• Have any questions?
  • info.zbook.org@gmail.com

Dell EMC NetWorker 9 - Common Criteria

7d ago
3 Views
0 Downloads
495.34 KB
40 Pages
Last View : 4d ago
Last Download : n/a
Upload by : Emanuel Batten
Share:
Transcription

Dell EMC NetWorker 9.1Security TargetEvaluation Assurance Level (EAL): EAL2 Doc No: 1986-000-D102Version: 1.210 July 2017EMC Corporation176 South StreetHopkinton, MA, USA01748Prepared by:EWA-Canada1223 Michael Street, Suite 200Ottawa, Ontario, CanadaK1J7T2

Dell EMC NetWorker 9.1Security TargetCONTENTS1SECURITY TARGET INTRODUCTION . 11.1DOCUMENT ORGANIZATION. 11.2SECURITY TARGET REFERENCE . 11.3TOE REFERENCE . 21.4TOE OVERVIEW . 21.5TOE DESCRIPTION . 21.5.1Physical Scope . 21.5.2TOE Environment . 61.5.3TOE Guidance . 71.5.4Logical Scope. 71.5.5Functionality Excluded from the Evaluated Configuration . 82CONFORMANCE CLAIMS . 92.1COMMON CRITERIA CONFORMANCE CLAIM . 92.2ASSURANCE PACKAGE CLAIM. 92.3PROTECTION PROFILE CONFORMANCE CLAIM . 93SECURITY PROBLEM DEFINITION . 103.1THREATS . 103.2ORGANIZATIONAL SECURITY POLICIES . 103.3ASSUMPTIONS . 104SECURITY OBJECTIVES . 124.1SECURITY OBJECTIVES FOR THE TOE. 124.2SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT . 124.3SECURITY OBJECTIVES RATIONALE . 134.3.1Security Objectives Rationale Related to Threats . 134.3.2Security Objectives Rationale Related to Assumptions . 155EXTENDED COMPONENTS DEFINITION . 175.1SECURITY FUNCTIONAL REQUIREMENTS . 175.2SECURITY ASSURANCE REQUIREMENTS . 176SECURITY REQUIREMENTS . 186.1CONVENTIONS . 18Doc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page i of iii

Dell EMC NetWorker 9.1Security Target6.26.3TOE SECURITY FUNCTIONAL REQUIREMENTS. 186.2.1Security Audit (FAU) . 196.2.2User Data Protection (FDP) . 206.2.3Identification and Authentication (FIA) . 216.2.4Security Management (FMT) . 216.2.5TOE Access (FTA) . 23SECURITY FUNCTIONAL REQUIREMENTS RATIONALE . 236.3.1SFR Rationale Related to Security Objectives . 246.4DEPENDENCY RATIONALE . 266.5TOE SECURITY ASSURANCE REQUIREMENTS . 277TOE SUMMARY SPECIFICATION . 307.1TOE SECURITY FUNCTIONS. 307.1.1Security Audit . 307.1.2User Data Protection . 307.1.3Identification and Authentication . 337.1.4Security Management . 337.1.5TOE Access . 348TERMINOLOGY AND ACRONYMS . 358.1TERMINOLOGY . 358.2ACRONYMS . 35LIST OF TABLESTable 1 – TOE Components and Non-TOE Hardware and Software . 7Table 2 – Logical Scope of the TOE . 7Table 3 – Threats . 10Table 4 – Assumptions . 11Table 5 – Security Objectives for the TOE . 12Table 6 – Security Objectives for the Operational Environment . 13Table 7 – Mapping Between Objectives, Threats, OSPs, and Assumptions . 13Table 8 – Summary of Security Functional Requirements . 19Table 9 – Mapping of SFRs to Security Objectives . 24Table 10 – Functional Requirement Dependencies . 27Doc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page ii of iii

Dell EMC NetWorker 9.1Security TargetTable 11 – Security Assurance Requirements . 28Table 12 – NetWorker Server Roles and Privileges . 32Table 13 – Terminology . 35Table 14 – Acronyms . 36LIST OF FIGURESFigure 1 – TOE Diagram . 3Figure 2 – TOE Boundary . 4Doc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page iii of iii

