WIXLIB

McAfee Endpoint Encryption 7.0 for PCwith McAfee ePolicy Orchestrator 4.6Common Criteria EAL2 Security TargetPrepared for McAfee, Inc. byMcAfee, Inc.2821 Mission College Blvd.Santa Clara, CA 95054888.847.8766www.mcafee.comPrimasec Ltd

www.mcafee.comContents123456Introduction . 41.1 ST Reference. 41.2 TOE Reference . 41.3 Document Organization . 41.4 Document Conventions. 51.5 Document Terminology. 51.6 TOE Overview . 61.7 TOE Description . 71.7.1 Physical Boundary . 81.7.2 Hardware and Software Supplied by the IT Environment . 121.7.3 Logical Boundary . 131.7.4 TOE Data . 131.8 Rationale for Non-bypassability and Separation of the TOE . 13Conformance Claims . 142.1 Common Criteria Conformance Claim . 142.2 Protection Profile Conformance Claim . 14Security Problem Definition . 143.1 Threats. 143.2 Organizational Security Policies . 163.3 Assumptions . 163.3.1 Personnel Assumptions. 163.3.2 Physical Assumptions . 173.3.3 System Assumptions . 17Security Objectives. 184.1 Security Objectives for the TOE . 184.2 Security Objectives for the Operational Environment . 194.2.1 Security Objectives for the IT Environment . 194.2.2 Security Objectives for the Non-IT Environment . 194.3 Security Objectives Rationale. 20Extended Components Definition. 275.1.1 Class FDP: User Data Protection . 27Security Requirements. 296.1 Security Functional Requirements . 296.1.1 Security Audit (FAU) . 296.1.2 User Data Protection (FDP) . 316.1.3 Cryptographic Support (FCS). 316.1.4 Identification and Authentication (FIA) . 326.1.5 Security Management (FMT) . 336.1.6 Protection of the TSF (FPT) . 336.2 Security Assurance Requirements . 34 2013 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.2

www.mcafee.com6.3 CC Component Hierarchies and Dependencies . 346.4 Security Requirements Rationale . 366.4.1 Security Functional Requirements for the TOE . 366.4.2 Security Assurance Requirements . 397 TOE Summary Specification . 407.1 Installation . 407.2 Cryptographic Operations . 427.3 Identification and Authentication . 437.4 Audit . 437.4.1 Administrator Audit Log. 447.4.2 User Audit Log . 447.5 Management . 447.6 Protection of the TSF . 45FiguresFigure 1 Document Organization . 4Figure 2 Glossary . 6Figure 3 TOE Boundary . 9Figure 4 TOE Component Inter-communication. 9Figure 5 TOE Components . 10Figure 6 TOE Administration . 11Figure 7 ePO Server Requirements . 12Figure 8 TOE Endpoint System Requirements . 13Figure 9 Matching Threats and Organizational Security Policies with Security Objectives for the ITEnvironment. 22Figure 10 Matching Threats and Organizational Security Policies with Security Objectives . 24Figure 11 Security Functional Requirements of the TOE . 29Figure 12 Security Assurance Requirements . 34Figure 13 CC Component Hierarchies and Dependencies . 35Figure 14 Matching Security Functional Requirements to Security Objectives . 37Figure 15 Security Functional Requirements Rationale . 38Figure 16 Security Assurance Requirements Evidence . 39Figure 17 Client installation overview . 41Figure 18 TOE Cryptographic Keys . 43 2013 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.3

www.mcafee.com1 IntroductionThis section identifies the Security Target (ST), Target of Evaluation (TOE), Security Target organization,document conventions, and terminology. It also includes an overview of the evaluated product.1.1 ST ReferenceST TitleMcAfee, Inc. McAfee Endpoint Encryption for PC with McAfee ePolicyOrchestrator Security TargetST Revision018ST Publication Date02 May 2013AuthorPrimasec Limited1.2 TOE ReferenceTOE ReferenceMcAfee Endpoint Encryption for PC 7.0 with McAfee ePolicy Orchestrator4.6TOE TypeCentrally Managed PC Access Control and Full Disk Encryption1.3 Document OrganizationSECTION1TITLEIntroduction2Conformance Claims3Security Problem Definition4Security Objectives5Extended ComponentsDefinition6Security Requirements7TOE Summary SpecificationDESCRIPTIONProvides an overview of the TOE and defines thehardware and software that make up the TOE as well asthe physical and logical boundaries of the TOELists evaluation conformance to Common Criteriaversions, Protection Profiles, or Packages whereapplicableSpecifies the threats, assumptions and organizationalsecurity policies that affect the TOEDefines the security objectives for the TOE/operationalenvironment and provides a rationale to demonstratethat the security objectives satisfy the threatsDescribes extended components of the evaluation (ifany)Contains the functional and assurance requirements forthis TOEIdentifies the IT security functions provided by the TOEand also identifies the assurance measures targeted tomeet the assurance requirements.Figure 1 Document Organization 2013 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.4

