Forescout v8.4.1 Security Target ST Version: 2.1 February 27, 2023 Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA, USA 95134 Prepared By: Cyber Assurance Testing Laboratory 1100 West St Laurel MD 20707 Security Target Forescout 1 | P a g e Table of Contents 1 Security Target Introduction.................................................................................................................6 1.1 ST Reference.................................................................................................................................6 1.2 ST Identification ...........................................................................................................................6 Document Organization........................................................................................................6 Terminology..........................................................................................................................6 Acronyms..............................................................................................................................7 Reference ..............................................................................................................................8 1.3 TOE Reference..............................................................................................................................9 1.4 TOE Overview..............................................................................................................................9 1.5 TOE Type....................................................................................................................................10 2 TOE Description.................................................................................................................................11 2.1 Evaluated Components of the TOE ............................................................................................11 2.2 Components and Applications in the Operational Environment.................................................11 2.3 Excluded from the TOE..............................................................................................................12 Not Installed........................................................................................................................12 Installed but Requires a Separate License...........................................................................12 Installed But Not Part of the TSF........................................................................................13 2.4 Physical Boundary ......................................................................................................................14 2.5 Logical Boundary........................................................................................................................16 Security Audit .....................................................................................................................16 Cryptographic Support........................................................................................................16 Identification and Authentication........................................................................................17 Security Management .........................................................................................................17 Protection of the TSF..........................................................................................................17 TOE Access ........................................................................................................................17 Trusted Path/Channels ........................................................................................................18 3 Conformance Claims ..........................................................................................................................19 3.1 CC Version..................................................................................................................................19 3.2 CC Part 2 Conformance Claims..................................................................................................19 Security Target Forescout 2 | P a g e 3.3 CC Part 3 Conformance Claims..................................................................................................19 3.4 PP Claims....................................................................................................................................19 3.5 Package Claims...........................................................................................................................19 3.6 Package Name Conformant or Package Name Augmented........................................................19 3.7 Technical Decisions....................................................................................................................19 3.8 Conformance Claim Rationale....................................................................................................22 4 Security Problem Definition ...............................................................................................................23 4.1 Threats.........................................................................................................................................23 4.2 Organizational Security Policies.................................................................................................24 4.3 Assumptions................................................................................................................................24 4.4 Security Objectives .....................................................................................................................25 TOE Security Objectives ....................................................................................................25 Security Objectives for the Operational Environment........................................................25 4.5 Security Problem Definition Rationale.......................................................................................26 5 Extended Components Definition.......................................................................................................26 5.1 Extended Security Functional Requirements..............................................................................26 5.2 Extended Security Assurance Requirements ..............................................................................27 6 Security Functional Requirements......................................................................................................28 6.1 Conventions ................................................................................................................................28 6.2 Security Functional Requirements Summary..............................................................................28 6.3 Security Functional Requirements..............................................................................................29 Class FAU: Security Audit .................................................................................................29 Class FCS: Cryptographic Support.....................................................................................31 Class FIA: Identification and Authentication .....................................................................35 Class FMT: Security Management .....................................................................................37 Class FPT: Protection of the TSF .......................................................................................38 Class FTA: TOE Access .....................................................................................................40 Class FTP: Trusted Path/Channels......................................................................................40 6.4 Statement of Security Functional Requirements Consistency ....................................................41 7 Security Assurance Requirements ......................................................................................................42 7.1 Class ASE: Security Target evaluation.......................................................................................42 ST introduction (ASE_INT.1).............................................................................................42 Security Target Forescout 3 | P a g e Conformance claims (ASE_CCL.1)....................................................................................43 Security problem definition (ASE_SPD)............................................................................44 Security objectives for the operational environment (ASE_OBJ.1) ...................................45 Extended components definition (ASE_ECD.1).................................................................45 Stated security requirements (ASE_REQ.1).......................................................................46 TOE summary specification (ASE_TSS.1).........................................................................47 7.2 Class ADV: Development...........................................................................................................48 Basic Functional Specification (ADV_FSP.1)....................................................................48 7.3 Class AGD: Guidance Documentation .......................................................................................49 Operational User Guidance (AGD_OPE.1) ........................................................................49 Preparative Procedures (AGD_PRE.1)...............................................................................50 7.4 Class ALC: Life Cycle Support ..................................................................................................50 Labeling of the TOE (ALC_CMC.1)..................................................................................50 TOE CM Coverage (ALC_CMS.1) ....................................................................................51 7.5 Class ATE: Tests.........................................................................................................................51 Independent Testing - Conformance (ATE_IND.1) ...........................................................51 7.6 Class AVA: Vulnerability Assessment.......................................................................................52 Vulnerability Survey (AVA_VAN.1) .................................................................................52 8 TOE Summary Specification ..............................................................................................................53 8.1 Security Audit.............................................................................................................................53 FAU_GEN.1 and FAU GEN.2 ...........................................................................................53 FAU_STG_EXT.1 ..............................................................................................................54 8.2 Cryptographic Support................................................................................................................54 FCS_CKM.1 .......................................................................................................................55 FCS_CKM.2 .......................................................................................................................55 FCS_CKM.4 .......................................................................................................................56 FCS_COP.1/DataEncryption ..............................................................................................57 FCS_COP.1/SigGen............................................................................................................58 FCS_COP.1/Hash ...............................................................................................................58 FCS_COP.1/KeyedHash.....................................................................................................58 FCS_RBG_EXT.1...............................................................................................................59 Security Target Forescout 4 | P a g e FCS_SSHS_EXT.1 .............................................................................................................59 FCS_TLSC_EXT.1.............................................................................................................60 FCS_TLSS_EXT.1 .............................................................................................................60 8.3 Identification and Authentication................................................................................................61 FIA_AFL.1..........................................................................................................................61 FIA_PMG_EXT.1...............................................................................................................62 FIA_UAU.7 ........................................................................................................................62 FIA_UAU_EXT.2 and FIA_UIA_EXT.1...........................................................................62 FIA_X509_EXT.1/Rev, FIA_X509_EXT.2, and FIA_X509_EXT.3 ................................62 8.4 Security Management .................................................................................................................63 FMT_MOF.1/ManualUpdate, FMT_MTD.1/CoreData, and FMT_SMF.1........................63 FMT_SMR.2.......................................................................................................................64 8.5 Protection of the TSF..................................................................................................................65 FPT_APW_EXT.1..............................................................................................................65 FPT_SKP_EXT.1................................................................................................................65 FPT_STM_EXT.1...............................................................................................................65 FPT_TST_EXT.1................................................................................................................65 FPT_TUD_EXT.1...............................................................................................................66 8.6 TOE Access ................................................................................................................................67 FTA_SSL_EXT.1 ...............................................................................................................67 FTA_SSL.3.........................................................................................................................67 FTA_SSL.4.........................................................................................................................68 FTA_TAB.1........................................................................................................................68 8.7 Trusted Path/Channels ................................................................................................................68 FTP_ITC.1 ..........................................................................................................................68 FTP_TRP.1/Admin .............................................................................................................68 Security Target Forescout 5 | P a g e Table of Tables Table 1: Customer Specific Terminology........................................................................................................ 7 Table 2: CC Specific Terminology.................................................................................................................. 7 Table 3: Acronym Definition........................................................................................................................... 8 Table 4: TOE Models..................................................................................................................................... 11 Table 5: Supporting Components in the Operational Environment............................................................... 12 Table 6: CT-R Model Rev22 ......................................................................................................................... 14 Table 7: CT/CEM Models Rev40.................................................................................................................. 