Dell EMC NetWorker 9.1Security Target1 SECURITY TARGET INTRODUCTIONThis Security Target (ST) defines the scope of the evaluation in terms of theassumptions made, the intended environment for the Target of Evaluation(TOE), the Information Technology (IT) security functional and assurancerequirements to be met, and the level of confidence (evaluation assurance level)to which it is asserted that the TOE satisfies its IT security requirements. Thisdocument forms the baseline for the Common Criteria (CC) evaluation.1.1DOCUMENT ORGANIZATIONSection 1, ST Introduction, provides the ST reference, the TOE reference, theTOE overview and the TOE description.Section 2, Conformance Claims, describes how the ST conforms to theCommon Criteria and Packages. This ST does not conform to a ProtectionProfile (PP).Section 3, Security Problem Definition, describes the expected environmentin which the TOE is to be used. This section defines the set of threats that arerelevant to the secure operation of the TOE, organizational security policies withwhich the TOE must comply, and secure usage assumptions applicable to thisanalysis.Section 4, Security Objectives, defines the set of security objectives to besatisfied by the TOE and by the TOE operating environment in response to theproblem defined by the security problem definition.Section 5, Extended Components Definition, defines the extendedcomponents.Section 6, Security Requirements, specifies the security functional andassurance requirements that must be satisfied by the TOE and the ITenvironment.Section 7, TOE Summary Specification, describes the security functions thatare included in the TOE to enable it to meet the IT security functionalrequirements.Section 8 Terminology and Acronyms, defines the acronyms andterminology used in this ST.1.2SECURITY TARGET REFERENCEST Title:Dell EMC NetWorker 9.1 Security TargetST Version:1.2ST Date:10 July 2017Doc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 1 of 36

Dell EMC NetWorker 9.1Security Target1.3TOE REFERENCETOE Identification:Dell EMC NetWorker 9.1.0.5 build 89TOE Developer:EMC CorporationTOE Type:Backup and Recovery Solution (Data Protection)1.4TOE OVERVIEWEMC NetWorker is a backup and recovery solution that provides robust accesscontrol, authentication and auditing. It is implemented as a collection of serviceson Windows and Linux based systems, as well as several Command LineInterfaces (CLIs) and Graphical User Interfaces (GUIs). An administrator mayinitiate NetWorker functions either from within the GUI-based NetWorkerManagement Console (NMC) Applet or from a set of NetWorker command-lineinterfaces. Additionally, end users of client systems can perform ad-hoc backupand restore operations.The evaluated configuration of the TOE consists of four major components: NetWorker Server and Authentication Service software running on adedicated Linux instance on general purpose computing hardware NetWorker Client software running in two separate instances on generalpurpose computing hardware for:oWindows Server 2008 R2oLinux (Red Hat Enterprise Linux 6.6) NetWorker Storage Node software running on a dedicated Linux instanceon general purpose computing hardware with an attached storage device NMC Server software running on a dedicated Linux instance on generalpurpose computing hardware. The NMC Server delivers the NMC Applet,which runs from a Java Virtual Machine within a supported web browserThe TOE is a software only TOE.1.51.5.1TOE DESCRIPTIONPhysical ScopeFigure 1 shows the deployment for the evaluated configuration. Note that thelines indicate the primary communications paths only. Figure 2 shows the TOEBoundary.Doc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 2 of 36

Dell EMC NetWorker 9.1Security TargetFigure 1 – TOE DiagramDoc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 3 of 36

Dell EMC NetWorker 9.1Security TargetFigure 2 – TOE BoundaryDoc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 4 of 36

