COMMON CRITERIA CERTIFICATION REPORT

Transcription

1 COMMON CRITERIA CERTIFICATION REPORT NetApp Clustered Data ONTAP June 2016 Gvernment f Canada. This dcument is the prperty f the Gvernment f Canada. It shall nt be altered, distributed beynd its intended audience, prduced, reprduced r published, in whle r in any substantial part theref, withut the express permissin f CSE.

2 FOREWORD This certificatin reprt is an UNCLASSIFIED publicatin, issued under the authrity f the Chief, Cmmunicatins Security Establishment (CSE). Suggestins fr amendments shuld be frwarded thrugh departmental cmmunicatins security channels t yur Client Services Representative at CSE. The Infrmatin Technlgy (IT) prduct identified in this certificatin reprt, and its assciated certificate, has been evaluated at an apprved evaluatin facility established under the Canadian Cmmn Criteria Scheme using the Cmmn Methdlgy fr Infrmatin Technlgy Security Evaluatin, Versin 3.1 Revisin 4, fr cnfrmance t the Cmmn Criteria fr Infrmatin Technlgy Security Evaluatin, Versin 3.1 Revisin 4. This certificatin reprt, and its assciated certificate, applies nly t the identified versin and release f the prduct in its evaluated cnfiguratin. The evaluatin has been cnducted in accrdance with the prvisins f the Canadian CC Scheme, and the cnclusins f the evaluatin facility in the evaluatin reprt are cnsistent with the evidence adduced. This reprt, and its assciated certificate, are nt an endrsement f the IT prduct by the Cmmunicatins Security Establishment, r any ther rganizatin that recgnizes r gives effect t this reprt, and its assciated certificate, and n warranty fr the IT prduct by the Cmmunicatins Security Establishment, r any ther rganizatin that recgnizes r gives effect t this reprt, and its assciated certificate, is either expressed r implied. If yur department has identified a requirement fr this certificatin reprt based n business needs and wuld like mre detailed infrmatin, please cntact: ITS Client Services Telephne: (613) itsclientservices@cse-cst.gc.ca

3 OVERVIEW The Canadian Cmmn Criteria Scheme prvides a third-party evaluatin service fr determining the trustwrthiness f Infrmatin Technlgy (IT) security prducts. Evaluatins are perfrmed by a cmmercial Cmmn Criteria Evaluatin Facility (CCEF) under the versight f the Certificatin Bdy, which is managed by the Cmmunicatins Security Establishment. A CCEF is a cmmercial facility that has been apprved by the Certificatin Bdy t perfrm Cmmn Criteria evaluatins; a significant requirement fr such apprval is accreditatin t the requirements f ISO/IEC 17025:2005, the General Requirements fr the Cmpetence f Testing and Calibratin Labratries. Accreditatin is perfrmed under the Prgram fr the Accreditatin f Labratries - Canada (PALCAN), administered by the Standards Cuncil f Canada. The CCEF that carried ut this evaluatin is EWA-Canada. By awarding a Cmmn Criteria certificate, the Certificatin Bdy asserts that the prduct cmplies with the security requirements specified in the assciated security target. A security target is a requirements specificatin dcument that defines the scpe f the evaluatin activities. The cnsumer f certified IT prducts shuld review the security target, in additin t this certificatin reprt, in rder t gain an understanding f any assumptins made during the evaluatin, the IT prduct's intended envirnment, the evaluated security functinality, and the testing and analysis cnducted by the CCEF. The certificatin reprt, certificate f prduct evaluatin and security target are psted t the Certified Prducts list (CPL) fr the Canadian CC Scheme, and t the Cmmn Criteria prtal (the fficial website f the Internatinal Cmmn Criteria Prject).

