VMware Workspace ONE Boxer Email Client 5.4 Security Target

2y ago
51 Views
2 Downloads
1.43 MB
68 Pages
Last View : Today
Last Download : 2m ago
Upload by : Pierre Damon
Transcription

VMware Workspace ONE Boxer EmailClient 5.4Security TargetST Version: 1.0June 13, 2019VMware1155 Perimeter Center WestSuite 100Atlanta, GA 30338Prepared By:Cyber Assurance Testing Laboratory1100 West St.Laurel, MD 20707

Security TargetVMware Workspace ONE Boxer Email ClientTable of Contents1Security Target Introduction . 51.1ST Reference . 5ST Identification . 5Document Organization . 5Terminology . 6Acronyms . 6Reference . 71.2TOE Reference. 81.3TOE Overview . 81.4TOE Type. 102 TOE Description . 112.1Evaluated Components of the TOE . 112.2Components and Applications in the Operational Environment . 112.3Excluded from the TOE . 11Not Installed . 12Installed but Requires a Separate License . 12Installed but Not Part of the TSF . 122.4Physical Boundary . 12Hardware . 12Software . 122.5Logical Boundary. 12Cryptographic Support . 13User Data Protection . 13Identification and Authentication. 13Security Management . 13Privacy . 13Protection of the TSF . 13Trusted Path/Channels . 143 Conformance Claims . 153.1CC Version. 153.2CC Part 2 Conformance Claims . 153.3CC Part 3 Conformance Claims . 153.4PP Claims . 153.5Package Claims . 153.6Package Name Conformant or Package Name Augmented . 153.7Conformance Claim Rationale . 153.8Technical Decisions . 164 Security Problem Definition . 194.1Threats. 194.2Organizational Security Policies . 194.3Assumptions. 194.4Security Objectives . 20TOE Security Objectives . 201 Page

Security Target5678VMware Workspace ONE Boxer Email ClientSecurity Objectives for the Operational Environment . 214.5Security Problem Definition Rationale . 21Extended Components Definition . 225.1Extended Security Functional Requirements . 225.2Extended Security Assurance Requirements . 22Security Functional Requirements . 236.1Conventions . 236.2Security Functional Requirements Summary. 236.3Security Functional Requirements . 25Class FCS: Cryptographic Support . 25Class FDP: User Data Protection . 32Class FIA: Identification and Authentication . 33Class FMT: Security Management . 35Class FPR: Privacy. 36Class FPT: Protection of the TSF . 36Class FTP: Trusted Path/Channels . 376.4Statement of Security Functional Requirements Consistency . 38Security Assurance Requirements . 397.1Class ASE: Security Target. 397.2Class ADV: Development . 39Basic Functional Specification (ADV FSP.1) . 397.3Class AGD: Guidance Documentation . 40Operational User Guidance (AGD OPE.1) . 40Preparative Procedures (AGD PRE.1) . 417.4Class ALC: Life Cycle Support . 41Labeling of the TOE (ALC CMC.1) . 41TOE CM Coverage (ALC CMS.1) . 42Timely Security Updates (ALC TSU EXT.1) . 427.5Class ATE: Tests. 43Independent Testing - Conformance (ATE IND.1) . 437.6Class AVA: Vulnerability Assessment . 44Vulnerability Survey (AVA VAN.1) . 44TOE Summary Specification . 458.1Cryptographic Support . 45[APP PP] FCS CKM EXT.1 and FCS CKM.1.1(1) . 47[APP PP] FCS CKM.2: . 47[EC EP] FCS CKM EXT.3: . 47[EC EP] FCS CKM EXT.4: . 47[EC EP] FCS CKM EXT.5: . 48[APP PP] FCS COP.1(1):. 48[APP PP] FCS COP.1(2):. 48[APP PP] FCS COP.1(3):. 49[APP PP] FCS COP.1(4):. 49[EC EP] FCS COP EXT.2: . 492 Page