www.mcafee.com1.4 Document ConventionsThe notation, formatting, and conventions used in this Security Target are consistent with those used inVersion 3.1 of the Common Criteria. Selected presentation choices are discussed here to aid the SecurityTarget reader. The Common Criteria allows several operations to be performed on functionalrequirements: The allowable operations defined in Part 2 of the Common Criteria are refinement,selection, assignment and iteration. The assignment operation is used to assign a specific value to an unspecified parameter, such asthe length of a password. An assignment operation is indicated by underlined text. The refinement operation is used to add detail to a requirement, and thus further restricts arequirement. Refinement of security requirements is denoted by bold text. Any text removed isindicated with a strikethrough format (Example: TSF). The selection operation is picking one or more items from a list in order to narrow the scope of acomponent element. Selections are denoted by italicized text. Iterated functional and assurance requirements are given unique identifiers by appending to thebase requirement identifier from the Common Criteria an iteration number inside parenthesis, forexample, FIA UAU.1.1 (A) and FIA UAU.1.1 (B) refer to separate instances of the FIA UAU.1security functional requirement component.Outside the SFRs, italicized text is used for both official document titles and text meant to be emphasizedmore than plain text.1.5 Document d vanced Encryption StandardAny entity that is able to establish a secure management session with theTOEAny entity that has logged on to the TOE Endpoint through the logon GUICryptographic Algorithm Validation ProgramCommon CriteriaCritical Security ParametersDynamic Link LibraryDigital Signature AlgorithmDigital Signature StandardEvaluation Assurance LevelFederal Information Processing StandardGraphical User InterfaceInter-process communicationInformation Technology 2013 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.5

www.mcafee.comMachineMBRMcAfee ePOOSPKCS-5PPRSASARSFPSFRSHASOFSTStorage MediaTCP/IPTOETOE EndpointTOE DataTOE ManagerTLSTSCTSFTSPXMLThe TOE Endpoint PCMaster Boot RecordMcAfee ePolicy Orchestrator: A McAfee software installation to allowconfiguration and management of a McAfee Endpoint Encryption for PCdeploymentOperating SystemPublic Key Cryptography Standard 5 (Password-Based CryptographySpecification)Protection ProfileAn algorithm for public-key cryptography. Named after Rivest, Shamir andAdleman who first publicly described it.Security Assurance RequirementSecurity Function PolicySecurity Functional RequirementSecure Hash AlgorithmStrength of FunctionSecurity TargetAny media for which TOE protection in the form of data encryption isrequired. Storage Media include internal hard drives and external SATA harddrives, but not external USB hard drives, USB memory sticks or floppy disks.Transmission Control Protocol/Internet ProtocolTarget of EvaluationThe McAfee Endpoint Encryption for PC client deploymentThe encrypted contents of the TOE storage media.The McAfee ePolicy Orchestrator and McAfee AgentTransport Layer SecurityTSF Scope of ControlTOE Security FunctionsTOE Security PolicyExtensible Markup LanguageFigure 2 Glossary1.6 TOE OverviewMcAfee Endpoint Encryption for PC is a Personal Computer (PC) security system that provides data at restprotection, preventing the data stored on a PC from being read or used by an unauthorized person. Itcombines single sign-on user access control with transparent full disk encryption of HDD/SSD storagemedia to offer effective security for PCs running the Microsoft WindowsTM operating system.Seamless integration with McAfee ePolicy Orchestrator (ePOTM) eases agent deployment, management,and reporting. 2013 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.6

www.mcafee.comCommunication between the Endpoint and ePO is secured using McAfee Agent.ePO provides the management user interface for the TOE via a GUI accessed from remote systems usingweb browsers. User and Machine policies can be created, edited and deployed from ePO. Manualrecovery allows users who have lost or compromised their logon credentials to regain secure access totheir Endpoint PC.ePO requires users to identify and authenticate themselves before access is granted to any data ormanagement functions.Audit records from both ePO and the Endpoints managed by it may be reviewed via the ePO GUI usingfully customizable reports of which there are many built into the product.1.7 TOE DescriptionMcAfee Endpoint Encryption for PC is a Personal Computer (PC) security system that prevents the datastored on a PC’s HDD/SSD storage media from being read or used by an unauthorized person. Nonremovable and eSATA hard drives can be encrypted. USB, FireWire or PCMCIA connected media cannotbe encrypted.By necessity, the boot record and certain non-security relevant configuration data must remain inplaintext, but everything else on the storage media is encrypted. In simple terms, the McAfee EndpointEncryption client software takes control of a user’s storage media away from the operating system. TheMcAfee Endpoint Encryption client software encrypts data written to the storage media, and decryptsdata read from it. If the storage media is read directly, one would find only encrypted data, even in theWindows swap file and temporary file areas.ePO provides the functionality to securely deploy, configure and manage the McAfee Endpoint EncryptionClient using policies. A policy is a set of rules that determine how the McAfee Endpoint Encryption Clientsoftware functions on the user’s computer.In order to operate in compliance with this Security Target, the TOE Endpoint must be installed andoperated in a certain manner. This is referred to as its Common Criteria mode of operation, or CC modefor short. CC mode is defined as follows: Endpoint is installed in FIPS mode according to the TOE administration documentationePO and McAfee Agent are both installed in FIPS mode according to the TOE administrationdocumentationInvalidate user’s password after ten or less successive unsuccessful logon attemptsEncryption of all hard disksUsers forced to logon with Preboot Authentication 2013 McAfee, Inc.This document may be freely reproduced and distributed whole and intact including this copyright notice.7