4 TABLE OF CONTENTS Executive Summary Identificatin f Target f Evaluatin Cmmn Criteria Cnfrmance TOE descriptin TOE architecture Security plicy Assumptins and Clarificatins f Scpe Usage and Envirnmental assumptins Evaluated Cnfiguratin Dcumentatin Evaluatin Analysis Activities Develpment Guidance Dcuments Life-cycle Supprt Testing Activities Assessment f Develper Tests Cnduct f Testing Independent Functinal Testing Independent Penetratin Testing Results f the Evaluatin Supprting Cntent List f Abbreviatins References... 12

5 LIST OF FIGURES Figure 1 TOE Architecture...3 LIST OF TABLES Table 1 TOE Identificatin...2

6 EXECUTIVE SUMMARY NetApp Clustered Data ONTAP (hereafter referred t as the Target f Evaluatin, r TOE), frm NetApp, Inc., was the subject f this Cmmn Criteria evaluatin. The results f this evaluatin demnstrate that TOE meets the requirements f the cnfrmance claim listed in Table 1 fr the evaluated security functinality. The TOE is a micrkernel perating system that supprts multi-prtcl services and data management capabilities fr cnslidating and prtecting data fr enterprise applicatins and users. The TOE als includes the hardware systems that run the perating system. The TOE includes an integrated management Graphical User Interface (GUI). This GUI is used t manage the TOE security functins. The TOE security functins may als be managed by use f the integrated Cmmand Line Interface (CLI). EWA-Canada is the CCEF that cnducted the evaluatin. This evaluatin was cmpleted n 28 June 2016 and was carried ut in accrdance with the rules f the Canadian Cmmn Criteria Scheme. The scpe f the evaluatin is defined by the security target, which identifies assumptins made during the evaluatin, the intended envirnment fr TOE, and the security functinal/assurance requirements. Cnsumers are advised t verify that their perating envirnment is cnsistent with that specified in the security target, and t give due cnsideratin t the cmments, bservatins and recmmendatins in this certificatin reprt. Cmmunicatins Security Establishment, as the Certificatin Bdy, declares that the TOE evaluatin meets all the cnditins f the Arrangement n the Recgnitin f Cmmn Criteria Certificates and that the prduct will be listed n the Certified Prducts list (CPL) and the Cmmn Criteria prtal (the fficial website f the Internatinal Cmmn Criteria Prject). V1.0 1

7 1 IDENTIFICATION OF TARGET OF EVALUATION The Target f Evaluatin (TOE) is identified as fllws: Table 1 TOE Identificatin TOE Name and Versin NetApp Clustered Data ONTAP Develper Cnfrmance Claim NetApp, Inc. EAL 2 + (ALC_FLR.3) 1.1 COMMON CRITERIA CONFORMANCE The evaluatin was cnducted using the Cmmn Methdlgy fr Infrmatin Technlgy Security Evaluatin, Versin 3.1 Revisin 4, fr cnfrmance t the Cmmn Criteria fr Infrmatin Technlgy Security Evaluatin, Versin 3.1 Revisin TOE DESCRIPTION The TOE is a micrkernel perating system that supprts multi-prtcl services and data management capabilities fr cnslidating and prtecting data fr enterprise applicatins and users. The TOE als includes the hardware systems that run the perating system. The TOE includes an integrated management Graphical User Interface (GUI). This GUI is used t manage the TOE security functins. The TOE security functins may als be managed by use f the integrated Cmmand Line Interface (CLI). V1.0 2

8 1.3 TOE ARCHITECTURE A diagram f the TOE architecture is as fllws: Figure 1 TOE Architecture V1.0 3

9 2 SECURITY POLICY The TOE implements plicies pertaining t the fllwing security functinal classes: Security Audit; User Data Prtectin; Identificatin and Authenticatin; Security Management; Prtectin f the TSF; and TOE Access. Cmplete details f the security functinal requirements (SFRs) can be fund in the Security Target (ST) referenced in sectin 8.2. V1.0 4