14 Table 8: CT/CEM Models Rev50.................................................................................................................. 15 Table 9: 4130 and 51xx Models..................................................................................................................... 16 Table 10: Cryptographic Services.................................................................................................................. 17 Table 11: Technical Decisions....................................................................................................................... 22 Table 12: TOE Threats................................................................................................................................... 24 Table 13: TOE Organization Security Policies.............................................................................................. 24 Table 14: TOE Assumptions.......................................................................................................................... 25 Table 15: TOE Operational Environment Objectives.................................................................................... 26 Table 16: Security Functional Requirements for the TOE............................................................................. 29 Table 17: Auditable Events............................................................................................................................ 30 Table 18: Self-Test List ................................................................................................................................. 39 Table 19: Cryptographic Algorithm Table for OpenSSL .............................................................................. 55 Table 20: Cryptographic Algorithm Table for Bouncy Castle....................................................................... 55 Table 21: Identification of Cryptographic Services Supporting Secured Communication Channel ............. 56 Table 22: Crypto key destruction table.......................................................................................................... 57 Table 23: Management Functions to Management Interface Identification .................................................. 64 Table 24: Self-Test List with Failure Results ................................................................................................ 65 Security Target Forescout 6 | P a g e 1 Security Target Introduction This chapter presents the Security Target (ST) identification information and an overview. An ST contains the Information Technology (IT) security requirements of an identified Target of Evaluation (TOE) and specifies the functional and assurance security measures offered by the TOE. 1.1 ST Reference This section provides information needed to identify and control this ST and its Target of Evaluation. 1.2 ST Identification ST Title: Forescout v8.4.1 Security Target ST Version: 2.1 ST Publication Date: February 27, 2023 ST Author: Booz Allen Hamilton Document Organization Chapter 1 of this document provides identifying information for the ST and TOE as well as a brief description of the TOE and its associated TOE type. Chapter 2 describes the TOE in terms of its physical boundary, logical boundary, exclusions, and dependent Operational Environment components. Chapter 3 describes the conformance claims made by this ST. Chapter 4 describes the threats, assumptions, objectives, and organizational security policies that apply to the TOE. Chapter 5 defines extended Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs). Chapter 6 describes the SFRs that are to be implemented by the TSF. Chapter 7 describes the SARs that will be used to evaluate the TOE. Chapter 8 provides the TOE Summary Specification, which describes how the SFRs that are defined for the TOE are implemented by the TSF. Terminology This section defines the terminology used throughout this ST. The terminology used throughout this ST is defined in Table 1 & 2. These tables are to be used by the reader as a quick reference guide for terminology definitions. Term Definition Administrator, System Administrator, Security Administrator The class of TOE administrators that are tasked with managing the TOE’s functional and security configuration. Embodies those administrators that have access to the CLI and Console. Connection One to One simple flows between a network port and a tool port. Security Target Forescout 7 | P a g e Term Definition Console or Console application The Forescout Console is a GUI application used for creating NAC, firewall and IPS policies, generating reports, viewing and managing detection information, and managing Forescout Appliances. Endpoint A Network Host discovered by the Forescout platform, for example desktop, laptop, server, etc. Enterprise Manager A Forescout platform configured to manage multiple Appliances distributed across the network. Local CLI When the TOE’s command line interface (CLI) is accessed locally with a physical connection to the TOE via the keyboard/video ports or a serial port and a terminal emulator that is compatible with serial communications is referred to as the local console. Plugins Functionality enhancement modules that can be incorporated into the Forescout platform. Plugins enable deeper inspection as well as broader control over network endpoints. Bundled plugins are pre-packaged with the Forescout platform. Other plugins may be available from Forescout or from a third party. Network Port Where data arrives into the TOE. The ports which receive copied network data for the TOE. Remote console When the TOE’s CLI is accessed remotely using SSH is referred to as the remote console. Table 1: Customer Specific Terminology Term Definition Authorized Administrator The claimed Protection Profile defines an Authorized Administrator role that is authorized to manage the TOE and its data. For the TOE, this is considered to be any user with the “administrator” role. Security Administrator Synonymous with Authorized Administrator and System Administrator. Trusted Channel An encrypted connection between the TOE and a system in the Operational Environment. Trusted Path An encrypted connection between the TOE and the application an Authorized Administrator uses to manage it (web browser, terminal client, etc.). Table 2: CC Specific Terminology Acronyms The acronyms used throughout this ST are defined in Table 3. This table is to be used by the reader as a quick reference guide for acronym definitions. Acronym Definition CC Common Criteria CLI Command-line Interface CPU Central Processing Unit FTP File Transfer Protocol GUI Graphical User Interface HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure IP Internet Protocol IT Information Technology LDAP Lightweight Directory Access Protocol Security Target Forescout 8 | P a g e Acronym Definition NIAP National Information Assurance Partnership NTP Network Time Protocol OS Operating System PP Protection Profile RU Rack Unit SAR Security Assurance Requirement SCP Secure Copy Protocol SFP Security Function Policy SFR Security Functional Requirement SHA Secure Hash Algorithm SHS Secure Hash Standard SSL Secure Sockets Layer SSH Secure Shell ST Security Target TAP Test Access Point TCP Transmission Control Protocol TFTP Trivial File Transfer Protocol TLS Transport Layer Security TOE Target of Evaluation TP Tool Port TSF TOE Security Function UI User Interface Table 3: Acronym Definition Reference [1] collaborative Protection Profile for Network Devices Version 2.2e 20200323 [NDcPP] [2] Common Criteria for Information Technology Security Evaluation – Part 1: Introduction and general model, dated April 2017, version 3.1, Revision 5, CCMB-2017-004-001 [3] Common Criteria for Information Technology Security Evaluation – Part 2: Security functional components, dated April 2017, version 3.1, Revision 5, CCMB-2017-004-002 [4] Common Criteria for Information Technology Security Evaluation – Part 3: Security assurance components, dated April 2017, version 3.1, Revision 5, CCMB-2017-004-003 [5] Common Methodology for Information Technology Security Evaluation – Evaluation Methodology, dated April 2017, version 3.1, Revision 5, CCMB-2017-004-004 [6] NIST Special Publication 800-56A Revision 3 Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, April 2018 [7] FIPS PUB 186-4 Federal Information Processing Standards Publication Digital Signature Standard, July 2013 [8] ISO/IEC 18033-3:2010, Information Technology -- Security techniques -- Encryption algorithms — Part 3: Block ciphers [9] ISO/IEC 10116:2017, Information Technology -- Security techniques -- Modes of operation for an n-bit block cipher [10] ISO/IEC 19772:2009, Information Technology – Security techniques – Authenticated encryption Security Target Forescout 9 | P a g e [11] ISO/IEC 10118-3:2004, Information Technology -- Security techniques -- Hash-functions - - Part 3: Dedicated hash-functions [12] ISO/IEC 9797-2:2011, Information Technology -- Security techniques -- Message Authentication Codes (MACs) -- Part 2: Mechanisms using a dedicated hash-function [13] ISO/IEC 18031:2011, Information Technology -- Security techniques -- Random bit generation [14] ISO/IEC 9796-2:2010, Information Technology -- Security techniques -- Digital signature schemes giving message recovery - Part 2: Integer factorization based mechanisms 1.3 TOE Reference The TOE is Forescout which is a family of products, which includes the following appliance models: CT-R, CT-100, CT-1000, CT-2000, CT-4000, CT-10000, CEM-5, CEM-10, CEM-25, CEM-50, CEM-100, CEM-150, CEM-200, 4130, 5110, 5120, 5140, and 5160. Each appliance runs Forescout software version 8.4.1. 1.4 TOE Overview The TOE is the Forescout product and is referred to as the Forescout platform or TOE from this point forward. The Forescout platform is used to dynamically identify and evaluate network infrastructure, devices and applications connected to the network, and provide enforcement of Network Access Policy (NAC) and Enterprise Conformance Policies. Forescout’s agentless technology discovers, classifies and assesses devices. The Forescout platform interrogates the network infrastructure to discover devices as they connect to the network. After discovering a device, the Forescout platform uses a combination of passive and active methods to classify the device according to its type and ownership. Based on its classification, The Forescout platform then assesses the device security posture and allows organizations to set policies that establish the specific behavior the device is allowed to have while connected to a network. The Forescout Console application (aka Console) is a separately installed Windows executable which provides an administrator with a graphical user interface to manage the TOE. The Console must be installed on a separate Windows OS host platform. The Console communicates with the TOE via a secure TLS channel shown as external interface 3 (E3 in yellow circle) in figure below. The TOE also provides a Command Line Interface (CLI) for remote and local management of the device. To access the CLI an administrator must either be locally connected (E1), via the keyboard/video or the serial port connections, or use SSHv2 to establish a secure connection (E2). The CLI provides lower level configuration of the device such as initial IP address configuration which cannot be done via the Console, and some diagnostic capabilities. The CLI does not provide any OS-level or shell type access to the embedded OS on the TOE. The following figure depicts the TOE boundary and operational environment: Security Target Forescout 10 | P a g e Figure 1: TOE Boundary The Forescout device communicates with an audit server (E7), Active Directory Server (E6), Certificate Authority Server (E5), and the remote management workstation (Console) over a dedicated out-of-band network management connection (E3). The connection to the enterprise network (E4) is a separate connection to the enterprise network environment that the TOE is monitoring and managing. A detailed description of each interface is in Table 5 below. The Forescout platform can be configured as Centralized Enterprise Manager (CEM) or as an Appliance. The CEM configuration provides all of the functionality of an Appliance and provides an additional centralized hierarchical management functionality over Appliances. The additional functionality provided by the CEM is considered outside the scope of the evaluation because hierarchical management functions do not trace or map to any NDcPP requirements. The TOE, regardless of being configured as a CEM or Appliance, claims conformance to all NDcPP requirements as a standalone entity. Therefore, the TOE was tested as a standalone entity in both configurations to ensure that the claimed NDcPP functionality was conformant regardless of the TOE being configured as a CEM or an Appliance. 1.5 TOE Type The TOE type for this product is a standalone network device that is used to dynamically identify and evaluate network infrastructure, devices and applications connected to the network, and provide enforcement of Network Access Policy (NAC) and Enterprise Conformance Policies. Security Target Forescout 11 | P a g e 2 TOE Description This section provides a description of the TOE in its evaluated configuration. This includes the physical and logical boundaries of the TOE. 2.1 Evaluated Components of the TOE The following table describes the TOE components in the evaluated configuration: Table 4: TOE Models 2.2 Components and Applications in the Operational Environment These components and the functionality they provide are outside the scope of evaluation testing but are needed to support the tested functionality of the TOE. The following table lists components and applications are used in the operational environment for the TOE’s evaluated configuration. Component Definition Management Workstation Any general-purpose computer that is used by an administrator to manage the TOE. For the TOE to be managed remotely the management workstation is required to have: • Non-dedicated machine: o 2GB memory o 1GB disk space • OS running: o Windows 7/8/8.1/10 o Windows Server 2008 / 2008 R2 / 2012 / 2012 R2 / 2016 / 2019 o Linux RHEL/CentOS 7 / 8 o macOS 10.12 / 10.13 / 10.14 / 10.15 / 11 o SSHv2 client installed to access the TOE’s CLI • Forescout Console application (Console) installed TCP communications from the Management Workstation to the TOE is secured using: • SSH for remote access to the CLI (remote console) • TLS for remote access from the Console The TOE acts as a server for both protocols. This OE component is required to support interfaces E1, E2, E3, & E8 as defined in Figure 1 above. The TOE’s CLI can also be accessed locally with a physical connection to the TOE using the keyboard/video or the serial port and must use a terminal emulator that is compatible with serial communications (local console). Active Directory Server A system that is capable of receiving authentication requests over TLS and validating these requests against identity and credential data that is defined in the directory (Microsoft version of an LDAP Server). The TOE is the TLS client for this communication. Required to support interface E6 as defined in Figure 1 above. Audit Server The TOE connects to an audit server to send the audit records for remote storage via TLS connection where the TOE is the TLS client. This is used to send copies of audit data to TOE Components Hardware Components Software Version Forescout Appliances CT-R, CT-100, CT-1000, CT-2000, CT-4000, CT-10000, CEM-5, CEM-10, CEM-25, CEM-50, CEM-100, CEM- 150, CEM-200, 4130, 5110, 5120, 5140, and 5160 Forescout v8.4.1 Security Target Forescout 12 | P a g e Component Definition be stored in a remote location for data redundancy purposes. This OE component is required to support interface E7 as defined in Figure 1 above. Certificate Authority (CA) Server/Online Certificate Status Protocol (OCSP) Responder Certificate authority servers can manage certificate enrollment requests from customers and are able to issue and revoke digital certificates. CA Servers are built to address the identity management requirements. Sending a request to a CA server is usually performed using Simple Certificate Enrollment Protocol (SCEP) over HTTP or Enrollment over Secure Transport (EST) RFC7030 using TLS. An OCSP responder (a server typically run by the certificate issuer) may return a signed response signifying that the certificate specified in the request is 'good', 'revoked', or 'unknown'. If the OCSP responder cannot