Dell EMC NetWorker 9.1Security TargetThe evaluated configuration of EMC NetWorker is made up of the followingcomponents: NetWorker Server (with the Auth-C authentication service)NetWorker Client (on both Red Hat Enterprise Linux 6.6 and WindowsServer 2008 R2)NetWorker Storage NodeNetWorker Management Console (NMC) Server, including thedownloadable NMC AppletAdditionally, a customer would be required to implement the EMC ElectronicLicense Management Server (ELMS). This is required to install and configureNetWorker, but is not involved in the day to day operation of the software, orthe enforcement of the security claims.1.5.1.1NetWorker ServerEach NetWorker Server provides backup/recovery scheduling, queuing andcoordination, and management of data lifecycles, volume pools, client indexes,and media databases.The Server coordinates backup operations. This involves defining the save setsto be backed up, creating entries for the client index and media databasestructures, and coordinating volume pools for receiving backup data. Writeoperations require server coordination to optimize performance by takingadvantage of server parallelism and managing writes between local and remotestorage nodes. Recover operations require the server to manage reads from thevolumes and to optimize performance through server parallelism. Serverparallelism controls how many total streams from all its clients a NetWorkerServer allows to be simultaneously active for the purposes of backup orrecovery. Data lifecycle operations require that the server routinely compare theage and status of stored data with policies specified by the administrator, andtake the action required to implement those policies. Volume managementoperations require the server:a. to locate volumes required by operations, and to automatically mount,unmount, and label those volumes as needed;b. to inventory autochangers; andc. to clone and stage data from one volume to another as requested.The NetWorker Server includes the Authentication Service. This service providesusers with an authentication token that is supplied with each subsequentrequest.1.5.1.2NetWorker ClientThe NetWorker client software provides client-initiated backup and recoveryfunctionality and communicates with the other NetWorker components. TheNetWorker Client software is installed on all computers that are backed up in theNetWorker implementation.Doc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 5 of 36

Dell EMC NetWorker 9.1Security Target1.5.1.3NetWorker Storage NodeThe NetWorker Storage Node software is installed on a computer resource withdirectly connected storage devices. The Storage Node software is installed bydefault with the NetWorker Server, but is installed on a separate machine in theevaluated configuration.Data may be backed up directly to storage resources associated with theNetWorker Server or may be sent to a NetWorker Storage Node. A storage nodecontrols storage devices such as tape drives, disk devices, autochangers, andsilos. Using a storage node off-loads much of the data transfer involved inbackup and recovery operations from the NetWorker Server, thereby improvingoverall performance.1.5.1.4NetWorker Management Console ServerThe NetWorker Management Console (NMC) Server is a Java-based webapplication server that provides centralized management, monitoring, andreporting of backup operations for NetWorker Servers and NetWorker Clientsacross multiple datazones. The NMC Server is accessed through a GUI that maybe run from any computer with a supported web browser and Java RuntimeEnvironment (JRE).1.5.2TOE EnvironmentThe following operating system and hardware components are required foroperation of the TOE in the evaluated configuration.TOE ComponentSupporting Softwareand Operating SystemSupporting HardwareNetWorker ServerRed Hat Enterprise Linux6.6General PurposeComputing HardwareAuthentication ServiceRed Hat Enterprise Linux6.6General PurposeComputing HardwareNMCRed Hat Enterprise Linux6.6General PurposeComputing HardwareNMC AppletBrowser (Mozilla FireFox52)General PurposeComputing HardwareWindows 7 SP1NetWorker Storage NodeRed Hat Enterprise Linux6.6General PurposeComputing HardwareWindows ClientWindows Server 2008 R2General PurposeComputing HardwareDoc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 6 of 36

