 392

www.mcafee.com6.1.4 TOE Manager User Authentication – TSF.MGR USER AUTHENTICATION. 396.1.5 Management of TOE by User – TSF.MANAGEMENT BY USER . 406.1.6 Hard Disk Encryption – TSF.HDD ENCRYPTION . 406.1.7 Hard Disk Encryption Key Management – TSF.HDD ENC KEYMAN . 406.1.8 Administrative Access Control – TSF.ADMIN ACCESS CONTROL . 416.1.9 Secure Management – TSF.SECURE MANAGEMENT. 416.1.10Audit – TSF.SECURITY AUDIT. 426.1.11Self-Protection of the TOE – TSF.PROTECTION . 436.1.12McAfee Endpoint Encryption Manager – TSF.ADMINISTRATION SERVER . 446.2 ASSURANCE MEASURES . 447PROTECTION PROFILE CLAIMS . 458RATIONALE . 458.18.28.38.48.59SECURITY OBJECTIVES RATIONALE. 45SECURITY REQUIREMENTS RATIONALE . 50TOE SUMMARY SPECIFICATION RATIONALE . 57PP CLAIMS RATIONALE . 58SECURITY ASSURANCE REQUIREMENTS RATIONALE . 58APPENDIX A – ADMINISTRATIVE OPTIONS . 583

www.mcafee.comTable of FiguresFigure 1 TOE logical boundary . 9Figure 2 TOE IT environment . 10Figure 3 Roles . 13Figure 4 Roles and Required Identification and Authentication . 14Figure 5 Strength of Authentication Mechanisms . 15Figure 6 Services Authorized for Roles . 16Figure 7 Keys used by McAfee Endpoint Encryption Client . 17Figure 8 Power-up self-tests . 18Figure 9 Functional components of the TOE Client . 24Figure 10 Functional components of the TOE Manager . 30Figure 11 Assurance Components . 35Figure 12 Mapping Security Functions to Security Functional Requirements . 38Figure 13 Mapping of Assurance Components to Assurance Measures . 45Figure 14 Mapping Threats, Assumptions and Policies to Objectives . 46Figure 15 Mapping Security Objectives to Threats, Assumptions and Policies . 47Figure 16 Mapping of Security Objectives to Functional and Assurance Requirements . 52Figure 17 Justification of the mapping of security objectives to security functional requirements . 57Figure 18 Mapping of Security Functions to Security Objectives . 574

www.mcafee.comReferencesCCCommon Criteria for Information Technology Security Evaluation, Version 3.1 revision3, July 2009.FIPS-PUB 180Federal Information Processing Standard Publication (FIPS-PUB) 180-1, Secure HashStandard, 17 April 1995FIPS-PUB 186Federal Information Processing Standard Publication (FIPS-PUB) 186-2, DigitalSignature Standard (DSS), 5 October 2001FIPS-PUB 197Federal Information Processing Standard Publication (FIPS-PUB) 197, AdvancedEncryption Standard (AES), 26 November 2001FIPS-PUB 140Federal Information Processing Standard Publication (FIPS-PUB) 140-2, IncludingChange Notices, Security Requirements for Cryptographic Modules, 3 evice Encryption 5 PC Administrators GuideVersion: 2006/09RFC 2631Diffie-Hellman Key Agreement Method, June 1999RFC 2898PKCS #5: Password-Based Cryptography Specification Version 2.0, September 20005

www.mcafee.comGlossaryAESAdvanced Encryption StandardAuthorised AdministratorAny entity that is able to establish a secure management session withthe TOEAuthorised UserAny entity that has logged on to the TOE Client through the logon GUICAVPCryptographic Algorithm Validation ProgramCCCommon CriteriaCSPCritical Security ParametersDLLDynamic Link LibraryDSADigital Signature AlgorithmDSSDigital Signature StandardEALEvaluation Assurance LevelFIPSFederal Information Processing StandardGUIGraphical User InterfaceIPCInter-process communicationITInformation TechnologyMachineThe TOE PCMBRMaster Boot RecordMcAfee EndpointEncryption ManagerA McAfee software installation to allow configuration andmanagement of a McAfee Endpoint Encryption for PC deploymentOSOperating SystemPKCS-5Public Key Cryptography Standard 5 (Password-Based CryptographySpecification)SARSecurity Assurance RequirementSFPSecurity Function PolicySFRSecurity Functional RequirementSHA-1Secure Hash AlgorithmSOFStrength of FunctionSTSecurity TargetStorage MediaAny media for which TOE protection in the form of data encryption isrequired. Storage Media include internal and external hard drives,memory sticks and floppy disks.6