process the request, it may return an error code. Communications are based on HTTP protocol where the TOE is the client. This OE component is required to support interface E5 as defined in Figure 1 above. Network Infrastructure The network infrastructure contains components such as routers, switches, DNS server, etc. Figure 1 identifies these interfaces as a single interface. The interface to the managed network infrastructure is a separate connection to the enterprise operational environment the TOE is managing. The TOEs management of the enterprise operational environment is out of scope for the NDcPP. Therefore, interface E4 to these components is out of scope of the evaluation. Update Server A general-purpose computer controlled by the vendor that includes a web server and is used to store software update packages that can be retrieved by product customers using HTTPS/TLS enabled browser or Console. The host of the Forescout Console provides the secure channel and not the TOE. Therefore, HTTPS is not declared in this ST. The Forescout device does not automatically download or update itself nor does it connect to the update server directly. The TOE receives the update from the Forescout Console. Interface E8 is out of scope of the evaluation. It is being declared as part of the test environment for completeness as it is used to support trusted updates testing. Table 5: Supporting Components in the Operational Environment 2.3 Excluded from the TOE The following TOE functionality, components, and/or applications are not included in the evaluated configuration. They provide no added security related functionality for the evaluated product. They are separated into three categories: not installed, installed but requires a separate license, and installed but not part of the TSF. Not Installed There are no components, applications, and/or functionality that are not installed. Installed but Requires a Separate License There are no excluded components, applications, and or functionality that are installed and require a separate license for activation. Security Target Forescout 13 | P a g e Installed But Not Part of the TSF This section contains functionality that is part of the purchased product but is not part of the TSF relevant functionality that is being evaluated as the TOE based on the Protection Profile. • Web Portals – The different Web Portals provide functionality that allows TOE users, through a local browser or the Console, to view descriptive information such as trend information, vulnerabilities, and network inventory. The Web Portals contain no remote or local security management functionality. They can only provide read-only descriptive information in a dashboard display or that can be incorporated into customized report using the Console. Since the Web Portal interfaces do not have any administrative functionality or any functionality that can be mapped to the NDcPP, they are considered beyond the scope of the claimed Protection Profile. • Hierarchical Functionality/Trusted Appliance Interface – This interface is for a Forescout platform configured as an Enterprise Manager to communicate with another instantiation of the TOE configured as a Forescout Appliance (not an Enterprise Manager) for creating a hierarchical monitoring of a distributed Enterprise network. TLS communications for this interface uses a preconfigured vendor certificate. This interface is not used for remote or local administration. Functionality and Data flow between the two devices does not map to any NDcPP SFRs and is considered beyond the scope of the claimed Protection Profile. • Host Scanning – This functionality allows the TOE to collect vulnerability data and the data used to enforce network access control policies from the network. This functionality is beyond the scope of the claimed Protection Profile. • Network Monitor – This functionality allows the TOE to monitor and track network traffic. This functionality is beyond the scope of the claimed Protection Profile. • Network Response – This functionality allows the TOE to send responses back into the protected network. This functionality is beyond the scope of the claimed Protection Profile. • HTTP Redirection – This functionality allows the TOE to send HTTP (or HTTPS) formatted communications (Web or Intranet) to users on network endpoints. This functionality is beyond the scope of the claimed Protection Profile. • SNMP – The TOE can be configured to use SNMP to communicate with network switches and routers and to receive SNMP traps from network switches and routers. This functionality is beyond the scope of the claimed Protection Profile. • SMTP – The TOE can be configured to use SNMP to send e-mail messages to the administrators or other personnel regarding information of interest. This functionality is beyond the scope of the claimed Protection Profile. • RADIUS – The TOE can be configured to support the use of RADIUS authentication services. This functionality is not being claimed and is beyond the scope of the evaluation. • Forescout Cloud services/plugins/functions –The TOE has the ability to support integrating with Forescout Cloud services through the use of plugins and tools. These functions are not claimed as part of this evaluation and cloud services are not covered by this protection profile. • Additionally, the TOE includes a number of capabilities in support of its primary function that are outside the scope of the claimed Protection Profile. These functions are not part of the TSF because there are no SFRs that apply to them. Security Target Forescout 14 | P a g e 2.4 Physical Boundary The following table outlines the models and their key differentiators that are part of the evaluation. System Name Equipment Forescout: Appliance (CT-) & Enterprise Manager (CEM-) Software/Firmware Hardware Model Component/Configuration Forescout v8.4.1 operating on CentOS 7.5 CT-Remote 1U Desktop 2 USB 2.0 1 CPU Intel Celeron J1900 (Bay Trail) 4x Intel-based 10/100/1000 NIC Ports Table 6: CT-R Model Rev22 System Name Equipment Forescout: Appliance (CT-) & Enterprise Manager (CEM-) Software/Firmware Hardware Model Component/Configuration Forescout v8.4.1 operating on CentOS 7.5 CT-100 1U Rack-mount 3x RAID1 with hot spare 2x USB 2.0 (back), 2x USB 1.0 (front) 1 CPU Intel Xeon E5 2609 v3 (Haswell) 4 (up to 8)x Intel-based NIC Ethernet Ports CT-1000; CEM-05, and CEM-10 1U Rack-mount 3x RAID1 with hot spare 2x USB 2.0 (back), 2x USB 1.0 (front) 1 CPU Intel Xeon E5 2620 v3 (Haswell) 4 (up to 8)x Intel-based NIC Ethernet Ports CT-2000; CEM-25, and CEM-50 2U Rack-mount 3x RAID1 with hot spare 2x USB 2.0 (back), 2x USB 1.0 (front) 1 CPU Intel Xeon E5 2640 v3 (Haswell) 4 (up to 8)x Intel-based NIC Ethernet Ports CT-4000; and CEM-100 2U Rack-mount 3x RAID1 with hot spare 2x USB 2.0 (back), 2x USB 1.0 (front) 2 CPU Intel Xeon E5 2640 v3 (Haswell) 4 (up to 8)x Intel-based NIC Ethernet Ports CT-10000; and CEM-150, CEM- 200 2U Rack-mount 3x RAID1 with hot spare 2x USB 2.0 (back), 2x USB 1.0 (front) 2 CPU Intel Xeon E5 2650 v3 (Haswell) 4 (up to 8)x Intel-based NIC Ethernet Ports Table 7: CT/CEM Models Rev40 System Name Equipment Forescout: Appliance (CT-) & Enterprise Manager (CEM-) Software/Firmware Hardware Model Component/Configuration Forescout v8.4.1 operating on CentOS 7.5 CT-100 1U Rack-mount 3 HDD (RAID1+HS) 1 USB 2.0 and 1 micro-USB 2.0 (front), 2 USB 3.0 (Rear) 1x Xeon Silver 4110 (Skylake) 4 (up to 8)x Intel-based NIC Ethernet Ports CT-1000; CEM-05, and CEM-10 1U Rack-mount 3 HDD (RAID1+HS) Security Target Forescout 15 | P a g e System Name Equipment 1 USB 2.0 and 1 micro-USB 2.0 (front), 2 USB 3.0 (Rear) 1x Xeon Silver 4110 (Skylake) 4 (up to 8)x Intel-based NIC Ethernet Ports CT-2000; CEM-25, and CEM-50 1U Rack-mount 3 HDD (RAID1+HS) 1 USB 2.0 and 1 micro-USB 2.0 (front), 2 USB 3.0 (Rear) 2 x Xeon Silver 4114 (Skylake) 4 (up to 8)x Intel-based NIC Ethernet Ports CT-4000; and CEM-100 1U Rack-mount 3 HDD (RAID1+HS) 1 USB 2.0 and 1 micro-USB 2.0 (front), 2 USB 3.0 (Rear) 2 x Xeon Silver 4114 (Skylake) 4 (up to 8)x Intel-based NIC Ethernet Ports CT-10000; and CEM-150, CEM- 200 1U Rack-mount 3 HDD (RAID1+HS) 1 USB 2.0 and 1 micro-USB 2.0 (front), 2 USB 3.0 (Rear) 2 x Xeon Gold 5118 (Skylake) 4 (up to 8)x Intel-based NIC Ethernet Ports Table 8: CT/CEM Models Rev50 System Name Equipment Forescout: Appliance (CT-) & Enterprise Manager (CEM-) Software/Firmware Hardware Model Component/Configuration Forescout v8.4.1 operating on CentOS 7.5 4130 1U Rack-mount 1 HDD 4 x USB 3.1 Gen2 2 x USB 3.1 Gen1 Gen 8 Intel® Core™ i5-8500T (Coffee Lake) 6 x Intel-based NIC Ethernet Ports 5110 1U Desktop 1 HDD 2 USB 2.0 1 CPU Intel Celeron J1900 (Bay Trail) 4x 10/100/1000 NIC Ports 5120 1U Rack-mount 3 HDD (RAID1+HS) 1 USB 2.0 and 1 micro-USB 2.0 (front), 2 USB 3.0 (Rear) 1 x Xeon Silver 4110 (Skylake) 4 (up to 8)x Intel-based NIC Ethernet Ports 5140 1U Rack-mount 3 HDD (RAID1+HS) 1 USB 2.0 and 1 micro-USB 2.0 (front), 2 USB 3.0 (Rear) 2 x Xeon Silver 4114 (Skylake) Security Target Forescout 16 | P a g e 4 (up to 8)x Intel-based NIC Ethernet Ports 5160 1U Rack-mount 3 HDD (RAID1+HS) 1 USB 2.0 and 1 micro-USB 2.0 (front), 2 USB 3.0 (Rear) 2 x Xeon Gold 6132 (Skylake) 4 (up to 8)x Intel-based NIC Ethernet Ports Table 9: 4130 and 51xx Models 2.5 Logical Boundary The TOE is comprised of the following security features that have been scoped by the protection profile: • Security Audit • Cryptographic Support • Identification and Authentication • Security Management • Protection of the TSF • TOE Access • Trusted Path/Channels Security Audit The TOE contains mechanisms to generate audit data to record predefined events on the TOE. The audit logs are stored in an internal database on the TOE’s local hard drive. An authorized administrator has the ability to enable/disable the forwarding of events to an audit server. In the evaluated configuration, the audit data is also securely transmitted to the audit server using a TLS v1.2 communication channel. Cryptographic Support The TOE provides cryptography in support of SSH and TLS (v1.2) trusted communications. Two different cryptography software packages are included with the TOE: Bouncy Castle and OpenSSL. Bouncy Castle is used specifically for communications with the management workstation running the Console. OpenSSL is used for all other TLS and SSH communications. The TOE immediately destroys keys when no longer used. The following table identifies the cryptographic services per cryptographic library. SFR OpenSSL Implementation CAVP #C1887 and #A1941 Bouncy Castle Implementation CAVP #C1888 and #A1959 FCS_CKM.1 RSA per FIPS 186-4 Key Generation N/A FFC using Diffie-Hellman group 14, per RFC 3526 Section 3 N/A FCS_CKM.2 RSA Key Establishment per RSAES- PKCS-v1_5 RSA Key Establishment per RSAES- PKCS-v1_5 Diffie-Hellman group 14 Key Establishment RFC 3526 Section 3 N/A FCS_COP.1/DataEncryp tion AES CTR: 128 and 256 bits AES CBC: 128 and 256 bits AES GCM: 128 and 256 bits AES CBC: 128 and 256 bits AES GCM: 256 bits Security Target Forescout 17 | P a g e Table 10: Cryptographic Services Identification and Authentication The TSF provides a configurable number of maximum consecutive authentication failures that are permitted by a user. Once this number has been met, the account is locked for a configurable time interval or until a Security Administrator manually unlocks the account. The TOE provides local password authentication for CLI and Console users as well as providing the ability to securely connect to an Active Directory server for the authentication of Console users. Communications over this interface is secured using TLS in which the TOE is acting as a client. The TOE enforces the use of X.509 certificates to support authentication for TLS connections. The only function available to an unauthenticated user is the ability to acknowledge a warning banner. Passwords that are maintained by the TSF can be composed of upper case, lower case, numbers and special characters. A Security Administrator can define the minimum password length between 15 and 30 characters. Security Management The TOE can be administered locally and remotely and uses role-based access control to prevent unauthorized management and access to TSF data. The TOE maintains the role of Security Administrator which is fulfilled by users with the “cliadmin” role for the CLI interfaces and by users with the “administrator” role (default account “admin”) for the Console interface. Protection of the TSF The TOE is expected to ensure the security and integrity of all data that is stored locally and accessed remotely. Passwords are not stored in plaintext. The TOE does not support automatic updates. An administrator has the ability to query the TOE for the currently executing version the TOE software and is required to manually initiate the update process from the Console. The TOE automatically verifies the digital signature of the software update prior to installation. If the digital signature is found to be invalid for any reason the update is not installed. If the signature is deemed invalid, the administrator will be provided a warning banner. There is no means for an administrative override to continue the installation if the signature is completely missing. The TOE implements a self-testing mechanism that is automatically executed during the initial start-up and can be manually initiated by an administrator after authentication, to verify the correct operation of product and cryptographic modules. The TOE provides its own time via its internal clock. TOE Access The TOE displays a configurable warning banner prior to its use. Inactive sessions will be terminated after an administrator-configurable time period. Users are allowed to terminate their own interactive session. Once a remote session has been terminated the TOE requires the user to re-authenticate to establish a new FCS_COP.1/SigGen RSA FIPS 186-4 Signature Services 2048 bits RSA FIPS 186-4 Signature Services 2048 bits FCS_COP.1/Hash SHS: SHA-1, SHA-256, SHA-384, and SHA-512 SHS: SHA-1, SHA-256, and SHA-384 FCS_COP.1/KeyedHash HMAC-SHA-1, HMAC-SHA-256, HMAC- 384, and HMAC-SHA-512 HMAC-SHA-1, HMAC-SHA-256, and HMAC-384 FCS_RBG_EXT.1 CTR DRBG Hash DRBG Security Target Forescout 18 | P a g e session. Local and remote sessions are terminated after the administrator configured inactivity time limit is reached. Trusted Path/Channels Users can access a CLI for administration functions remotely via SSH (remote console) or a local physical connection (local console) to the TOE. The TOE provides the SSH server functionality. The Console is the main administrator interface, which is running on a separate Windows PC and requires the use of TLS to communicate with the TOE. The TOE acts as a TLS client to initiate the following secure paths to • User authentication (Active Directory) • Auditing (audit server) The TOE acts as a TLS server and receives requests to establish the following secure paths from: • Forescout Console Security Target Forescout 19 | P a g e 3 Conformance Claims 3.1 CC Version This ST is compliant with Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5 April 2017. 3.2 CC Part 2 Conformance Claims This ST and Target of Evaluation (TOE) is Part 2 extended to include all applicable NIAP and International interpretations through February 27, 2023. 3.3 CC Part 3 Conformance Claims This ST and Target of Evaluation (TOE) are conformant to Part 3 to include all applicable NIAP and International interpretations through February 27, 2023. 3.4 PP Claims This ST claims exact conformance to the following Protection Profiles: • Collaborative Protection Profile for Network Devices Version 2.2e (NDcPP), March 23, 2020 3.5 Package Claims The TOE claims exact compliance to the Collaborative Protection Profile for Network Devices Version 2.2e, which is conformant with CC Part 3. The TOE claims following Selection-Based SFRs that are defined in the appendices of the claimed PP: • FCS_SSHS_EXT.1 • FCS_TLSC_EXT.1 • FCS_TLSS_EXT.1 • FIA_X509_EXT.1/Rev • FIA_X509_EXT.2 • FIA_X509_EXT.3 The TOE does not claim any Optional SFRs that are defined in the appendices of the claimed PP. This does not violate the notion of exact conformance because the PP specifically indicates these as allowable options and provides both the ST author and evaluation laboratory with instructions on how these claims are to be documented and evaluated. 