Dell EMC NetWorker 9.1Security TargetTOE ComponentSupporting Softwareand Operating SystemSupporting HardwareLinux ClientRed Hat Enterprise Linux6.6General PurposeComputing HardwareTable 1 – TOE Components and Non-TOE Hardware and Software1.5.3TOE GuidanceThe TOE includes the following guidance documentation: EMC NetWorker Version 9.1 Installation Guide EMC NetWorker Version 9.1 Administration Guide EMC NetWorker Version 9.1 Command Reference Guide EMC NetWorker Version 9.1 Security Configuration Guide EMC NetWorker Version 9.1 Error Message Guide1.5.4Logical ScopeThe logical boundary of the TOE includes all interfaces and functions within thephysical boundary. The logical boundary of the TOE may be broken down by thesecurity function classes described in Section 6. Table 2 summarizes the logicalscope of the TOE.Functional ClassesDescriptionSecurity AuditAudit entries are generated for security related events. Theaudit logs are stored and protected from unauthorizedmodification and deletion.User Data ProtectionThe TOE provides a role-based access control capability toensure that only authorized administrators are able toadminister the TOE. The TOE provides backup and recoveryfunctionality.Identification andAuthenticationUsers must identify and authenticate prior to gaining TOEaccess.Security ManagementThe TOE provides management capabilities via a WebBased GUI and through a CLI. Management functions allowthe administrators to perform system configuration, usermanagement, and backup and recovery operations.Protection of the TSFA retention setting may be applied to save sets indicatingthe date before which the save set may not be deleted.TOE AccessA banner is presented on user login to the NMC.Table 2 – Logical Scope of the TOEDoc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 7 of 36

Dell EMC NetWorker 9.1Security Target1.5.5Functionality Excluded from the EvaluatedConfigurationThe following features are excluded from this evaluation: Although NetWorker supports backup and recovery from many differentplatforms, only Windows and Linux were evaluated. Integration with other EMC products was not evaluated.Doc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 8 of 36

Dell EMC NetWorker 9.1Security Target2 CONFORMANCE CLAIMS2.1COMMON CRITERIA CONFORMANCE CLAIMThis Security Target claims to be conformant to Version 3.1 of Common Criteriafor Information Technology Security Evaluation according to: Common Criteria for Information Technology Security Evaluation, Part 1:Introduction and General Model; CCMB-2012-09-001, Version 3.1,Revision 4, September 2012 Common Criteria for Information Technology Security Evaluation, Part 2:Security Functional Components; CCMB-2012-09-002, Version 3.1,Revision 4, September 2012 Common Criteria for Information Technology Security Evaluation, Part 3:Security Assurance Components CCMB-2012-09-003, Version 3.1,Revision 4, September 2012As follows: CC Part 2 conformant CC Part 3 conformantThe Common Methodology for Information Technology Security Evaluation,Version 3.1, Revision 4, September 2012 has to be taken into account.2.2ASSURANCE PACKAGE CLAIMThis Security Target claims conformance to Evaluation Assurance Level (EAL) 2augmented with ALC FLR.2 Flaw Reporting Procedures.2.3PROTECTION PROFILE CONFORMANCECLAIMThis ST does not claim conformance of the TOE with any Protection Profile.Doc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 9 of 36

Dell EMC NetWorker 9.1Security Target3 SECURITY PROBLEM DEFINITION3.1THREATSTable 3 lists the threats addressed by the TOE. Potential threat agents areauthorized TOE users, and unauthorized persons. The level of expertise of bothtypes of attacker is assumed to be unsophisticated. TOE users are assumed tohave access to the TOE, extensive knowledge of TOE operations, and to possessa high level of skill. They have moderate resources to alter TOE parameters, butare assumed not to be wilfully hostile. Unauthorized persons have littleknowledge of TOE operations, a low level of skill, limited resources to alter TOEparameters and no physical access to the TOE.Mitigation to the threats is through the objectives identified in Section 4.1,Security Objectives for the TOE.ThreatDescriptionT.DATALOSSA user or system failure may cause the loss of critical user dataresulting in users being unable to continue their work.T.UNAUTHAn unauthorized user may be able to view recovery files or accesssecurity management functions, resulting in unauthorized access touser data.T.UNDETECTAuthorized or unauthorized users may be able to access TSF or userdata or modify TOE behaviour without a record of those actions inorder to circumvent TOE security functionality.Table 3 – Threats3.2ORGANIZATIONAL SECURITY POLICIESThere are no Organizational Security Policies applicable to this TOE.3.3ASSUMPTIONSThe assumptions required to ensure the security of the TOE are listed in Table 5.AssumptionsDescriptionA.LOCATEThe TOE will be located within controlled access facilities, whichwill prevent unauthorized physical access.A.MANAGEThere are one or more competent individuals assigned tomanage the TOE.A.NOEVILThe authorized administrators are not careless, wilfully negligent,or hostile, are appropriately trained and will follow theinstructions provided by the TOE documentation.Doc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 10 of 36