10 3 ASSUMPTIONS AND CLARIFICATIONS OF SCOPE Cnsumers f the TOE shuld cnsider assumptins abut usage and envirnmental settings as requirements fr the prduct s installatin and its perating envirnment. This will ensure the prper and secure peratin f the TOE. 3.1 USAGE AND ENVIRONMENTAL ASSUMPTIONS The fllwing assumptins are made regarding the use and deplyment f the TOE: Other systems with which the TOE cmmunicates are assumed t be under the same management cntrl and use a cnsistent representatin fr specific user and grup identifiers; Security Management shall be prvided t prtect the Cnfidentiality and Integrity f transactins n the netwrk; There will be ne r mre cmpetent individuals assigned t manage the TOE and the security f the infrmatin it cntains; The system administrative persnnel are nt hstile and will fllw and abide by the instructins prvided by the administratr dcumentatin; Authrized users pssess the necessary authrizatin t access at least sme f the infrmatin managed by the TOE and are expected t act in a cperating manner in a benign envirnment; The prcessing resurces f the TOE critical t the SFP enfrcement will be prtected frm unauthrized physical mdificatin by ptentially hstile utsiders; Administrative functinality shall be restricted t authrized administratrs; The IT Envirnment will be cnfigured t allw the TOE t retrieve reliable time stamps by implementing the Netwrk Time Prtcl (NTP); and Physical security f the TOE and netwrk, cmmensurate with the value f the TOE and the data it cntains, is assumed t be prvided by the envirnment. V1.0 5

11 4 EVALUATED CONFIGURATION The evaluated cnfiguratin fr the TOE cmprises: The TOE is a Sftware and Hardware TOE cmprising the sftware NetApp Clustered Data ONTAP Operating System running n ne f the fllwing NetApp`s strage appliance: FAS8080 EX; AFF8080 EX; FAS8060; AFF8060; FAS8040; AFF8040; FAS8020; AFF8020; FAS2554; FAS2552; FAS2520; and FAS The TOE includes integrated management capabilities via CLI and GUI interfaces t manage the TOE security functinality (TSF). 4.1 DOCUMENTATION The fllwing dcuments are prvided t the cnsumer t assist in the cnfiguratin and installatin f the TOE: a. Clustered Data ONTAP Guidance Dcumentatin Supplement; b. Clustered Data ONTAP 8.3 Cmmands: Manual Page Reference; c. Clustered Data ONTAP 8.3 System Administratin Guide Fr Cluster Administratrs; d. Clustered Data ONTAP 8.3 System Administratin Guide fr SVM Administratrs; e. Clustered Data ONTAP 8.3 File Access and Prtcls Management Guide fr NFS; f. Clustered Data ONTAP 8.3 File Access and Prtcls Management Guide fr CIFS; g. Clustered Data ONTAP 8.3 Sftware Setup Guide; h. Clustered Data ONTAP 8.3 High-Availability Cnfiguratin Guide; i. Clustered Data ONTAP 8.3 Netwrk Management Guide; j. Clustered Data ONTAP 8.3 Physical Strage Management Guide; k. Clustered Data ONTAP 8.3 Lgical Strage Management Guide; l. Clustered Data ONTAP 8.3 Data Prtectin Tape Backup and Recvery Guide; m. Clustered Data ONTAP Release Ntes; n. OnCmmand Unified Manager 6.3 Administratin Guide;. OnCmmand Unified Manager 6.3 Installatin and Setup Guide fr Red Hat Enterprise Linux ; p. OnCmmand Perfrmance Manager 2.0 User Guide; q. OnCmmand Perfrmance Manager 2.0 Installatin and Setup Guide fr Red Hat Enterprise Linux ; r. OnCmmand Wrkflw Autmatin 3.1 Wrkflw Develper s Guide; s. OnCmmand Wrkflw Autmatin 3.1 Installatin and Setup Guide fr Windws; t. OnCmmand Insight 7.1 OnCmmand Insight Installatin Guide fr Micrsft Windws ; and u. OnCmmand Insight 7.1 OnCmmand Insight Cnfiguratin and Administratin Guide. V1.0 6