3.6 Package Name Conformant or Package Name Augmented This ST and TOE are in exact conformance with the NDcPP version 2.2e. 3.7 Technical Decisions Technical Decisions that effected the SFR wording have been annotated with a Footnote. Security Target Forescout 20 | P a g e The following list of the NDcPP2e Technical Decisions apply to the TOE because SFR wording, application notes, or assurance activities were modified for SFRs claimed by the TOE: TD # Title References Changes Analysis to this evaluation SFR AA Notes NA Reason TD0527 Updates to Certificate Revocation Testing (FIA_X509_EXT.1) FIA_X509_EXT.1/REV, FIA_X509_EXT.1/ITT X AA: Testing Update. No ST updates required. TD0528 NIT Technical Decision for Missing EAs for FCS_NTP_EXT.1.4 FCS_NTP_EXT.1.4 X X AA: Testing Update. N/A: SFR not claimed. TD0536 NIT Technical Decision for Update Verification Inconsistency AGD_OPE.1 X AA: Guidance Update. No ST updates required. TD0537 NIT Technical Decision for Incorrect reference to FCS_TLSC_EXT.2.3 FIA_X509_EXT.2.2 X SFR claimed but note change has no impact on ST. TD0538 NIT Technical Decision for Outdated link to allowed-with list Section 2 X PP claimed but note change has no impact on ST. TD0546 NIT Technical Decision for DTLS - clarification of Application Note 63 FCS_DTLSC_EXT.1.1 X X N/A: SFR not claimed TD0547 NIT Technical Decision for Clarification on developer disclosure of AVA_VAN AVA_VAN X Clarification of AVA_VAN No ST updates required. TD0555 NIT Technical Decision for RFC Reference incorrect in TLSS Test NDSDv2.2, FCS_TLSS_EXT.1.4, Test 3 X AA: Test clarification no wording change No ST updates required. TD0556 NIT Technical Decision for RFC 5077 question NDSDv2.2, FCS_TLSS_EXT.1.4, Test 3 X X N/A: Test for renegotiation does not apply. TD0563 NiT Technical Decision for Clarification of audit date information NDcPPv2.2e, FAU_GEN.1.2 X Clarified date time stamp requirements No ST updates required. AGD Section 8 shows compliance. TD0564 NiT Technical Decision for Vulnerability Analysis Search Criteria NDSDv2.2, AVA_VAN.1 X Clarified AVA public search requirements. TD0569 NIT Technical Decision for Session ID Usage Conflict in FCS_DTLSS_EXT.1.7 ND SD v2.2, FCS_DTLSS_EXT.1.7, FCS_TLSS_EXT.1.4 X X AA: TSS, AGD, ATE Neither session tickets nor resumption is claimed. TD0570 NiT Technical Decision for Clarification about FIA_AFL.1 FIA_AFL.1 X Makes FIA_AFL.1 mandatory. FIA_AFL.1 was Security Target Forescout 21 | P a g e already claimed. Not marked with footnote as no SFR wording changes were mandated. TD0571 NiT Technical Decision for Guidance on how to handle FIA_AFL.1 FIA_UAU.1, FIA_PMG_EXT.1 X Makes FIA_PMG_EXT.1, FIA_AFL.1, and FMT_SMF.1 mandatory. All were previously claimed. Not marked with footnote as no SFR wording changes were mandated. TD0572 NiT Technical Decision for Restricting FTP_ITC.1 to only IP address identifiers FTP_ITC.1 X Clarification; no changes to AA or ST required. TD0580 NIT Technical Decision for clarification about use of DH14 in NDcPPv2.2e FCS_CKM.1.1, FCS_CKM.2.1 X X X AA:TSS, Test Footnote 2 TD0581 NIT Technical Decision for Elliptic curve-based key establishment and NIST SP 800- 56Arev3 FCS_CKM.2 X X SFR word changes to update Revision number to 3. N/A: Not claiming Elliptic Curves. TD0591 NIT Technical Decision for Virtual TOEs and hypervisors A.LIMITED_FUNCTION ALITY, ACRONYMS Assumption wording change. Footnote 1. TD0592 NIT Technical Decision for Local Storage of Audit Records FAU_STG Clarification of PP text. TD0631 NIT Technical Decision for Clarification of public key authentication for SSH Server ND SDv2.2, FCS_SSHS_EXT.1, FMT_SMF.1 X X X AA:TSS, Testing Update. Footnote 3 and 4 TD0632 NIT Technical Decision for Consistency with Time Data for vNDs ND SD2.2, FPT_STM_EXT.1.2 X X N/A: TOE is not a vND TD0633 NIT Technical Decision for IPsec IKE/SA Lifetimes Tolerance ND SD2.2, FCS_IPSEC_EXT.1.7, FCS_IPSEC_EXT.1.8 X X N/A: Not claiming IPSEC TD0634 NIT Technical Decision for Clarification required for testing IPv6 FCS_DTLSC_EXT.1.2, FCS_TLSC_EXT.1.2, ND SD v2.2 X AA: Testing Update. TD0635 NIT Technical Decision for TLS Server and Key Agreement Parameters FCS_TLSS_EXT.1.3, NDSD v2.2 X X N/A: Not claiming DHE or ECDHE algorithms. TD0636 NIT Technical Decision for Clarification of Public Key User Authentication for SSH ND SD2.2, FCS_SSHC_EXT.1 X X X X N/A: Not claiming SSH Client functionality TD0638 NIT Technical Decision for Key Pair Generation for Authentication NDSDv2.2, FCS_CKM.1 X Explanation of expectation. TOE fulfills this expectation. Claiming Security Target Forescout 22 | P a g e Table 11: Technical Decisions 3.8 Conformance Claim Rationale Section 1.2 of the NDcPP states: The NDcPP defines a network device as “a device that is connected to a network and has an infrastructure role within that network. The TOE may be standalone or distributed, where a distributed TOE is one that requires multiple distinct components to operate as a logical whole in order to fulfil the requirements of this cPP…” Additionally, the NDcPP says that example devices that fit this definition include “physical and virtualised routers, firewalls, VPN gateways, IDSs, and switches.” The TOE is a standalone network device, composed of hardware and software, that is connected to the network and enables network access control, threat protection, and compliance of the entire enterprise based on network security policies. Therefore, the TOE provides an infrastructure role in internetworking of different network environments across an enterprise. The Forescout appliance is a device that is used to dynamically identify and evaluate network infrastructure, devices and applications connected to the network, and to provide enforcement of Network Access Policy (NAC) and Enterprise Conformance Policies. Therefore, this conformance claim is appropriate. The TOE type is justified because the TOE. RSA keygen with RSA for TLS (server) key establishment TD0639 NIT Technical Decision for Clarification for NTP MAC Keys FCS_NTP_EXT.1.2, FAU_GEN.1, FCS_CKM.4, FPT_SKP_EXT.1 X X N/A: Not claiming NTP functionality TD0670 NIT Technical Decision for Mutual and Non-Mutual Auth TLSC Testing ND SD2.2, FCS_TLSC_EXT.2.1 X X X N/A: Not claiming mutual authentication functionality Security Target Forescout 23 | P a g e 4 Security Problem Definition 4.1 Threats This section identifies the threats against the TOE. These threats have been taken from the NDcPP. Threat Threat Definition T.UNAUTHORIZED_ADMINISTRATOR_ACCESS Threat agents may attempt to gain Administrator access to the Network Device by nefarious means such as masquerading as an Administrator to the device, masquerading as the device to an Administrator, replaying an administrative session (in its entirety, or selected portions), or performing man-in-the-middle attacks, which would provide access to the administrative session, or sessions between Network Devices. Successfully gaining Administrator access allows malicious actions that compromise the security functionality of the device and the network on which it resides. T.WEAK_CRYPTOGRAPHY Threat agents may exploit weak cryptographic algorithms or perform a cryptographic exhaust against the key space. Poorly chosen encryption algorithms, modes, and key sizes will allow attackers to compromise the algorithms, or brute force exhaust the key space and give them unauthorized access allowing them to read, manipulate and/or control the traffic with minimal effort. T.UNTRUSTED_COMMUNICATION_CHANNELS Threat agents may exploit weak cryptographic algorithms or perform a cryptographic exhaust against the key space. Poorly chosen encryption algorithms, modes, and key sizes will allow attackers to compromise the algorithms, or brute force exhaust the key space and give them unauthorized access allowing them to read, manipulate and/or control the traffic with minimal effort. T.WEAK_AUTHENTICATION_ENDPOINTS Threat agents may take advantage of secure protocols that use weak methods to authenticate the endpoints, e.g. a shared password that is guessable or transported as plaintext. The consequences are the same as a poorly designed protocol, the attacker could masquerade as the Administrator or another device, and the attacker could insert themselves into the network stream and perform a man-in-the-middle attack. The result is the critical network traffic is exposed and there could be a loss of confidentiality and integrity, and potentially the Network Device itself could be compromised. T.UPDATE_COMPROMISE Threat agents may attempt to provide a compromised update of the software or firmware which undermines the security functionality of the device. Non-validated updates or updates validated using non-secure or weak cryptography leave the update firmware vulnerable to surreptitious alteration. T.UNDETECTED_ACTIVITY Threat agents may attempt to access, change, and/or modify the security functionality of the Network Device without Administrator awareness. This could result in the attacker finding an avenue (e.g., misconfiguration, flaw in the product) to compromise the device and the Administrator would have no knowledge that the device has been compromised. Security Target Forescout 24 | P a g e Threat Threat Definition T.SECURITY_FUNCTIONALITY_COMPROMISE Threat agents may compromise credentials and device data enabling continued access to the Network Device and its critical data. The compromise of credentials includes replacing existing credentials with an attacker’s credentials, modifying existing credentials, or obtaining the Administrator or device credentials for use by the attacker. T.PASSWORD_CRACKING Threat agents may be able to take advantage of weak administrative passwords to gain privileged access to the device. Having privileged access to the device provides the attacker unfettered access to the network traffic and may allow them to take advantage of any trust relationships with other Network Devices. T.SECURITY_FUNCTIONALITY_FAILURE An external, unauthorized entity could make use of failed or compromised security functionality and might therefore subsequently use or abuse security functions without prior authentication to access, change or modify device data, critical network traffic or security functionality of the device. Table 12: TOE Threats 4.2 Organizational Security Policies This section identifies the organizational security policies which are expected to be implemented by an organization that deploys the TOE. These policies have been taken from the NDcPP. Policy Policy Definition P.ACCESS_BANNER The TOE shall display an initial banner describing restrictions of use, legal agreements, or any other appropriate information to which users consent by accessing the TOE. Table 13: TOE Organization Security Policies 4.3 Assumptions The specific conditions listed in this section are assumed to exist in the TOE’s Operational Environment. These assumptions have been taken from the NDcPP. Assumption Assumption Definition A.PHYSICAL_PROTECTION The Network Device is assumed to be physically protected in its operational environment and not subject to physical attacks that compromise the security or interfere with the device’s physical interconnections and correct operation. This protection is assumed to be sufficient to protect the device and the data it contains. As a result, the cPP does not include any requirements on physical tamper protection or other physical attack mitigations. The cPP does not expect the product to defend against physical access to the device that allows unauthorized entities to extract data, bypass other controls, or otherwise manipulate the device. For vNDs, this assumption applies to the physical platform on which the VM runs. A.LIMITED_FUNCTIONALITY1 The device is assumed to provide networking functionality as its core function and not provide functionality/services that could be deemed as general purpose computing. For example, the device should not provide a computing platform for general purpose applications (unrelated to networking functionality). 1 TD0591 Security Target Forescout 25 | P a g e Assumption Assumption Definition If a virtual TOE evaluated as a pND, following Case 2 vNDs as specified in Section 1.2, the VS is considered part of the TOE with only one vND instance for each physical hardware platform. The exception being where components of a distributed TOE run inside more than one virtual machine (VM) on a single VS. In Case 2 vND, no non-TOE guest VMs are allowed on the platform. A.NO_THRU_TRAFFIC_PROTECTION A standard/generic Network Device does not provide any assurance regarding the protection of traffic that traverses it. The intent is for the Network Device to protect data that originates on or is destined to the device itself, to include administrative data and audit data. Traffic that is traversing the Network Device, destined for another network entity, is not covered by the ND cPP. It is assumed that this protection will be covered by cPPs and PP-Modules for particular types of Network Devices (e.g., firewall). A.TRUSTED_ADMINISTRATOR The Security Administrator(s) for the Network Device are assumed to be trusted and to act in the best interest of security for the organization. This includes appropriately trained, following policy, and adhering to guidance documentation. Administrators are trusted to ensure passwords/credentials have sufficient strength and entropy and to lack malicious intent when administering the device. The Network Device is not expected to be capable of defending against a malicious Administrator that actively works to bypass or compromise the security of the device. For TOEs supporting .509v3 certificate-based authentication, the Security Administrator(s) are expected to fully validate (e.g. offline verification) any CA certificate (root CA certificate or intermediate CA certificate) loaded into the TOE’s trust store (aka 'root store', ' trusted CA Key Store', or similar) as a trust anchor prior to use (e.g. offline verification). A.REGULAR_UPDATES The Network Device firmware and software is assumed to be updated by an Administrator on a regular basis in response to the release of product updates due to known vulnerabilities. A.ADMIN_CREDENTIALS_SECURE The Administrator’s credentials (private key) used to access the Network Device are protected by the platform on which they reside. A.RESIDUAL_INFORMATION The Administrator must ensure that there is no unauthorized access possible for sensitive residual information (e.g. cryptographic keys, keying material, PINs, passwords etc.) on networking equipment when the equipment is discarded or removed from its operational environment. Table 14: TOE Assumptions 4.4 Security Objectives This section identifies the security objectives of the TOE and its supporting environment. The security objectives identify the responsibilities of the TOE and its environment in meeting the security needs. TOE Security Objectives The NDcPP does not define any security objectives for the TOE. Security Objectives for the Operational Environment The TOE’s operational environment must satisfy the following objectives: Objective Objective Definition OE.PHYSICAL Physical security, commensurate with the value of the TOE and the data it contains, is provided by the environment. Security Target Forescout 26 | P a g e Objective Objective Definition OE.NO_GENERAL_PURPOSE There are no general-purpose computing capabilities (e.g., compilers or user applications) available on the TOE, other than those services necessary for the operation, administration and support of the TOE. Note: For vNDs the TOE includes only the contents of the its own VM, and does not include other VMs or the VS. OE.NO_THRU_TRAFFIC_PROTECTION The TOE does not provide any protection of traffic that traverses it. It is assumed that protection of this traffic will be covered by other security and assurance measures in the operational environment. OE.TRUSTED_ADMIN Security Administrators are trusted to follow and apply all guidance documentation in a trusted manner. For vNDs, this includes the VS Administrator responsible for configuring the VMs that implement ND functionality. For TOEs supporting X.509v3 certificate-based authentication, the Security Administrator(s) are assumed to monitor the revocation status of all certificates in the TOE's trust store and to remove any certificate from the TOE’s trust store in case such certificate can no longer be trusted. OE.UPDATES The TOE firmware and software is updated by an Administrator on a regular basis in response to the release of product updates due to known vulnerabilities. OE.ADMIN_CREDENTIALS_SECURE The Administrator’s credentials (private key) used to access the TOE must be protected on any other platform on which they reside. OE.RESIDUAL_INFORMATION The Security Administrator ensures that there is no unauthorized access possible for sensitive residual information (e.g. cryptographic keys, keying material, PINs, passwords etc.) on networking equipment when the equipment is discarded or removed from its operational environment. For vNDs, this applies when the physical platform on which the VM runs is removed from its operational environment. Table 15: TOE Operational Environment Objectives 4.5 Security Problem Definition Rationale The assumptions, threats, OSPs, and objectives that are defined in this ST represent the assumptions, threats, OSPs, and objectives that are specified in the Protection Profile to which the TOE claims conformance. The associated mappings of assumptions to environmental objectives, SFRs to TOE objectives, and OSPs and objectives to threats are therefore identical to the mappings that are specified in the claimed Protection Profile. 