Security TargetVMware Workspace ONE Boxer Email Client[EC EP] FCS IVG EXT.1: . 49[EC EP] FCS KYC EXT.1: . 49[APP PP] FCS RBG EXT.1 and [APP PP] FCS RBG EXT.2: . 50[EC EP] FCS SMIME EXT.1: . 51[APP PP] FCS STO EXT.1(1), [APP PP] FCS STO EXT.1 (2) & [APP PP]FCS STO EXT.1 (3) . 51[APP PP] FCS TLSC EXT.1(1) & [APP PP] FCS TLSC EXT.1(2): . 57[APP PP] FCS TLSC EXT.2: . 58[APP PP] FCS TLSC EXT.4: . 588.2User Data Protection . 58[APP PP] FDP DAR EXT.1:. 58[APP PP] FDP DEC EXT.1(1) & [APP PP] FDP DEC EXT.1(2): . 59[APP PP] FDP NET EXT.1: . 59[EC EP] FDP NOT EXT.1: . 60[EC EP] FDP SMIME EXT.1: . 608.3Identification and Authentication. 60[APP PP] FIA X509 EXT.1: . 60[APP PP] FIA X509 EXT.2: . 61[EC EP] FIA X509 EXT.3: . 618.4Security Management . 62[APP PP] FMT CFG EXT.1: . 62[APP PP] FMT MEC EXT.1: . 62[EC EP] FMT MOF EXT.1: . 62[APP PP] FMT SMF.1: . 628.5Privacy . 63[APP PP] FPR ANO EXT.1:. 638.6Protection of the TSF . 63[APP PP] FPT AEX EXT.1: . 63[EC EP] FPT AON EXT.1: . 63[APP PP] FPT API EXT.1: . 63[APP PP] FPT LIB EXT.1: . 64[APP PP] FPT TUD EXT.1: . 598.7Trusted Path/Channels . 59[APP PP] FTP DIT EXT.1(1) & [APP PP] FTP DIT EXT.1(2): . 59[EC EP] FTP ITC EXT.1: . 60Table of FiguresFigure 1: TOE Boundary . 93 Page

Security TargetVMware Workspace ONE Boxer Email ClientTable of TablesTable 1: Customer Specific Terminology . 6Table 2: CC Specific Terminology . 6Table 3: Acronym Definition . 7Table 4: Evaluated Components of the TOE . 11Table 5: Evaluated Components of the Operational Environment . 11Table 6: Technical Decisions . 18Table 7: TOE Threats. 19Table 8: TOE Assumptions . 20Table 9: TOE Objectives . 20Table 10: Operational Environment Objectives . 21Table 11a: iOS Security Functional Requirements for the TOE. 24Table 11b: Android Security Functional Requirements for the TOE . 25Table 12: OpenSSL CAVP Certificates . 45Table 13: Cryptographic Libraries . 47Table 14: Stored Android Credentials . 54Table 15: Stored iOS Credentials. 564 Page

Security TargetVMware Workspace ONE Boxer Email Client1 Security Target IntroductionThis chapter presents the Security Target (ST) identification information and an overview. An STcontains the Information Technology (IT) security requirements of an identified Target of Evaluation(TOE) and specifies the functional and assurance security measures offered by the TOE.1.1 ST ReferenceThis section provides information needed to identify and control this ST and its Target of Evaluation.ST IdentificationST Title:ST Version:ST Publication Date:ST Author:VMware Workspace ONE Boxer Email Client 5.4 Security Target1.0June 13, 2019Booz Allen HamiltonDocument OrganizationChapter 1 of this document provides identifying information for the ST and TOE as well as a briefdescription of the TOE and its associated TOE type.Chapter 2 describes the TOE in terms of its physical boundary, logical boundary, exclusions, anddependent Operational Environment components.Chapter 3 describes the conformance claims made by this ST.Chapter 4 describes the threats, assumptions, objectives, and organizational security policies that apply tothe TOE.Chapter 5 defines extended Security Functional Requirements (SFRs) and Security AssuranceRequirements (SARs).Chapter 6 describes the SFRs that are to be implemented by the TSF.Chapter 7 describes the SARs that will be used to evaluate the TOE.Chapter 8 provides the TOE Summary Specification, which describes how the SFRs that are defined forthe TOE are implemented by the TSF.5 Page