www.mcafee.comTCP/IPTransmission Control Protocol/Internet ProtocolTOETarget of EvaluationTOE ClientThe McAfee Endpoint Encryption for PC client deploymentTOE DataThe encrypted contents of the TOE storage media.TOE ManagerThe McAfee Endpoint Encryption ManagerTSCTSF Scope of ControlTSFTOE Security FunctionsTSPTOE Security Policy7

www.mcafee.com1 Security Target Introduction1.1Security Target IdentificationSecurity Target Title: McAfee Endpoint Encryption for PC with McAfee Endpoint Encryption ManagerCommon Criteria Security Target.Security Target Version: 1.23.TOE Identification: McAfee Endpoint Encryption for PC version 5.2.6 with McAfee Endpoint EncryptionManager version 5.2.6.Evaluation Assurance Level (EAL): EAL4 ALC FLR.3.Common Criteria Identification: Common Criteria for Information Technology Security Evaluation,Version v3.1, Revision 3, July 2009.Protection Profile Conformance: NoneKeywords: disk encryption, access control, security target, EAL4 , McAfee, Inc., McAfee EndpointEncryption.1.2Security Target OverviewMcAfee Endpoint Encryption for PC is a Personal Computer (PC) security system that prevents the datastored on a PC from being read or used by an unauthorized person. It combines single sign-on useraccess control with transparent full encryption of storage media to offer effective security for PCs runningthe Microsoft Windows operating system.Management, deployment and user recovery are handled by a centralised McAfee Endpoint EncryptionManager and communication between the McAfee Endpoint Encryption Client and this administrativeserver is via TCP/IP using a cryptographically secure proprietary protocol.1.3Common Criteria Conformance ClaimThe identified TOE conforms to the following specifications: Common Criteria for Information Technology Security Evaluation Part 2: Security functionalrequirements, Version 3.1, Revision 3, July 2009.o Part 2 Conformant Common Criteria for Information Technology Security Evaluation Part 3: Security assurancerequirements, Version 3.1, Revision 3, July 2009.o Part 3 Conformanto Evaluation Assurance Level 4 (EAL4) augmented with ALC FLR.3.2 TOE DescriptionMcAfee Endpoint Encryption for PC is a Personal Computer (PC) security system that prevents the datastored on a PC‟s storage media (hard drive(s) or external media, including floppy disks, external harddrives, memory sticks, etc., as appropriate) from being read or used by an unauthorized person. Insimple terms, the McAfee Endpoint Encryption Client takes control of a user‟s storage media away fromthe operating system. The McAfee Endpoint Encryption Client encrypts data written to the storagemedia, and decrypts data read from it. If the storage media is read directly, one would find only encrypteddata, even in the Windows swap file and temporary file areas. The McAfee Endpoint Encryption Managerprovides the functionality to securely deploy, configure and manage the McAfee Endpoint EncryptionClient.8

www.mcafee.comIn this document, the McAfee Endpoint Encryption Client is also known as the TOE Client, and theMcAfee Endpoint Encryption Manager is also known as the TOE Manager. If “TOE” is used, this refers toboth the TOE Client and TOE Manager.Communication between the TOE Client and the TOE Manager is via a secure management session.2.1Scope and boundaries of the TOEThe components of the TOE are installed on general-purpose computers. The McAfee EndpointEncryption for PC client and McAfee Endpoint Encryption Manager are installed on two separate PCsconnected via a network. The physical boundary of the TOE is/are the software applications themselvesand the APIs that they expose.The logical boundary of the TOE is the application software that corresponds to version 5.2.6 of theMcAfee Endpoint Encryption Client and v5.2.6 of the McAfee Endpoint Encryption Manager. See Figure1 below.Figure 1 TOE logical boundaryAt the TOE boundary are its interfaces. There is a man-machine access control interface to allow a userto submit logon credentials for authentication. There is a disk drive interface to allow the contents of thedisk drives to be secured through encryption, and there is a secure management interface to allowsecure communication between McAfee Endpoint Encryption for PC and McAfee Endpoint EncryptionManager.The IT environment of the TOE Client includes a PC running one of Microsoft Windows XP Professionalwith Service Pack 3, Windows Vista (32-bit or 64-bit) with service pack 1, or Windows 7 (32-bit or 64-bit)operating systems.The IT environment of the TOE Manager includes a PC running one of the 64-bit variants of MicrosoftWindows Server 2008 with Service Pack 1 and any variant of Microsoft Windows Server 2003 withService Pack 2.9