5 Extended Components Definition 5.1 Extended Security Functional Requirements The extended Security Functional Requirements that are claimed in this ST are taken directly from the PP to which the ST and TOE claim conformance. These extended components are formally defined in the PP in which their usage is required. Security Target Forescout 27 | P a g e 5.2 Extended Security Assurance Requirements There are no extended Security Assurance Requirements in this ST. Security Target Forescout 28 | P a g e 6 Security Functional Requirements 6.1 Conventions The CC permits four functional component operations—assignment, refinement, selection, and iteration— to be performed on functional requirements. This ST will highlight the operations in the following manner: • Assignment: allows the specification of an identified parameter. Indicated with italicized text. • Refinement: allows the addition of details. Indicated with bold text. • Selection: allows the specification of one or more elements from a list. Indicated with underlined text. • Iteration: allows a component to be used more than once with varying operations. Indicated with a sequential number in parentheses following the element number of the iterated SFR and/or separated by a “/” with a notation that references the function for which the iteration is used, e.g. “/LocSpace” for an SFR that relates to local storage space When multiple operations are combined, such as an assignment that is provided as an option within a selection or refinement, a combination of the text formatting is used. If SFR text is reproduced verbatim from text that was formatted in a claimed PP (such as if the PP’s instantiation of the SFR has a refinement or a completed assignment), the formatting is not preserved. This is so that the reader can identify the operations that are performed by the ST author as opposed to the PP author. 6.2 Security Functional Requirements Summary The following table lists the SFRs claimed by the TOE: Class Name Component Identification Component Name Security Audit FAU_GEN.1 Audit Data Generation FAU_GEN.2 User identity association FAU_STG_EXT.1 Protected Audit Event Storage Cryptographic Support FCS_CKM.1 Cryptographic Key Generation FCS_CKM.2 Cryptographic Key Establishment FCS_CKM.4 Cryptographic Key Destruction FCS_COP.1/DataEncryption Cryptographic Operation (AES Data Encryption/Decryption) FCS_COP.1/SigGen Cryptographic Operation (Signature Generation and Verification) FCS_COP.1/Hash Cryptographic Operation (Hash Algorithm) FCS_COP.1/KeyedHash Cryptographic Operation (Keyed Hash Algorithm) FCS_RBG_EXT.1 Random Bit Generation FCS_SSHS_EXT.1 SSH Server Protocol FCS_TLSC_EXT.1 TLS Client Protocol Without Mutual Authentication FCS_TLSS_EXT.1 TLS Server Protocol Without Mutual Authentication Identification and Authentication FIA_AFL.1 Authentication Failure Management FIA_PMG_EXT.1 Password Management FIA_UAU.7 Protected Authentication Feedback FIA_UAU_EXT.2 Password-based Authentication Mechanism FIA_UIA_EXT.1 User Identification and Authentication FIA_X509_EXT.1/Rev X.509 Certificate Validation FIA_X509_EXT.2 X509 Certificate Authentication FIA_X509_EXT.3 X509 Certificate Requests Security Target Forescout 29 | P a g e Class Name Component Identification Component Name Security Management FMT_MOF.1/ManualUpdate Management of security functions behavior FMT_MTD.1/CoreData Management of TSF Data FMT_SMF.1 Specification of Management Functions FMT_SMR.2 Restrictions on Security Roles Protection of the TSF FPT_APW_EXT.1 Protection of Administrator Passwords FPT_SKP_EXT.1 Protection of TSF Data (for reading of all symmetric keys) FPT_STM_EXT.1 Reliable Time Stamps FPT_TST_EXT.1 TSF Testing FPT_TUD_EXT.1 Trusted Update TOE Access FTA_SSL_EXT.1 TSF-initiated Session Locking FTA_SSL.3 TSF-initiated Termination FTA_SSL.4 User-initiated Termination FTA_TAB.1 Default TOE Access Banner Trusted Path /Channels FTP_ITC.1 Inter-TSF trusted channel FTP_TRP.1/Admin Trusted Path Table 16: Security Functional Requirements for the TOE 6.3 Security Functional Requirements Class FAU: Security Audit FAU_GEN.1 Audit Data Generation FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following auditable events: a) Start-up and shut-down of the audit functions; b) All auditable events for the not specified level of audit; and c) All administrative actions comprising: • Administrative login and logout (name of user account shall be logged if individual user accounts are required for administrators). • Changes to TSF data related to configuration changes (in addition to the information that a change occurred it shall be logged what has been changed). • Generating/import of, changing, or deleting of cryptographic keys (in addition to the action itself a unique key name or key reference shall be logged). • Resetting passwords (name of related user account shall be logged). • [no other actions] d) Specifically defined auditable events listed in Table 17. FAU_GEN.1.2 The TSF shall record within each audit record at least the following information: a) Date and time of the event, type of event, subject identity, and the outcome (success or failure) of the event; and b) For each audit event type, based on the auditable event definitions of the functional components included in the cPP/ST, information specified in column three of Table 17. Security Target Forescout 30 | P a g e Requirement Auditable Event(s) Additional Audit Record Contents FAU_GEN.1 None. None. FAU_GEN.2 None. None. FAU_STG_EXT.1 None. None. FCS_CKM.1 None. None. FCS_CKM.2 None. None. FCS_CKM.4 None. None. FCS_COP.1/DataEncryption None. None. FCS_COP.1/SigGen None. None. FCS_COP.1/Hash None. None. FCS_COP.1/KeyedHash None. None. FCS_RBG_EXT.1 None. None. FCS_SSHS_EXT.1 Failure to establish an SSH session. Reason for failure. FCS_TLSC_EXT.1 Failure to establish a TLS session Reason for failure FCS_TLSS_EXT.1 Failure to establish a TLS session Reason for failure FIA_AFL.1 Unsuccessful login attempts limit is met or exceeded Origin of the attempt (e.g., IP address) FIA_PMG_EXT.1 None. None. FIA_UAU.7 None. None. FIA_UAU_EXT.2 All use of the identification and authentication mechanism. Origin of the attempt (e.g., IP address). FIA_UIA_EXT.1 All use of the identification and authentication mechanism. Origin of the attempt (e.g., IP address). FIA_X509_EXT.1/Rev Unsuccessful attempt to validate a certificate Reason for failure FIA_X509_EXT.2 None. None. FIA_X509_EXT.3 None. None. FMT_MOF.1/ManualUpdate Any attempt to initiate a manual update None. FMT_MTD.1/CoreData None. None. FMT_SMF.1 All management activities of TSF data. None. FMT_SMR.2 None. None. FPT_APW_EXT.1 None. None. FPT_SKP_EXT.1 None. None. FPT_STM_EXT.1 Discontinuous changes to time - either Administrator actuated or changed via an automated process. (Note that no continuous changes to time need to be logged. See also application note on FPT_STM_EXT.1) For discontinuous changes to time: The old and new values for the time. Origin of the attempt to change time for success and failure (e.g., IP address). FPT_TST_EXT.1 None. None. FPT_TUD_EXT.1 Initiation of update; result of the update attempt (success or failure) None. FTA_SSL_EXT.1 (if “terminate the session” is selected) The termination of a local session by the session locking mechanism. None. FTA_SSL.3 The termination of a remote session by the session locking mechanism. None. FTA_SSL.4 The termination of an interactive session. None. FTA_TAB.1 None. None. FTP_ITC.1 • Initiation of the trusted channel. • Termination of the trusted channel. • Failure of the trusted channel functions. Identification of the initiator and target of failed trusted channels establishment attempt. FTP_TRP.1/Admin • Initiation of the trusted path. • Termination of the trusted path. • Failures of the trusted path functions. Identification of the claimed user identity. Table 17: Auditable Events Security Target Forescout 31 | P a g e FAU_GEN.2 User identity association FAU_GEN.2.1 For audit events resulting from actions of identified users, the TSF shall be able to associate each auditable event with the identity of the user that caused the event. FAU_STG_EXT.1 Protected Audit Event Storage FAU_STG_EXT.1.1 The TSF shall be able to transmit the generated audit data to an external IT entity using a trusted channel according to FTP_ITC.1. FAU_STG_EXT.1.2 The TSF shall be able to store generated audit data on the TOE itself. In addition [ • The TOE shall consist of a single standalone component that stores audit data locally] FAU_STG_EXT.1.3 The TSF shall [[invoke a DB purge that will delete oldest entries based on first-in-first-out (FIFO) rules and generate a audit record for the purge event]] when the local storage space for audit data is full. Class FCS: Cryptographic Support FCS_CKM.1 Cryptographic Key Generation FCS_CKM.1.1 The TSF shall generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm: [ • RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.3; • FFC Schemes using ‘safe-prime’ groups that meet the following: ‘NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” and [RFC 3526] ]. FCS_CKM.2 Cryptographic Key Establishment FCS_CKM.2.1 The TSF shall perform cryptographic key establishment in accordance with a specified cryptographic key establishment method: [ • RSA-based key establishment schemes that meet the following: RSAES-PKCS1-v1_5 as specified in Section 7.2 of RFC 3447, “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1” Security Target Forescout 32 | P a g e • FFC Schemes using “safe-prime” groups that meet the following: ‘NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” and [groups listed in RFC 3526]2 ]. FCS_CKM.4 Cryptographic Key Destruction FCS_CKM.4.1 The TSF shall destroy cryptographic keys in accordance with a specified cryptographic key destruction method • For plaintext keys in volatile storage, the destruction shall be executed by a [single overwrite consisting of [zeroes]]; • For plaintext keys in non-volatile storage, the destruction shall be executed by the invocation of an interface provided by a part of the TSF that [ o logically addresses the storage location of the key and performs a [single]-pass overwrite consisting of [zeroes]] that meets the following: No Standard. FCS_COP.1/DataEncryption Cryptographic Operation (AES Data Encryption/Decryption) FCS_COP.1.1/DataEncryption The TSF shall perform encryption/decryption in accordance with a specified cryptographic algorithm AES used in [CTR, CBC, GCM] mode and cryptographic key sizes [128 bits, 256 bits] that meet the following: AES as specified in ISO 18033-3, [CBC as specified in ISO 10116, CTR as specified in ISO 10116, GCM as specified in ISO 19772]. FCS_COP.1/SigGen Cryptographic Operation (Signature Generation and Verification) FCS_COP.1.1/SigGen The TSF shall perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm [ • RSA Digital Signature Algorithm and cryptographic key sizes (modulus) [2048 bits] ] that meet the following: [ • For RSA schemes: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section 5.5, using PKCS #1 v2.1 Signature Schemes RSASSA-PSS and/or RSASSA-PKCS1v1_5; ISO/IEC 9796-2, Digital signature scheme 2 or Digital Signature scheme 3]. FCS_COP.1/Hash Cryptographic Operation (Hash Algorithm) 2 TD0580 Security Target Forescout 33 | P a g e FCS_COP.1.1/Hash The TSF shall perform cryptographic hashing services in accordance with a specified cryptographic algorithm [SHA-1, SHA-256, SHA-384, SHA-512] and message digest sizes [160, 256, 384, 512] bits that meet the following: ISO/IEC 10118-3:2004. FCS_COP.1/KeyedHash Cryptographic Operation (Keyed Hash Algorithm) FCS_COP.1.1/KeyedHash The TSF shall perform keyed-hash message authentication in accordance with a specified cryptographic algorithm [HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512, implicit] and cryptographic key sizes [160 bits, 256 bits, 384 bits, 512 bits] and message digest sizes [160, 256, 384, 512] bits that meet the following: ISO/IEC 9797-2:2011, Section 7 “MAC Algorithm 2”. FCS_RBG_EXT.1 Random Bit Generation FCS_RBG_EXT.1.1 The TSF shall perform all deterministic random bit generation services in accordance with ISO/IEC 18031:2011 using [Hash_DRBG (any), CTR_DRBG (AES)]. FCS_RBG_EXT.1.2 The deterministic RBG shall be seeded by at least one entropy source that accumulates entropy from [[4] software-based noise source] with a minimum of [256 bits] of entropy at least equal to the greatest security strength, according to ISO/IEC 18031:2011 Table C.1 “Security Strength Table for Hash Functions”, of the keys and hashes that it will generate. FCS_SSHS_EXT.1 SSH Server Protocol FCS_SSHS_EXT.1.1 The TSF shall implement the SSH protocol in accordance with: RFCs 4251, 4252, 4253, 4254, [4256, 4344, 6668]. FCS_SSHS_EXT.1.23 The TSF shall ensure that the SSH protocol implementation supports the following user authentication methods as described in RFC 4252: public key-based, [password-based]. FCS_SSHS_EXT.1.3 The TSF shall ensure that, as described in RFC 4253, packets greater than [32,768] bytes in an SSH transport connection are dropped. FCS_SSHS_EXT.1.4 3 TD0631 Security Target Forescout 34 | P a g e The TSF shall ensure that the SSH transport implementation uses the following encryption algorithms and rejects all other encryption algorithms: [aes128-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256- gcm@openssh.com]. FCS_SSHS_EXT.1.5 The TSF shall ensure that the SSH public-key based authentication implementation uses [ssh-rsa] as its public key algorithm(s) and rejects all other public key algorithms. FCS_SSHS_EXT.1.6 The TSF shall ensure that the SSH transport implementation uses [hmac-sha1, hmac-sha2-256, hmac- sha2-512, implicit] as its MAC algorithm(s) and rejects all other MAC algorithm(s). FCS_SSHS_EXT.1.7 The TSF shall ensure that [diffie-hellman-group14-sha1] and [no other methods] are the only allowed key exchange methods used for the SSH protocol. FCS_SSHS_EXT.1.8 The TSF shall ensure that within SSH connections, the same session keys are used for a threshold of no longer than one hour, and each encryption key is used to protect no more than one gigabyte of data. After any of the thresholds are reached, a rekey needs to be performed. FCS_TLSC_EXT.1 TLS Client Protocol Without Mutual Authentication FCS_TLSC_EXT.1.1 The TSF shall implement [TLS 1.2 (RFC 5246)] and reject all other TLS and SSL versions. The TLS implementation will support the following ciphersuites: [ • TLS_RSA_WITH_AES_256_CBC_SHA as defined in RFC 3268 • TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246 • TLS_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246 • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288] and no other ciphersuites. FCS_TLSC_EXT.1.2 The TSF shall verify that the presented identifier matches [the reference identifier per RFC 6125 section 6 and no other attribute types]. FCS_TLSC_EXT.1.3 When establishing a trusted channel, by default the TSF shall not establish a trusted channel if the server certificate is invalid. The TSF shall also [ • Not implement any administrator override mechanism]. FCS_TLSC_EXT.1.4 The TSF shall [not present the Supported Elliptic Curves/Supported Groups Extension] in the Client Hello. Security Target Forescout 35 | P a g e FCS_TLSS_EXT.1 TLS Server Protocol Without Mutual Authentication FCS_TLSS_EXT.1.1 The TSF shall implement [TLS 1.2 (RFC 5246)] and reject all other TLS and SSL versions. The TLS implementation will support the following ciphersuites: [ • TLS_RSA_WITH_AES_256_CBC_SHA as defined in RFC 3268 • TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246 • TLS_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246 • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288] and no other ciphersuites. FCS_TLSS_EXT.1.2 The TSF shall deny connections from clients requesting SSL 2.0, SSL 3.0, TLS 1.0, and [TLS 1.1]. FCS_TLSS_EXT.1.3 The TSF shall perform key establishment for TLS using [RSA with key size [2048 bits]] and no other curves]. FCS_TLSS_EXT.1.4 The TSF shall support [no session resumption or session tickets]. Class FIA: Identification and Authentication FIA_AFL.1 Authentication Failure Management FIA_AFL.1.1 The TSF shall detect when an Administrator configurable positive integer within [1-10] unsuccessful authentication attempts occur related to Administrators attempting to authenticate remotely using a password. FIA_AFL.1.2 When the defined number of unsuccessful authentication attempts has been met, the TSF shall [prevent the offending Administrator from successfully establishing remote session using any authentication method that involves a password until [a manual unlock of the account] is taken by an Administrator; prevent the offending Administrator from successfully establishing remote session using any authentication method that involves a password until an Administrator defined time period has elapsed]. FIA_PMG_EXT.1 Password Management FIA_PMG_EXT.1.1 The TSF shall provide the following password management capabilities for administrative passwords: a) Passwords shall be able to be composed of any combination of upper and lower case letters, numbers, and the following special characters: [“!