Security TargetVMware Workspace ONE Boxer Email ClientTerminologyThis section defines the terminology used throughout this ST. The terminology used throughout this ST isdefined in Table 1 and 2. These tables are to be used by the reader as a quick reference guide forterminology End UserDefinitionAn individual that has the ability to manage some aspect of mobile deviceconfiguration using the VMware Workspace ONE Unified Endpoint Management(UEM) console. UEM is a Mobile Device Management (MDM) product that contains aserver and an agent that resides on the mobile device.The class of TOE Administrators that provides the ability to deploy and manageinternal and public apps for managed devices.An individual who possesses a mobile device that is managed by VMware WorkspaceONE Unified Endpoint Management (UEM).Table 1: Customer Specific nistratorTrusted ChannelTrusted PathUserDefinitionThe claimed Protection Profile defines an Authorized Administrator role that isauthorized to manage the TOE and its data.Synonymous with Authorized Administrator.An encrypted connection between the TOE and a system in the OperationalEnvironment.An encrypted connection between the TOE and the application an AuthorizedAdministrator uses to manage it (web browser, terminal client, etc.).In a CC context, any individual who has the ability to manage TOE functions or data.Table 2: CC Specific TerminologyAcronymsThe acronyms used throughout this ST are defined in Table 3. This table is to be used by the reader as aquick reference guide for acronym DMNIAPOCSPOSPP6 PageDefinitionCertificate AuthorityCommon CriteriaCentral Processing UnitGraphical User InterfaceHypertext Transfer ProtocolHypertext Transfer Protocol Secure over a bidirectional TLS encrypted tunnelInternet ProtocolInformation TechnologyLightweight Directory Access ProtocolMobile Application StoreMobile Device ManagementNational Information Assurance PartnershipOnline Certificate Status ProtocolOperating SystemProtection Profile

Security TargetVMware Workspace ONE Boxer Email ClientSecurity Assurance RequirementSecurity Function PolicySecurity Functional RequirementSecure Sockets LayerSecurity TargetTransmission Control ProtocolTransport Layer SecurityTarget of EvaluationTOE Security FunctionUnified Endpoint ManagementTable 3: Acronym ] Protection Profile for Application Software, version 1.2 [APP PP][2] Application Software Extended Package for Email Clients version 2.0 [EC EP][3] Common Criteria for Information Technology Security Evaluation – Part 1: Introduction andgeneral model, dated April 2017, version 3.1, Revision 5, CCMB-2012-009-001[4] Common Criteria for Information Technology Security Evaluation – Part 2: Securityfunctional components, dated April 2017, version 3.1, Revision 5, CCMB-2012-009-002[5] Common Criteria for Information Technology Security Evaluation – Part 3: Securityassurance components, dated April 2017, version 3.1, Revision 5, CCMB-2012-009-003[6] Common Methodology for Information Technology Security Evaluation – EvaluationMethodology, dated April 2017, version 3.1, Revision 5, CCMB-2012-009-004 [CEM][7] NIST Special Publication 800-56B Recommendation for Pair-Wise Key EstablishmentSchemes Using Integer Factorization Cryptography, August 2009[8] NIST Special Publication 800-38A Recommendation for Block Cipher Modes of Operation,December 2001[9] FIPS PUB 140-2 Federal Information Processing Standards Publication SecurityRequirements for Cryptographic Modules May 25, 2001[10]FIPS PUB 180-3 Federal Information Processing Standards Publication Secure HashStandard (SHS) October 2008[11]FIPS PUB 180-4 Federal Information Processing Standards Publication Secure HashStandard (SHS) March 2012[12]FIPS PUB 186-4 Federal Information Processing Standards Publication Digital SignatureStandard July 2013[13]FIPS PUB 197 Advanced Encryption Standard November 26, 2001[14]FIPS PUB 198-1 Federal Information Processing Standards Publication The Keyed-HashMessage Authentication Code (HMAC) July 2008[15]Samsung Electronics Co., Ltd. Samsung Galaxy Devices on Android 8.0(MDFPP30/WLANCEP10) Security Target (VID10898)[16]Apple iOS 11 PP MD V3.0, EP MDM AGENT V3.0, & PP WLAN CLI EP SecurityTarget (VID10851)[17]VMware Workspace ONE Boxer Admin Guide – 1/15/2019[18]VMware Workspace ONE Boxer for Android User Guide – 2/10/2019[19]VMware Workspace ONE Boxer for iOS User Guide – 3/18/20197 Page