12 5 EVALUATION ANALYSIS ACTIVITIES The evaluatin analysis activities invlved a structured evaluatin f the TOE. Dcumentatin and prcess dealing with Develpment, Guidance Dcuments, and Life-Cycle Supprt were evaluated. 5.1 DEVELOPMENT The evaluatrs analyzed the TOE functinal specificatin and design dcumentatin; they determined that the design cmpletely and accurately describes the TOE security functinality (TSF) interfaces, the TSF subsystems and hw the TSF implements the security functinal requirements (SFRs). The evaluatrs analyzed the TOE security architectural descriptin and determined that the initializatin prcess is secure, that the security functins are prtected against tamper and bypass, and that security dmains are maintained. The evaluatrs als independently verified that the crrespndence mappings between the design dcuments are crrect. 5.2 GUIDANCE DOCUMENTS The evaluatrs examined the TOE preparative user guidance and peratinal user guidance and determined that it sufficiently and unambiguusly describes hw t securely transfrm the TOE int its evaluated cnfiguratin and hw t use and administer the prduct. The evaluatrs examined and tested the preparative and peratinal guidance, and determined that they are cmplete and sufficiently detailed t result in a secure cnfiguratin. Sectin 4.1 prvides details n the guidance dcuments. 5.3 LIFE-CYCLE SUPPORT An analysis f the TOE cnfiguratin management system and assciated dcumentatin was perfrmed. The evaluatrs fund that the TOE cnfiguratin items were clearly marked. The evaluatrs examined the delivery dcumentatin and determined that it described all f the prcedures required t maintain the integrity f the TOE during distributin t the cnsumer. The evaluatrs reviewed the flaw remediatin prcedures used by develper fr the TOE. During a site visit, the evaluatrs als examined the evidence generated by adherence t the prcedures. The evaluatrs cncluded that the prcedures are adequate t track and crrect security flaws, and distribute the flaw infrmatin and crrectins t cnsumers f the TOE. V1.0 7

13 6 TESTING ACTIVITIES Testing cnsists f the fllwing three steps: assessing develper tests, perfrming independent functinal tests, and perfrming penetratin tests. 6.1 ASSESSMENT OF DEVELOPER TESTS The evaluatrs verified that the develper has met their testing respnsibilities by examining their test evidence, and reviewing their test results, as dcumented in the ETR. The evaluatrs analyzed the develper s test cverage analysis and fund it t be cmplete and accurate. The crrespndence between the tests identified in the develper s test dcumentatin and the functinal specificatin was cmplete. 6.2 CONDUCT OF TESTING The TOE was subjected t a cmprehensive suite f frmally dcumented, independent functinal and penetratin tests. The detailed testing activities, including cnfiguratins, prcedures, test cases, expected results and bserved results are dcumented in a separate Test Results dcument. 6.3 INDEPENDENT FUNCTIONAL TESTING During this evaluatin, the evaluatr develped independent functinal tests by examining design and guidance dcumentatin. All testing was planned and dcumented t a sufficient level f detail t allw repeatability f the testing prcedures and results. The fllwing testing activities were perfrmed: a. Repeat f Develper's Tests: The evaluatr repeated a subset f the develpers tests; b. Cncurrent Lgin Behaviur: The bjective f this test gal is t cnfirm cncurrent lgin behaviur; c. Authenticatin Failure Handling: The bjective f this test gal is t: a. Create and delete users; b. Test user lckut after a cnfigurable number f unsuccessful authenticatin attempts; c. Unlck a lcked user; and d. Verify that Audit Data is generated and can be viewed by users with apprpriate rles. d. Lgin Passwrd Strength Verificatin and Recnfiguratin: The bjective f this test gal is t cnfirm passwrd strength and that passwrd strength can be recnfigured FUNCTIONAL TEST RESULTS The develper s tests and the independent functinal tests yielded the expected results, prviding assurance that the TOE behaves as specified in its ST and functinal specificatin. V1.0 8