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, “)”]; b) Minimum password length shall be configurable to between [15] and [30] characters. Security Target Forescout 36 | P a g e FIA_UAU.7 Protected Authentication Feedback FIA_UAU.7.1 The TSF shall provide only obscured feedback to the administrative user while the authentication is in progress at the local console. FIA_UAU_EXT.2 Password-based Authentication Mechanism FIA_UAU_EXT.2.1 The TSF shall provide a local [password-based, SSH public key-based, [Active Directory] authentication mechanism to perform local administrative user authentication. FIA_UIA_EXT.1 User Identification and Authentication FIA_UIA_EXT.1.1 The TSF shall allow the following actions prior to requiring the non-TOE entity to initiate the identification and authentication process: • Display the warning banner in accordance with FTA_TAB.1; • [no other actions]. FIA_UIA_EXT.1.2 The TSF shall require each administrative user to be successfully identified and authenticated before allowing any other TSF-mediated actions on behalf of that administrative user. FIA_X509_EXT.1/Rev X.509 Certificate Validation FIA_X509_EXT.1.1/Rev The TSF shall validate certificates in accordance with the following rules: • RFC 5280 certificate validation and certificate path validation supporting a minimum path length of three certificates. • The certification path must terminate with a trusted CA certificate designated as a trust anchor. • The TSF shall validate a certification path by ensuring that all CA certificates in the certification path contain the basicConstraints extension with the CA flag set to TRUE. • The TSF shall validate the revocation status of the certificate using [the Online Certificate Status Protocol (OCSP) as specified in RFC 6960]. • The TSF shall validate the extendedKeyUsage field according to the following rules: o Certificates used for trusted updates and executable code integrity verification shall have the Code Signing purpose (id-kp 3 with OID 1.3.6.1.5.5.7.3.3) in the extendedKeyUsage field. o Server certificates presented for TLS shall have the Server Authentication purpose (id-kp 1 with OID 1.3.6.1.5.5.7.3.1) in the extendedKeyUsage field. Security Target Forescout 37 | P a g e o Client certificates presented for TLS shall have the Client Authentication purpose (id-kp 2 with OID 1.3.6.1.5.5.7.3.2) in the extendedKeyUsage field. o OCSP certificates presented for OCSP responses shall have the OCSP Signing purpose (id-kp 9 with OID 1.3.6.1.5.5.7.3.9) in the extendedKeyUsage field. FIA_X509_EXT.1.2/Rev The TSF shall only treat a certificate as a CA certificate if the basicConstraints extension is present and the CA flag is set to TRUE. FIA_X509_EXT.2 X.509 Certificate Authentication FIA_X509_EXT.2.1 The TSF shall use X.509v3 certificates as defined by RFC 5280 to support authentication for [TLS], and [no additional uses]. FIA_X509_EXT.2.2 When the TSF cannot establish a connection to determine the validity of a certificate, the TSF shall [not accept the certificate]. FIA_X509_EXT.3 X.509 Certificate Requests FIA_X509_EXT.3.1 The TSF shall generate a Certificate Request as specified by RFC 2986 and be able to provide the following information in the request: public key and [Common Name]. FIA_X509_EXT.3.2 The TSF shall validate the chain of certificates from the Root CA upon receiving the CA Certificate Response. Class FMT: Security Management FMT_MOF.1/ManualUpdate Management of security functions behavior FMT_MOF.1.1/ManualUpdate The TSF shall restrict the ability to enable the functions to perform manual updates to Security Administrators. FMT_MTD.1/CoreData Management of TSF Data FMT_MTD.1.1/CoreData The TSF shall restrict the ability to manage the TSF data to Security Administrators. FMT_SMF.1 Specification of Management Functions Security Target Forescout 38 | P a g e FMT_SMF.1.14 The TSF shall be capable of performing the following management functions: • Ability to administer the TOE locally and remotely; • Ability to configure the access banner; • Ability to configure the session inactivity time before session termination or locking; • Ability to update the TOE, and to verify the updates using [digital signature] capability prior to installing those updates; • Ability to configure the authentication failure parameters for FIA_AFL.1; • [ o Ability to configure thresholds for SSH rekeying; o Ability to modify the behaviour of the transmission of audit data to an external IT entity o Ability to re-enable an Administrator account; o Ability to set the time which is used for time-stamps; o Ability to manage the trusted public keys database; o Ability to manage the TOE's trust store and designate X509.v3 certificates as trust anchors; ]. FMT_SMR.2 Restrictions on Security Roles FMT_SMR.2.1 The TSF shall maintain the roles: • Security Administrator. FMT_SMR.2.2 The TSF shall be able to associate users with roles. FMT_SMR.2.3 The TSF shall ensure that the conditions: • The Security Administrator role shall be able to administer the TOE locally; • The Security Administrator role shall be able to administer the TOE remotely are satisfied. Class FPT: Protection of the TSF FPT_APW_EXT.1 Protection of Administrator Passwords FPT_APW_EXT.1.1 The TSF shall store passwords in non-plaintext form. FPT_APW_EXT.1.2 The TSF shall prevent the reading of plaintext passwords. 4 TD0631 Security Target Forescout 39 | P a g e FPT_SKP_EXT.1 Protection of TSF Data (for reading of all symmetric keys) FPT_SKP_EXT.1.1 The TSF shall prevent reading of all pre-shared keys, symmetric keys, and private keys. FPT_STM_EXT.1 Reliable Time Stamps FPT_STM_EXT.1.1 The TSF shall be able to provide reliable time stamps for its own use. FPT_STM_EXT.1.2 The TSF shall [allow the Security Administrator to set the time]. FPT_TST_EXT.1 TSF Testing FPT_TST_EXT.1.1 The TSF shall run a suite of the following self-tests [during initial start-up (on power on), at the request of the authorised user] to demonstrate the correct operation of the TSF: [Specifically defined in Table 18]. # Validation Component 1. HMAC + Built-in Crypto Self-test Kernel 2. Built-in RPM Verification Core OS and packages (including OpenSSH) 3. HMAC verified against fipshmac Fipscheck utility 4. Fipscheck (including OpenSSL self-check) Crypto: OpenSSL 5. Built-in RPM Verification OpenSSL rpm package 6. Built-in crypto package self-test (KAT) Crypto: Bouncy Castle 7. SHA-256 verified against last known or stored hash. Core Platform and plugin installation packages and extracted files. 8. Running kernel version compared to version defined in grub; System current state vs system configuration Table 18: Self-Test List FPT_TUD_EXT.1 Trusted Update FPT_TUD_EXT.1.1 The TSF shall provide Security Administrators the ability to query the currently executing version of the TOE firmware/software and [no other TOE firmware/software version]. FPT_TUD_EXT.1.2 The TSF shall provide Security Administrators the ability to manually initiate updates to TOE firmware/software and [no other update mechanism]. FPT_TUD_EXT.1.3 The TSF shall provide means to authenticate firmware/software updates to the TOE using a [digital signature] prior to installing those updates. Security Target Forescout 40 | P a g e Class FTA: TOE Access FTA_SSL_EXT.1 TSF-initiated Session Locking FTA_SSL_EXT.1.1 The TSF shall, for local interactive sessions, [ • terminate the session] after a Security Administrator-specified time period of inactivity. FTA_SSL.3 TSF-initiated Termination FTA_SSL.3.1 The TSF shall terminate a remote interactive session after a Security Administrator-configurable time interval of session inactivity. FTA_SSL.4 User-initiated Termination FTA_SSL.4.1 The TSF shall allow Administrator-initiated termination of the Administrator’s own interactive session. FTA_TAB.1 Default TOE Access Banner FTA_TAB.1.1 Before establishing an administrative user session the TSF shall display a Security Administrator- specified advisory notice and consent warning message regarding use of the TOE. Class FTP: Trusted Path/Channels FTP_ITC.1 Inter-TSF trusted channel FTP_ITC.1.1 The TSF shall be capable of using [TLS] to provide a trusted communication channel between itself and authorized IT entities supporting the following capabilities: audit server, [authentication server] that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data. FTP_ITC.1.2 The TSF shall permit the TSF, or the authorized IT entities to initiate communication via the trusted channel. FTP_ITC.1.3 Security Target Forescout 41 | P a g e The TSF shall initiate communication via the trusted channel for [export audit, authentication decision]. FTP_TRP.1/Admin Trusted Path FTP_TRP.1.1/Admin The TSF shall be capable of using [SSH, TLS] to provide a communication path between itself and authorized remote Administrators that is logically distinct from other communication paths and provides assured identification of its end points and protection of the communicated data from disclosure and provides detection of modification of the channel data. FTP_TRP.1.2/Admin The TSF shall permit remote Administrators to initiate communication via the trusted path. FTP_TRP.1.3/Admin The TSF shall require the use of the trusted path for initial Administrator authentication and all remote administration actions. 6.4 Statement of Security Functional Requirements Consistency The Security Functional Requirements included in the ST represent all required SFRs specified in the PPs against which exact conformance is claimed and a subset of the optional SFRs. All hierarchical relationships, dependencies, and unfulfilled dependency rationales in the ST are considered to be identical to those that are defined in the claimed PP. Security Target Forescout 42 | P a g e 7 Security Assurance Requirements This section identifies the Security Assurance Requirements (SARs) that are claimed for the TOE. The SARs which are claimed are in exact conformance with the NDcPP. Security Target (ASE) ST introduction (ASE_INT.1) Conformance claims (ASE_CCL.1) Security Problem Definition (ASE_SPD.1) Security objectives for the operational environment (ASE_OBJ.1) Extended components definition (ASE_ECD.1) Stated security requirements (ASE_REQ.1) TOE summary specification (ASE_TSS.1) Development (ADV) Basic functional specification (ADV_FSP.1) Guidance Documents (AGD) Operational user guidance (AGD_OPE.1) Preparative procedures (AGD_PRE.1) Life Cycle Support (ALC) Labelling of the TOE (ALC_CMC.1) TOE CM coverage (ALC_CMS.1) Tests (ATE) Independent testing – conformance (ATE_IND.1) Vulnerability Assessment (AVA) Vulnerability survey (AVA_VAN.1) 7.1 Class ASE: Security Target evaluation ST introduction (ASE_INT.1) Developer action elements: ASE_INT.1.1D The developer shall provide an ST introduction. Content and presentation elements: ASE_INT.1.1C The ST introduction shall contain an ST reference, a TOE reference, a TOE overview and a TOE description. ASE_INT.1.2C The ST reference shall uniquely identify the ST. ASE_INT.1.3C The TOE reference shall uniquely identify the TOE. Security Target Forescout 43 | P a g e ASE_INT.1.4C The TOE overview shall summarise the usage and major security features of the TOE. ASE_INT.1.5C The TOE overview shall identify the TOE type. ASE_INT.1.6C The TOE overview shall identify any non-TOE hardware/software/firmware required by the TOE. ASE_INT.1.7C The TOE description shall describe the physical scope of the TOE. ASE_INT.1.8C The TOE description shall describe the logical scope of the TOE. Evaluator action elements: ASE_INT.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ASE_INT.1.2E The evaluator shall confirm that the TOE reference, the TOE overview, and the TOE description are consistent with each other. Conformance claims (ASE_CCL.1) Developer action elements: ASE_CCL.1.1D The developer shall provide a conformance claim. ASE_CCL.1.2D The developer shall provide a conformance claim rationale Content and presentation elements: ASE_CCL.1.1C The conformance claim shall contain a CC conformance claim that identifies the version of the CC to which the ST and the TOE claim conformance. ASE_CCL.1.2C The CC conformance claim shall describe the conformance of the ST to CC Part 2 as either CC Part 2 conformant or CC Part 2 extended. Security Target Forescout 44 | P a g e ASE_CCL.1.3C The CC conformance claim shall describe the conformance of the ST to CC Part 3 as either CC Part 3 conformant or CC Part 3 extended. ASE_CCL.1.4C The CC conformance claim shall be consistent with the extended components definition. ASE_CCL.1.5C The conformance claim shall identify all PPs and security requirement packages to which the ST claims conformance. ASE_CCL.1.6C The conformance claim shall describe any conformance of the ST to a package as either package- conformant or package-augmented. ASE_CCL.1.7C The conformance claim rationale shall demonstrate that the TOE type is consistent with the TOE type in the PPs for which conformance is being claimed. ASE_CCL.1.8C The conformance claim rationale shall demonstrate that the statement of the security problem definition is consistent with the statement of the security problem definition in the PPs for which conformance is being claimed. ASE_CCL.1.9C The conformance claim rationale shall demonstrate that the statement of security objectives is consistent with the statement of security objectives in the PPs for which conformance is being claimed. ASE_CCL.1.10C The conformance claim rationale shall demonstrate that the statement of security requirements is consistent with the statement of security requirements in the PPs for which conformance is being claimed. Evaluator action elements: ASE_CCL.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Security problem definition (ASE_SPD) Developer action elements: ASE_SPD.1.1D The developer shall provide a security problem definition. Security Target Forescout 45 | P a g e Content and presentation elements: ASE_SPD.1.1C The security problem definition shall describe the threats. ASE_SPD.1.2C All threats shall be described in terms of a threat agent, an asset, and an adverse action. ASE_SPD.1.3C The security problem definition shall describe the OSPs. ASE_SPD.1.4C The security problem definition shall describe the assumptions about the operational environment of the TOE. Evaluator action elements: ASE_SPD.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Security objectives for the operational environment (ASE_OBJ.1) Developer action elements: ASE_OBJ.1.1D The developer shall provide a statement of security objectives. Content and presentation elements: ASE_OBJ.1.1C The statement of security objectives shall describe the security objectives for the operational environment. Evaluator action elements: ASE_OBJ.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Extended components definition (ASE_ECD.1) Developer action elements: ASE_ECD.1.1D Security Target Forescout 46 | P a g e The developer shall provide a statement of security requirements. ASE_ECD.1.2D The developer shall provide an extended components definition. Content and presentation elements: ASE_ECD.1.1C The statement of security requirements shall identify all extended security requirements. ASE_ECD.1.2C The extended components definition shall define an extended component for each extended security requirement. ASE_ECD.1.3C The extended components definition shall describe how each extended component is related to the existing CC components, families, and classes. ASE_ECD.1.4C The extended components definition shall use the existing CC components, families, classes, and methodology as a model for presentation. ASE_ECD.1.5C The extended components shall consist of measurable and objective elements such that conformance or nonconformance to these elements can be demonstrated. Evaluator action elements: ASE_ECD.