Security TargetVMware Workspace ONE Boxer Email Client1.2 TOE ReferenceThe TOE is the VMware Workspace ONE Boxer Email Client version 5.41.3 TOE OverviewThe TOE is the VMware Workspace ONE Boxer Email Client product referred to as Boxer or TOE fromthis point forward. Boxer is an email client application software product that is installed on a mobiledevice platform. The Boxer application containerizes enterprise data from personal data that resides onthe user’s mobile device. Boxer supports the use of Exchange, Office 365, Outlook, Gmail, Yahoo andCloud email services. Enterprise management support only applies to the use of Exchange.In the evaluated configuration, the TOE is installed on a mobile device running iOS 11 (VID10851) aswell as a mobile device host running Android 8.0 (VID10898). The mobile device that the TOE isinstalled on is managed by a Mobile Device Management software product called VMware WorkspaceONE Unified Endpoint Management (UEM). UEM consists of a server and an agent that resides on themobile device. The UEM agent is used to enroll the mobile device with the UEM server so that it can bemanaged by the UEM server. Also, the UEM agent consumes policy and configuration information forthe device and VMware applications, such as Boxer, operating on the device, as well as providing statusand policy information about the mobile device to the UEM server. The operating system, UEM agent,and UEM server are considered part of the operational environment.Boxer uses ActiveSync to communicate with the Exchange server and is protected using TLS v1.2. TheExchange server resides in the operational environment and is for sending and receiving enterprise datasuch as email, calendar information and appointment data. Whether installed on an Android or iOSdevice, the application validates the certificates using OCSP. The OCSP responder is also considered partof the operational environment.8 Page

Security TargetVMware Workspace ONE Boxer Email ClientInternetEnterprise NetworkMobile DeviceOCSPOCSP ResponderUserTLSExchange ServerVMware Workspace ONEDeviceBoxerMobileEmail ClientHTTPSHTTPSVMware Workspace ONE Intelligent HubOS (iOS 11 or Android 8.0)VMware Workspace ONEUEM(MDM OperationalEnvironmentFigure 1: TOE BoundaryAs depicted in Figure 1, the TOE resides on the mobile device host running iOS 11 or Android 8.0. Themobile devices are required to be under the control of the Workspace ONE UEM product. The mobiledevices, running the UEM agent, will communicate with the UEM server to consume policy andconfiguration information for the device and VMware applications, such as the Boxer email client.Boxer email client communicates with the Exchange server over TLS v1.2 using mutual authenticationwith X.509v3 certificates for authentication. There is also a communication channel between the mobiledevice platform and the OCSP responder to check certificate revocation status.The TOE is the VMware Workspace ONE Boxer Email Client. The TOE interfaces used to communicatewith the Exchange server and OCSP responder are subject to evaluation testing. The mobile device, OS,UEM agent, UEM server, UEM Administrator Workstation (aka UEM Console), Exchange server, andOCSP responder are operational environment components.9 Page

Security TargetVMware Workspace ONE Boxer Email Client1.4 TOE TypeThe TOE is an application software email client product that is installed on mobile devices. The[APP PP] states the following:“The application, which consists of the software provided by its vendor, is installed onto the filesystemprovided by the operating system. It executes on the platform, which may be an operating system, anexecution environment, or some combination of these.Applications include a diverse range of software such as office suites, thin clients, PDF readers, anddownloadable smartphone apps. The TOE includes any software in the application installation package,even those pieces that may extend the functionality of the underlying platform, such as kernel drivers.”The [EC EP] states the following:“Email clients are user applications that provide functionality to send, receive, access and manage email.The complexity of email content and email clients has grown over time. Modern email clients can renderHTML as well as plaintext, and may include functionality to display common attachment formats, such asAdobe PDF and Microsoft Word documents. Some email clients allow their functionality to be modifiedby users through the addition of add-ons. Protocols have also been defined for communicating betweenemail clients and servers. Some clients support multiple protocols for doing the same task, allowing themto be configured according to email server specifications.”The Application Software Email Clients TOE type is justified because the TOE is an email clientapplication that allows the user to receive, send, manage, and access enterprise email on their mobiledevice.10 P a g e

