Transcription of McAfee Endpoint Security 10.5.0 with ePolicy Orchestrator 5.3
1 Security Target: McAfee Endpoint Security with ePolicy Orchestrator Document Version McAfee Page 1 of 72 Security Target McAfee Endpoint Security with ePolicy Orchestrator Document Version April 17, 2017 Security Target: McAfee Endpoint Security with ePolicy Orchestrator Document Version McAfee Page 2 of 72 Prepared For: Prepared By: McAfee , Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 38 North Security , LLC 2020 Pennsylvania Ave NW, Suite 254 Washington, DC 20006 Abstract This document provides the basis for an evaluation of a specific Target of Evaluation (TOE), the McAfee Endpoint Security with ePolicy Orchestrator This Security Target (ST) defines a set of assumptions about the aspects of the environment, a list of threats that the product intends to counter, a set of Security objectives, a set of Security requirements and the IT Security functions provided by the TOE which meet the set of requirements.
2 Security Target: McAfee Endpoint Security with ePolicy Orchestrator Document Version McAfee Page 3 of 72 Table of Contents 1 Introduction .. 6 ST Reference .. 6 TOE Reference .. 6 Document Organization .. 6 Document Conventions .. 7 Document Terminology .. 7 TOE Overview .. 8 TOE Description .. 9 McAfee Endpoint Security (ENS) Client .. 9 McAfee Agent .. 10 McAfee ePolicy Orchestrator (ePO) .. 10 Physical Boundary .. 11 Hardware and Software Supplied by the IT Environment .. 14 Logical Boundary .. 15 TOE Data .. 17 Rationale for Non-bypassability and Separation of the TOE.
3 19 2 Conformance Claims .. 21 Common Criteria Conformance Claim .. 21 Protection Profile Conformance Claim .. 21 3 Security Problem Definition .. 22 Threats .. 22 Organizational Security Policies .. 23 Assumptions .. 23 4 Security Objectives .. 25 Security Objectives for the TOE .. 25 Security Objectives for the Operational Environment .. 25 Security Objectives Rationale .. 26 5 Extended Components Definition .. 32 Anti-Malware (FAM) Class of SFRs .. 32 FAM_ACT_(EXT).1 Anti-Malware Actions .. 32 FAM_ALR_(EXT).1 Anti-Malware Alerts .. 33 FAM_SCN_(EXT).1 Anti-Malware Scanning.
4 34 Extended Component Audit Data Generation .. 34 Audit Data Generation (Extended) .. 35 6 Security Requirements .. 36 Security Functional Requirements .. 36 Security Audit (FAU) .. 36 Anti-Malware (Explicitly Stated) .. 38 Cryptographic Support (FCS) .. 40 Information Flow Control (FDP) .. 41 Identification and Authentication (FIA) .. 43 Security Management (FMT) .. 44 Security Target: McAfee Endpoint Security with ePolicy Orchestrator Document Version McAfee Page 4 of 72 Protection of the TSF (FPT) .. 49 Security Assurance Requirements .. 50 CC Component Hierarchies and Dependencies.
5 50 Security Requirements Rationale .. 51 Security Functional Requirements for the 51 Security Assurance Requirements .. 54 TOE Summary Specification Rationale .. 55 7 TOE Summary Specification .. 59 Client Threat Prevention .. 59 Viruses .. 60 Access Point Violations .. 60 Potentially Unwanted Code and Programs .. 61 Buffer Overflow Exploits .. 61 Client Communications Protection .. 61 Client Web Protection .. 63 Identification & Authentication .. 64 Management .. 65 User Account Management .. 65 Permission Set Management .. 66 Audit Log Management .. 66 Event Log Management.
6 66 System Tree Management .. 67 Query Management .. 68 Dashboard Management .. 68 Endpoint Security Common Module Management .. 68 Client Threat Prevention Policy Management .. 68 Client Communications Protection Policy Management .. 69 Client Web Protection Policy Management .. 69 Audit .. 70 Audit and Server Task Logs .. 70 Threat Event Log .. 71 Protected System Data Transfer .. 71 List of Tables Table 1 ST Organization and Section Descriptions .. 7 Table 2 Terms and Acronyms Used in Security Target .. 8 Table 3 Evaluated Configuration for the TOE .. 12 Table 4 ePO Management System Component Requirements.
7 14 Table 5 Supported ENS Client and Agent Platforms .. 14 Table 6 Supported Internet browsers for Web Control Functionality .. 15 Table 7 Logical Boundary Descriptions .. 17 Security Target: McAfee Endpoint Security with ePolicy Orchestrator Document Version McAfee Page 5 of 72 Table 8 ePO TOE Data (Legend: AD=Authentication data; UA=User attribute; GE=Generic Information) .. 17 Table 9 Client Threat Prevention TOE Data (Legend: AD=Authentication data; UA=User attribute; GE=Generic Information) .. 18 Table 10 Client Communications Protection TOE Data (Legend: AD=Authentication data; UA=User attribute; GE=Generic Information).
8 19 Table 11 Client Web Protection TOE Data (Legend: AD=Authentication data; UA=User attribute; GE=Generic Information) .. 19 Table 12 Threats Addressed by the TOE and Operational Environment (Management System) .. 22 Table 13 Threats Addressed by the TOE (Managed Systems) .. 23 Table 14 Organizational Security Policies .. 23 Table 15 Assumptions .. 24 Table 16 TOE Security Objectives .. 25 Table 17 Operational Environment Security Objectives .. 26 Table 18 Mapping of Assumptions, Threats, and OSPs to Security Objectives .. 27 Table 19 Rationale for Mapping of Threats, Policies, and Assumptions to Objectives.
9 31 Table 20 TOE Functional Components .. 36 Table 21 Audit Events and Details .. 37 Table 22 Cryptographic Operations .. 41 Table 23 Management of TSF Behavior and Associated 44 Table 24 - TSF Data Access Permissions for ePO TOE Data .. 46 Table 25 - TSF Data Access Permissions for Client Threat 47 Table 26 - TSF Data Access Permissions for Client Communications Protection .. 47 Table 27 - TSF Data Access Permissions for Client Web Protection .. 48 Table 28 Security Assurance Requirements at 50 Table 29 TOE SFR Dependency Rationale .. 51 Table 30 Mapping of TOE SFRs to Security Objectives.
10 52 Table 31 Rationale for Mapping of TOE SFRs to Objectives .. 54 Table 32 Security Assurance Rationale and Measures .. 55 Table 33 SFR to TOE Security Functions Mapping .. 56 Table 34 SFR to TSF Rationale .. 58 List of Figures Figure 1 TOE Boundary .. 13 Security Target: McAfee Endpoint Security with ePolicy Orchestrator Document Version McAfee Page 6 of 72 1 Introduction This section identifies the Security Target (ST), Target of Evaluation (TOE), Security Target organization, document conventions, and terminology. It also includes an overview of the evaluated product.