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ASE_ECD.1.2E The evaluator shall confirm that no extended component can be clearly expressed using existing components. Stated security requirements (ASE_REQ.1) Developer action elements: ASE_REQ.1.1D The developer shall provide a statement of security requirements. ASE_REQ.1.2D The developer shall provide a security requirements rationale. Security Target Forescout 47 | P a g e Content and presentation elements: ASE_REQ.1.1C The statement of security requirements shall describe the SFRs and the SARs. ASE_REQ.1.2C All subjects, objects, operations, security attributes, external entities and other terms that are used in the SFRs and the SARs shall be defined. ASE_REQ.1.3C The statement of security requirements shall identify all operations on the security requirements. ASE_REQ.1.4C All operations shall be performed correctly. ASE_REQ.1.5C Each dependency of the security requirements shall either be satisfied, or the security requirements rationale shall justify the dependency not being satisfied. ASE_REQ.1.6C The statement of security requirements shall be internally consistent. Evaluator action elements: ASE_REQ.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. TOE summary specification (ASE_TSS.1) Developer action elements: ASE_TSS.1.1D The developer shall provide a TOE summary specification. Content and presentation elements: ASE_TSS.1.1C The TOE summary specification shall describe how the TOE meets each SFR. In the case of entropy analysis, the TSS is used in conjunction with required supplementary information on Entropy. Evaluator action elements: ASE_TSS.1.1E Security Target Forescout 48 | P a g e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ASE_TSS.1.2E The evaluator shall confirm that the TOE summary specification is consistent with the TOE overview and the TOE description. 7.2 Class ADV: Development Basic Functional Specification (ADV_FSP.1) Developer action elements: ADV_FSP.1.1D The developer shall provide a functional specification. ADV_FSP.1.2D The developer shall provide a tracing from the functional specification to the SFRs. Content and presentation elements: ADV_FSP.1.1C The functional specification shall describe the purpose and method of use for each SFR-enforcing and SFR-supporting TSFI. ADV_FSP.1.2C The functional specification shall identify all parameters associated with each SFR-enforcing and SFR- supporting TSFI. ADV_FSP.1.3C The functional specification shall provide rationale for the implicit categorization of interfaces as SFR- non-interfering. ADV_FSP.1.4C The tracing shall demonstrate that the SFRs trace to TSFIs in the functional specification. Evaluator action elements: ADV_ FSP.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ADV_ FSP.1.2E The evaluator shall determine that the functional specification is an accurate and complete instantiation of the SFRs. Security Target Forescout 49 | P a g e 7.3 Class AGD: Guidance Documentation Operational User Guidance (AGD_OPE.1) Developer action elements: AGD_OPE.1.1D The developer shall provide operational user guidance. Content and presentation elements: AGD_OPE.1.1C The operational user guidance shall describe, for each user role, the user-accessible functions and privileges that should be controlled in a secure processing environment, including appropriate warnings. AGD_OPE.1.2C The operational user guidance shall describe, for each user role, how to use the available interfaces provided by the TOE in a secure manner. AGD_OPE.1.3C The operational user guidance shall describe, for each user role, the available functions and interfaces, in particular all security parameters under the control of the user, indicating secure values as appropriate. AGD_OPE.1.4C The operational user guidance shall, for each user role, clearly present each type of security-relevant event relative to the user-accessible functions that need to be performed, including changing the security characteristics of entities under the control of the TSF. AGD_OPE.1.5C The operational user guidance shall identify all possible modes of operation of the TOE (including operation following failure or operational error), their consequences and implications for maintaining secure operation. AGD_OPE.1.6C The operational user guidance shall, for each user role, describe the security measures to be followed in order to fulfill the security objectives for the operational environment as described in the ST. AGD_OPE.1.7C The operational user guidance shall be clear and reasonable. Evaluator action elements: AGD_OPE.1.1E Security Target Forescout 50 | P a g e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. Preparative Procedures (AGD_PRE.1) Developer action elements: AGD_PRE.1.1D The developer shall provide the TOE including its preparative procedures. Content and presentation elements: AGD_ PRE.1.1C The preparative procedures shall describe all the steps necessary for secure acceptance of the delivered TOE in accordance with the developer's delivery procedures. AGD_ PRE.1.2C The preparative procedures shall describe all the steps necessary for secure installation of the TOE and for the secure preparation of the operational environment in accordance with the security objectives for the operational environment as described in the ST. Evaluator action elements: AGD_ PRE.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AGD_ PRE.1.2E The evaluator shall apply the preparative procedures to confirm that the TOE can be prepared securely for operation. 7.4 Class ALC: Life Cycle Support Labeling of the TOE (ALC_CMC.1) Developer action elements: ALC_CMC.1.1D The developer shall provide the TOE and a reference for the TOE. Content and presentation elements: ALC_CMC.1.1C The TOE shall be labeled with its unique reference. Security Target Forescout 51 | P a g e Evaluator action elements: ALC_CMC.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. TOE CM Coverage (ALC_CMS.1) Developer action elements: ALC_CMS.1.1D The developer shall provide a configuration list for the TOE. Content and presentation elements: ALC_CMS.1.1C The configuration list shall include the following: the TOE itself; and the evaluation evidence required by the SARs. ALC_CMS.1.2C The configuration list shall uniquely identify the configuration items. Evaluator action elements: ALC_CMS.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 7.5 Class ATE: Tests Independent Testing - Conformance (ATE_IND.1) Developer action elements: ATE_IND.1.1D The developer shall provide the TOE for testing. Content and presentation elements: ATE_IND.1.1C The TOE shall be suitable for testing. Evaluator action elements: ATE_IND.1.1E Security Target Forescout 52 | P a g e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ATE_IND.1.2E The evaluator shall test a subset of the TSF to confirm that the TSF operates as specified. 7.6 Class AVA: Vulnerability Assessment Vulnerability Survey (AVA_VAN.1) Developer action elements: AVA_VAN.1.1D The developer shall provide the TOE for testing. Content and presentation elements: AVA_VAN.1.1C The TOE shall be suitable for testing. Evaluator action elements: AVA_VAN.1.1E The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AVA_VAN.1.2E The evaluator shall perform a search of public domain sources to identify potential vulnerabilities in the TOE. AVA_VAN.1.3E The evaluator shall conduct penetration testing, based on the identified potential vulnerabilities, to determine that the TOE is resistant to attacks performed by an attacker possessing Basic attack potential. Security Target Forescout 53 | P a g e 8 TOE Summary Specification The following sections identify the security functions of the TOE and describe how the TSF meets each claimed SFR. They include Security Audit, Cryptographic Support, Identification and Authentication, Security Management, Protection of the TSF, TOE Access and Trusted Path/Channels. 8.1 Security Audit FAU_GEN.1 and FAU GEN.2 The TOE has the mechanisms to automatically generate audit records based on the behavior that occurs within the TSF. The TOE generates audit records for all administrative functions including Login/Logout, security related changes, resetting of passwords, and certificate management. Additionally, Table 17 identifies the audit records that are inclusive to the PP evaluation scoping. The TOE records the date and time, type of event, subject identity (identity of the user associated with each audited event that occurred due to a user action), and the outcome in the audit record. The TOE associates each auditable event with the identity of the user that caused the event. For a full list of the audit events samples that are generated by the TOE, please refer to the Supplemental Administrative Guidance Document (AGD). The TOE application layer maintains two separate log files in an internal database to record all the records needed to satisfy this requirement as scoped by the PP. The host OS also maintains an audit log (OS log) that is stored locally on the hard drive. All OS log records are incorporated into the appropriate application layer logs based on the type of event. The two application layer logs are as follows: • User Audit Trail The User Audit Trail records information concerning TOE user activity for both CLI (OS log) and Console interface, for example: administrative changes to the security configuration of the TOE or updated/resetting of user passwords. The logs give additional information about the activity, such as the date of the activity and the IP address from which it was carried out. • System Event Log The System Event Log records information about system activity, for example: successful and failed administrator authentication attempts, startup and shutdown of TOE or services, cryptographic key generation and destruction, and OS events. The startup and shutdown of the TOE’s audit functionality is synonymous with the startup and shutdown of the TOE. The following is an example audit record for the Generating/import of, changing, or deleting of cryptographic keys (Timestamp, User: Admin, Event: Change Configuration with details: Fingerprint of certificate, Issued to, Issued by, Purpose/Use of certificate). Generating/import of, changing, or deleting of cryptographic keys Feb 7 09:08:07 FS3 FS3[17471]: User admin changed Configuration. Details: Change trusted certificates configuration definition to Added Fingerprint 'c4650e925d4334c895f3bd163884886a9d9d0116', Issued To 'intermediate02.cctl.com', Issued By 'Intermediate01.cctl.com', enabled, Trusted By 'All' on 'All' Security Target Forescout 54 | P a g e FAU_STG_EXT.1 The TSF provides the ability for an administrator to enable/disable the near real-time forwarding of the audit trail to an external audit server in the operational environment. The forwarding of the audit trail to an audit server is mandated for compliance to the NDcPP. Once enabled, the generated audit is first saved locally in the internal database and then the TOE will securely transmit audit data to the Operational Environment audit server without administrator intervention via a TLS channel. During a connection outage to the audit server, the TOE continues to save audit locally. Once the connection to the audit server is re- established, the TOE automatically starts forwarding new audit records. The TOE does not forward the records created during the outage. This is a standalone TOE that is responsible for storing and sending its own generated audit records. Application layer audit events are stored in the TOE database (DB). The TOE runs an automatic DB purge function to prevent audit logs from filling up the internal database and hard drive to capacity. The DB, as part of the installation, determines a maximum size based on hard drive availability. This predefined and configurable threshold is used to trigger the DB purge function. The DB purge function is initiated when 75 percent of this predefined and configurable threshold is exceeded. When the DB threshold is exceeded, the DB purge function deletes entries in a FIFO (oldest events deleted first) fashion. The DB purge function causes an audit event to be sent by the TOE. The TOE also takes into consideration the storage needed for the OS log files when preventing the hard drive being filled to capacity. The TOE enforces a maximum size of 50MB for the OS log file and 5 OS log files (5 = 1 current plus 4 historical) saved at the OS level. When the OS log file reaches the maximum size, the log file is closed and renamed sequentially (i.e. audit.log.1, audit.log.2). Therefore, with 5 audit logs and a maximum file size of 50MB each, this would result in 5*50MB= 250MB of total audit space required for the OS logs. Once the number of log files reaches its configured maximum amount, the oldest log file is automatically deleted, and the remaining log files roll over in order to allow the new file to be created for the new audit records. The TOE provides a means to review all of the audit records via the Console interface. The TOE does not provide a means for any user to manually delete or manipulate the audit logs stored at the OS level or those in the internal DB. The management interfaces (Console or CLI) do not allow the audit records to be modified or deleted. The audit functionality starts automatically with the TOE and cannot be disabled by any means. 8.2 Cryptographic Support The TOE implements two different cryptographic libraries: OpenSSL and Bouncy Castle. Both libraries include algorithms that are certified under the following consolidated CAVP certificates: a) OpenSSL FIPS library under CAVP Certificate # C1887 and A1941 b) BC-FJA (Bouncy Castle FIPS Java API) Software Version 1.0.2 under CAVP Certificate # C1888 and A1959 The following tables contain the CAVP algorithm certificates for the two cryptographic libraries implemented in the TOE: Security Target Forescout 55 | P a g e SFR Algorithm/Protocol OpenSSL CAVP Cert # FCS_CKM.1 RSA per FIPS 186-4 Key Generation C1887 and A1941 FFC using Diffie-Hellman group 14, per RFC 3526 Section 3 N/A FCS_CKM.2 RSA Key Establishment per RSAES-PKCS-v1_5 Vendor Affirmation Diffie-Hellman group 14 Key Establishment RFC 3526 Section 3 N/A FCS_COP.1/DataEncryption AES CTR 128 and 256 bits AES CBC 128 and 256 bits AES GCM 128 and 256 bits C1887 and A1941 FCS_COP.1/SigGen RSA FIPS 186-4 Signature Services 2048 bits C1887 and A1941 FCS_COP.1/Hash SHA-1, SHA-256, SHA-384, and SHA-512 C1887 and A1941 FCS_COP.1/KeyedHash HMAC-SHA-1, HMAC-SHA-256, HMAC-384, HMAC-SHA-512 C1887 and A1941 FCS_RBG_EXT.1 CTR DRBG C1887 and A1941 Table 19: Cryptographic Algorithm Table for OpenSSL Table 20: Cryptographic Algorithm Table for Bouncy Castle FCS_CKM.1 OpenSSL provides the key generation services for RSA certificate creation. Bouncy Castle is not used for certificate creation. The TOE implements a FIPS PUB 186-4 conformant RSA key generation mechanism for establishing TLS connections. Specifically, the TOE’s implementation of RSA key generation complies with FIPS 186-4 (Digital Signature Standard (DSS) Appendix B.3) supporting a 2048-bit key size. See Tables 19 & 20 Cryptographic Algorithm Table for certification numbers. In addition, the TOE implements FFC schemes using Diffie-Hellman group 14 that meets RFC 3526, Section 3 for SSH communications. This is used to generate the keys of size 2048 bits for diffie-hellman- group14-sha1. DH group 14 support is only provided by OpenSSL. FCS_CKM.2 The TOE implements RSA key establishment, conformant to RSAES-PKCS1-v1_5 in support of the TOE’s client and server services (FCS_TLSC_EXT.1 and FCS_TLSS_EXT.1). The TOE complies with section 7.2 of RFC 3447, “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications SFR Algorithm/Protocol Forescout CAVP Cert # FCS_CKM.1 RSA FIPS 186-4 Key Generation N/A FCS_CKM.2 RSA Key Establishment RSAES-PKCS-v1_5 Vendor Affirmation FCS_COP.1/DataEncryption AES CBC 128 and 256 bits AES GCM 256 bits C1888 and A1959 FCS_COP.1/SigGen RSA FIPS 186-4 Signature Generation and Signature Verification 2048 bits C1888 and A1959 FCS_COP.1/Hash SHA-1, SHA-256 and SHA-384 C1888 and A1959 