Security TargetVMware Workspace ONE Boxer Email Client2 TOE DescriptionThis section provides a description of the TOE in its evaluated configuration. This includes the physicaland logical boundaries of the TOE.2.1 Evaluated Components of the TOEThe following table describes the TOE components in the evaluated configuration:ComponentVMware Workspace ONEBoxer Email Client v5.4Application on Apple iOS 11

Jun 13, 2019 · [19] VMware Workspace ONE Boxer for iOS User Guide – 3/18/2019 . Security Target VMware Workspace ONE Boxer Email Client 8 P a g e 1.2 TOE Reference The TOE is the VMware Workspace ONE Boxer Email Client version 5.4 1.3 TOE Overview The TOE is the VMware Workspace ONE Boxer

Related Documents:

VMware Horizon 7: Install, Configure, Manage [V7.3] VCP7-DTM NEW: VMware Workspace ONE: Deploy and Manage [V9.x] VCP-DW 2018 NEW: VMware Workspace ONE: Extending your AirWatch Deployment to the Digital Workspace NEW: VMware Workspace ONE: Unified Endpoint Management for Windows

Jun 27, 2019 · VMware Workspace ONE Boxer Email Client 5.4 4 1 Executive Summary This report documents the assessment of the National Information Assurance Partnership (NIAP) validation team of the evaluation of VMware Workspace ONE Boxer Email Client 5.4 provided by VMware. It presents the evaluation re

2.7 VMware vCenter Support Assistant 22 2.8 VMware Continuent 23 2.9 VMware Hyper-Converged Infrastructure Kits 23 2.10 VMware Site Recovery Manager 23 2.11 VMware NSX 24 2.12 VMware NSX Advanced Load Balancer 28 2.13 VMware SD-WAN by VeloCloud 29 2.14 VMware Edge Network Intelligence 30 2.15 VMware NSX Firewall 30

Tools & Workspace When you open an image in Photoshop, your workspace will be laid out in the default configuration, the Essentials workspace. See Figure 1 to identify important areas of your workspace. Figure 1 - Layout of Photoshop tools and workspace. 1. Workspace selection area: A workspace is the selection of Photoshop tools laid out on your

VMware Horizon and/or the VMware Workspace ONE Access (VIDM) environment is setup behind the load balancer and configured for VMware Horizon we move along to configuring the Workspace ONE environment to work with the F5 APM Log onto the Workspace

VMware View 18 VMware Mirage 21 VMware Workspace 24 Summary 25 Chapter 2 VMware View Architecture 27 Introduction 27 Approaching the Design and Architecture 27 Phase I: Requirements Gathering and Assessment 28 Phase II: Analysis 29 Phase III: Calculate 30 Phase IV: Design 32 VMware View Server Architecture 33 VMware View Connection Server 34

the VMware Hybrid Cloud Native VMware management tools extend on-prem services across VMware Hybrid Cloud vRealize adapters allow "first class citizen" status for VMware Cloud on AWS Leverage same in-house VMware tools and processes across VMware Hybrid Cloud Support the cloud agility strategy of the organisation without disruption

API Workshop on RP2T – Tension Leg Platforms – September 2007 Section 4 Planning – Expanded Topics XSeafloor Surveys and the use of: zConventional 3D seismic data zMapping products including bathymetry, seafloor renderings, seafloor amplitude, near-seafloor isopach and structure maps zDeep tow survey equipment and Autonomously Underwater Vehicles (AUV’s) XPlatform design and layout to .