14 6.4 INDEPENDENT PENETRATION TESTING Subsequent t the independent review f public dmain vulnerability databases and all evaluatin deliverables, limited independent evaluatr penetratin testing was cnducted. The penetratin tests fcused n: a. Use f autmated vulnerability scanning tls t discver ptential netwrk, platfrm and applicatin layer vulnerabilities such as Heartbleed, Shellshck, FREAK, POODLE, and GHOST; b. Prt Scan: The bjective f this test gal is t determine which prts are pen n TOE cmpnents and t determine if they shuld be; c. Banner Grabbing: The bjective f this test gal is t determine if any useful infrmatin can be gained abut the TOE and the services running n its pen prts; and d. Leakage Verificatin: The bjective f this test gal is t mnitr fr leakage during CLI and GUI Management Interface lgin PENETRATION TEST RESULTS The independent penetratin testing did nt uncver any explitable vulnerabilities in the intended perating envirnment. V1.0 9

15 7 RESULTS OF THE EVALUATION This evaluatin has prvided the basis fr the cnfrmance claim dcumented in Table 1. The verall verdict fr the evaluatin is PASS. These results are supprted by evidence in the ETR. The IT prduct identified in this reprt has been evaluated at an apprved evaluatin facility established under the Canadian Cmmn Criteria Scheme using the Cmmn Methdlgy fr IT Security Evaluatin, Versin 3.1 Revisin 4, fr cnfrmance t the Cmmn Criteria fr IT Security Evaluatin, Versin 3.1 Revisin 4. These evaluatin results apply nly t the specific versin and release f the prduct in its evaluated cnfiguratin and in cnjunctin with the cmplete certificatin reprt. The evaluatin has been cnducted in accrdance with the prvisins f the Canadian Cmmn Criteria Scheme and the cnclusins f the evaluatin facility in the evaluatin reprt are cnsistent with the evidence adduced. This is nt an endrsement f the IT prduct by CSE r by any ther rganizatin that recgnizes r gives effect t this certificate, and n warranty f the IT prduct by CSE r by any ther rganizatin that recgnizes r gives effect t this certificate, is expressed r implied. V1.0 10

16 8 SUPPORTING CONTENT 8.1 LIST OF ABBREVIATIONS Term API CAVP CCEF CLI CM CMVP CPL CSE EAL ETR GC GUI IT ITS ITSET PALCAN PP SFR ST TOE TSF Definitin Applicatin Prgramming Interface Cryptgraphic Algrithm Validatin Prgram Cmmn Criteria Evaluatin Facility Cmmand Line Interface Cnfiguratin Management Cryptgraphic Mdule Validatin Prgram Certified Prducts List Cmmunicatins Security Establishment Evaluatin Assurance Level Evaluatin Technical Reprt Gvernment f Canada Graphical User Interface Infrmatin Technlgy Infrmatin Technlgy Security Infrmatin Technlgy Security Evaluatin and Testing Prgram fr the Accreditatin f Labratries Canada Prtectin Prfile Security Functinal Requirement Security Target Target f Evaluatin TOE Security Functin V1.0 11

17 8.2 REFERENCES Reference CCS Publicatin #4, Technical Oversight, Versin 1.8, Octber Cmmn Criteria fr Infrmatin Technlgy Security Evaluatin, Versin 3.1 Revisin 4, September Cmmn Methdlgy fr Infrmatin Technlgy Security Evaluatin, CEM, Versin 3.1 Revisin 4, September NetApp, Inc. Clustered Data ONTAP Security Target versin 0.14, June 3, 2016 Evaluatin technical Reprt fr NetApp, Inc. Clustered Data ONTAP versin 1.0, June 28, 2016 V1.0 12