FCS_COP.1/KeyedHash HMAC-SHA-1, HMAC-SHA-256, HMAC-384 C1888 and A1959 FCS_RBG_EXT.1 Hash DRBG C1888 and A1959 Security Target Forescout 56 | P a g e Version 2.1 and all subsections regarding RSA key pair generation and key establishment in RSAES- PKCS1-v1_5. The TOE uses OpenSSL to generate RSA key pairs with a modulus of at least 2048 bits which has an equivalent key strength of 112 bits. The RSA key establishment is used for TLS communications for remote administration using the Console, exporting audit data to the audit server, and authentication requests to external authentication server. Below is a table that summarizes which cryptographic library is supporting which claimed interface. OE Component Definition of Communication (protocol, client/server, cryptographic service) Management Workstation Communications are secured using TLS where the TOE is the Server. TOE crypto required to support interface E3 as defined in Figure 1 above. RSA Key Generation Cryptographic services for certificate creation: OpenSSL RSA Key Establishment and encryption services for TLS: Bouncy Castle Communications are secured using SSH where the TOE is the Server TOE crypto required to support interface E2 as defined in Figure 1 above. Key Generation Cryptographic services: OpenSSL Diffie-Helman Group 14 Key establishment and encryption services for SSH: OpenSSL Active Directory Server Communications are secured using TLS where the TOE is the client. TOE crypto required to support interface E6 as defined in Figure 1 above. RSA Key Generation Cryptographic services: OpenSSL RSA Key establishment and encryption services for TLS: OpenSSL Audit Server Communications are secured using TLS where the TOE is the client. TOE crypto required to support interface E7 as defined in Figure 1 above. RSA Generation Cryptographic services: OpenSSL RSA Key establishment and encryption services for TLS: OpenSSL Table 21: Identification of Cryptographic Services Supporting Secured Communication Channel In addition, the TOE implements a key establishment scheme using “safe-prime” Diffie-Hellman group 14 that meets NIST SP800-56A Revision 3 and RFC 3526 in support of the TOE SSH Server services (FCS_SSHS_EXT.1). DH group 14 support is provided by OpenSSL. The TSF uses Diffie-Hellman- group14-SHA1 and is used for SSH communication establishment in support of remote CLI administration. The Diffie-Hellman group 14 is implemented by using the KexAlgorithms parameter as specified in RFC 3526 Section 3. SSH is also forced to only work with DH group 14. This is hardcoded with no ability for an administrator to modify the settings. FCS_CKM.4 The following table describes what keys were used, where they are stored, and also how they are destroyed. There are no known instances where key destruction does not happen as defined. Name Origin Store Zeroization / Destruction Diffie-Hellman Shared Secret SSH Server / client applications RAM Destroyed by a single direct overwrite consisting of zeroes (0x00)*. After overwriting, the TSF reads the memory to verify the key has been destroyed. If the read-verify fails, the process is repeated. The key is zeroized immediately after it is no longer needed and when the TOE is Security Target Forescout 57 | P a g e Name Origin Store Zeroization / Destruction shutdown or reinitialized. Automatically zeroized after DH exchange. Diffie-Hellman private exponent SSH Server / client applications RAM Destroyed by a single direct overwrite consisting of zeroes (0x00)*. After overwriting, the TSF reads the memory to verify the key has been destroyed. If the read-verify fails, the process is repeated. The key is zeroized immediately after it is no longer needed and when the TOE is shutdown or reinitialized. Automatically zeroized after DH exchange SSH session key SSH Server / client applications RAM Destroyed by a single direct overwrite consisting of zeroes (0x00)*. After overwriting, the TSF reads the memory to verify the key has been destroyed. If the read-verify fails, the process is repeated. The key is zeroized immediately after it is no longer needed and when the TOE is shutdown or reinitialized. Automatic zeroized after SSH session is terminated. SSH Server Host Private Key Generated on platform during initial setup of device. Filesystem Filesystem: Generation of a new key will only be accomplished during a reinstallation of the product where all files would be overwritten which would in effect also destroy the abstraction that represented the key. TLS Server Host Certificate Private Key Generated on platform (OpenSSL) during initial setup or imported after installation. OpenSSL TLS Communications for audit server and AD Bouncy Castle TLS Communication for Console RAM and Filesystem RAM: The Server Certificate’s private key is destroyed by a single direct overwrite consisting of zeroes (0x00)*. After overwriting, the TSF reads the memory to verify the key has been destroyed. If the read-verify fails, the process is repeated. The key is zeroized immediately after it is no longer needed and when the TOE is shutdown or reinitialized. Filesystem: Private key is deleted when generation of a new certificate are imported or when certificates are removed. The TOE will invoke an interface, provided by a part of the TSF, that instructs a the TSF to destroy the abstraction that represents the key (i.e. delete the resource). Table 22: Crypto key destruction table *OPENSSL_cleanse() and Bouncy Castle: JVM garbage collection APIs that perform zeroization FCS_COP.1/DataEncryption The TOE performs encryption and decryption using the AES algorithm in CTR, CBC, and GCM modes with key sizes of 128 and 256 bits. The AES algorithm meets ISO 18033-3, CTR and CBC meet ISO 10116 Security Target Forescout 58 | P a g e and GCM meets ISO 19772. The TOE’s AES implementation is validated under CAVP. See Tables 19 & 20 Cryptographic Algorithm Table for certification numbers. • OpenSSL supports: o TLS communication: AES-CBC-128, AES-CBC-256, AES-GCM-256 o SSH communication: AES-CTR-128, AES-CTR-256, AES-GCM-128, AES-GCM-256 o CTR DRBG: AES-CTR-256 • Bouncy Castle supports: o TLS communication: AES-CBC-128, AES-CBC-256, AES-GCM-256. FCS_COP.1/SigGen The TOE performs digital signature services generation and verification in accordance with RSA Digital Signature Algorithm (rDSA) with key sizes (modulus) 2048 bits. The RSA schemes are in accordance with FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section 5.5, using PKCS #1 v2.1 Signature Schemes RSASSA-PSS and/or RSASSA-PKCS1v1_5; ISO/IEC 9796-2, Digital signature scheme 2 or Digital Signature scheme 3. The TOE’s RSA implementation is validated under CAVP. See Tables 19 & 20 Cryptographic Algorithm Table for certification numbers. This is applicable to both cryptographic libraries being implemented. FCS_COP.1/Hash The TOE provides cryptographic hashing services using SHA-1, SHA-256, SHA-384, and SHA-512* as specified in ISO/IEC 10118-3:2004 (FIPS PUB 180-4). The TOE’s SHS implementation is validated under CAVP. See Tables 19 & 20 Cryptographic Algorithm Table for certification numbers. This is applicable to both cryptographic libraries being implemented. The hashing function is used to support password hashing of all passwords stored on the TOE (FPT_APW_EXT.1), Trusted updates digital signature verification (FPT_TUD_EXT.1), and TSF self-testing hash value check verification (FPT_TST_EXT.1). *Only OpenSSL provides the SHA-512 hashing support. Meaning: • OpenSSL supports: SHA-1, SHA-256, SHA-384, and SHA-512 • Bouncy Castle supports: SHA-1, SHA-256, and SHA-384 FCS_COP.1/KeyedHash The TOE provides keyed-hashing message authentication services that meet ISO/IEC 9797-2:2011 (FIPS PUB 198-1, and FIPS PUB 180-4), Section 7 “MAC Algorithm 2”. The TOE supports the following: • HMAC-SHA-1 [key-size: 160 bits, digest size: 160 bits, block size: 512 bits, MAC lengths: 160 bits] for SSH and TLS communication support • HMAC-SHA-256 [key-size: 256 bits, digest size: 256 bits, block size: 512 bits, MAC lengths: 256 bits] for SSH and TLS communication support • HMAC-SHA-384 [key-size: 384 bits, digest size: 384 bits, block size: 1024 bits, MAC lengths: 384 bits] for TLS communication support only • HMAC-SHA-512* [key-size: 512 bits, digest size: 512 bits, block size: 1024 bits, MAC lengths: 512 bits] for SSH communication support only Security Target Forescout 59 | P a g e The TOE’s HMAC implementation is validated under CAVP. See Tables 19 & 20 Cryptographic Algorithm Table for certification numbers. *Only OpenSSL provides HMAC-SHA-512 keyed-hashing message authentication. Meaning: • OpenSSL supports: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA- 512 • Bouncy Castle supports: HMAC-SHA-1, HMAC-SHA-256, and HMAC-SHA-384. FCS_RBG_EXT.1 The TOE implementation of Bouncy Castle uses a hash deterministic random bit generator (Hash_DRBG). The TOE implementation of OpenSSL uses a counter mode random be generator (CTR DRBG). Both DRBG used by the TOE are in accordance with ISO/IEC 18031:2011. There is no ability to specify the use of an alternative DRBG. The different TOE models uniformly provide four software-based noise-based entropy sources as described in the proprietary entropy specification. The amount of entropy that is collected is based on the function that the DRBG is being used for. In all cases, this amount is greater than or equal to the security strength of the data that is being output. For example, a 256-bit AES key generation operation will collect at least 256 bits of entropy before the DRBG is invoked. The largest AES key generation operation supported is 2048-bit. Both Bouncy Castle and OpenSSL collect entropy from /dev/random, which is a blocking entropy source. The /dev/random entropy pools are protected by being in kernel memory and are not accessible from user space. The entropy source is described in greater detail in the proprietary Entropy Assessment Report. The TOE relies on kernel modules to gather and output entropy for our random uses: • Interrupt events - the timestamp of the event, the IRQ number and interrupt flags are used • Disk events - the timestamp of a disk operation completion event is used • Keyboard event - the timestamp of a keyboard press/release event and the key code are used • CPU cycles event - the output of the 32-bit counter that measures CPU cycles The TOE’s DRBG implementation is validated under CAVP. See Tables 19 & 20 Cryptographic Algorithm Table for certification numbers. FCS_SSHS_EXT.1 The TOE acts as an SSHv2 server for remote CLI sessions that complies with RFCs 4251, 4252, 4253, 4254, 4256, 4344, and 6668. The TOE implementation of SSH supports public key-based and password- based user authentication. SSH is used for remote administrators to connect securely to the TOE for CLI connections. If a public key is presented for user authentication, the TOE will verify that the SSH client’s presented public key matches one that is stored within the SSH server’s authorized keys database. If the SSH client’s presented public key does not match a stored key on the TOE, the TOE will consider this a failed authentication attempt and the connection will not be established. In the case of password-based authentication attempt, the presented user credentials are verified using the TOE’s native authentication mechanism. If the presented user credentials cannot be verified, then the connection will not be established. The SSH implementation will detect all large packets greater than 32,768 bytes and drop accordingly. Additionally, the TSF enforces the connection to be rekeyed after no longer than one hour, and no more than one gigabyte of transmitted data, whichever threshold is reached first. The SSH rekey time and size Security Target Forescout 60 | P a g e threshold parameters are administratively configurable via the CLI. One hour and one gigabyte are the maximum settings allowed for the rekey threshold parameters in the evaluated configuration. The TOE’s implementation of SSHv2 only supports: • aes128-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com for its encryption algorithms • ssh-rsa as its only public key algorithm (user and host) • hmac-sha1, hmac-sha2-256, hmac-sha2-512, and implicit for data integrity • diffie-hellman-group14-sha1 for key exchange method in accordance with RFC 3526 Section 3 OpenSSL provides all cryptographic support required for SSH communication. FCS_TLSC_EXT.1 The TOE when acting as a TLS client will only support TLSv1.2 protocols to connect and secure the following trusted channels: • performing authentication requests with the AD Server, • audit data transfer Mutual authentication is not being claimed. Elliptic Curves are not supported. The following ciphersuites are used for the evaluated configuration: • TLS_RSA_WITH_AES_256_CBC_SHA as defined in RFC 3268 • TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246 • TLS_RSA_WITH_AES_256_CBC_SHA256 as defined in RFC 5246 • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288 The TOE will only establish a trusted channel if the peer certificate is valid. The TSF shall verify the presented identifier matches the reference identifier according to RFC 6125. The Common Name and Subject Alternative Name (DNS Name only) are the only reference identifiers in the certificate that are part of that validation. The TOE will only support a wildcard in the left-most label (e.g. *.example.com). All other usages of a wildcard will cause a failure in the connection. The TOE does not support URI, IP addresses, service name reference identifiers, or pinned certificates. OpenSSL provides the cryptographic support for key establishment and encryption for these TLS channels when TOE acts as client. FCS_TLSS_EXT.1 The TOE, when acting as a TLS server, will only support TLSv1.2 protocols to connect and secure the following trusted channels: • Console remotely connecting to the TOE for remote management The TOE will deny connections from a client requesting SSL 2.0, SSL 3.0, TLSv1.0, TLSv1.1 protocol versions. When the TOE receives a TLS connection request with the wrong (unsupported) version, it returns a Fatal Alert: Handshake failure message and terminates the connection. The following ciphersuites are used for the evaluated configuration: Security Target Forescout 61 | P a g e • TLS_RSA_WITH_AES_256_CBC_SHA as defined in RFC 3268 • TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246 • TLS_RSA_WITH_AES_256_CBC_SHA256 as defined in RFC 5246 • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288 Session resumption and Elliptic Curves are not supported. Mutual authentication is not being claimed. Bouncy Castle provides the cryptographic support for key establishment and encryption TLS channel when TOE acts as server. 8.3 Identification and Authentication FIA_AFL.1 The TSF provides a configurable counter for consecutive failed authentication attempts that will lock a user account when the failure counter threshold is reached. CLI user accounts are separate from Console user accounts, meaning a CLI user cannot log into the Console and vice versa. A valid login that happens prior to the failure counter reaching its threshold will reset the counter to zero. The Console Security Administrator configures the number of failed attempts lockout threshold through the Console. The threshold can be set to a minimum of 1 and maximum of 10 consecutive failed attempts and applies to both the CLI and Console users. The default setting is 3 consecutive failed attempts. The Console Security Administrator is also able to define a time period when locked Console accounts will automatically unlock. The default for this setting is 30 minutes for the Console. The lockout time period can be configured between 5-1000 minutes. For Console user accounts that are locked: A user with a locked account cannot login into the Console application until another Console Security Administrator manually unlocks the account via the Console or by a CLI Security Administrator. A locked Console user account can be manually unlocked by the Console Security Administrator by navigating to the “Tools” > “Options” > “CounterACT User Profiles” page in the Console, selecting the locked user account, and pressing the activated “Unlock” button. Additionally, a CLI Security Administrator may unlock a Console user account using the “fstool unlock_console_user ” command. The CLI Security Administrator is able to define a time period when a locked CLI account will automatically unlock. The default for this setting is 24 hours for the CLI users. The lockout time period can be configured between 1-1000 minutes using the “fstool set_property os.lockout.fail