Dell EMC NetWorker 9.1Security TargetAssumptionsDescriptionA.TIMEThe operational environment provides the TOE with reliabletimestamps.Table 4 – AssumptionsDoc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 11 of 36

Dell EMC NetWorker 9.1Security Target4 SECURITY OBJECTIVESThe purpose of the security objectives is to address the security concerns and toshow which security concerns are addressed by the TOE, and which areaddressed by the environment. Threats may be addressed by the TOE or thesecurity environment or both. Therefore, CC identifies two categories of securityobjectives: Security objectives for the TOE Security objectives for the environment4.1SECURITY OBJECTIVES FOR THE TOEThis section identifies and describes the security objectives that are to beaddressed by the TOE.SecurityObjectiveDescriptionO.ADMINThe TOE will provide all the functions necessary to support theadministrators in their management of the security of the TOE.The TOE must advise users of possible unauthorized use, andrestrict security management functions from unauthorized use.O.AUDITThe TOE must record audit records for use of the TOE functions,and must protect the stored audit records to preventunauthorized modification or removal.O.BACKUPThe TOE must implement backup and recovery functionality thatrestricts access to backed-up data to owners and authorizedadministrators.O.IDENTAUTHThe TOE must be able to ensure that users are identified andauthenticated prior to gaining access to the administrativefunctions, TSF data or user data.Table 5 – Security Objectives for the TOE4.2SECURITY OBJECTIVES FOR THEOPERATIONAL ENVIRONMENTThis section identifies and describes the security objectives that are to beaddressed by the IT environment or by non-technical or procedural means.Doc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 12 of 36

Dell EMC NetWorker 9.1Security TargetSecurityObjectiveDescriptionOE.MANAGEThose responsible for TOE deployment will provide competentadministrators who are appropriately trained and follow allguidance.OE.PROTECTThose responsible for the TOE must ensure that TOEcomponents are protected from interference, tampering andphysical attack.OE.TIMEThe operational environment must provide reliable timestampsfor use by the TOE.Table 6 – Security Objectives for the Operational Environment4.3SECURITY OBJECTIVES O.ADMINT.UNAUTHT.DATALOSSThe following table maps the security objectives to the assumptions, threats,and organizational policies identified for the TOE.XOE.TIMEXTable 7 – Mapping Between Objectives, Threats, OSPs, and Assumptions4.3.1Security Objectives Rationale Related toThreatsThe security objectives rationale related to threats traces the security objectivesfor the TOE back to the threats addressed by the TOE.Threat:A user or system failure may cause the loss of critical user dataDoc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 13 of 36

Dell EMC NetWorker 9.1Security TargetT.DATALOSSresulting in users being unable to continue their work.Objectives:O.BACKUPRationale:O.BACKUP mitigates the threat by ensuring that the TOE providesbackup and recovery functionality that affords access to criticaluser data even if the original data is lost.Threat:T.UNAUTHAn unauthorized user may be able to view recovery files or accesssecurity management functions, resulting in unauthorized access touser data.Objectives:O.ADMINThe TOE will provide all the functionsnecessary to support the administrators intheir management of the security of the TOE.The TOE must advise users of possibleunauthorized use, and restrict securitymanagement functions from unauthorized use.O.IDENTAUTHThe TOE must be able to ensure that users areidentified and authenticated prior to gainingaccess to the administrative functions, TSFdata or user data.Rationale:The TOE must implement backup and recoveryfunctionality that restricts access to backed-updata to owners and authorized administrators.O.ADMIN mitigates this threat by ensuring that only authorizedadministrators may access security management functions of theTOE.O.IDENTAUTH mitigates this threat by ensuring that administratorsand users are identified and authenticated prior to being grantedaccess to security management functions or user data.Threat:T.UNDETECTAuthorized or unauthorized users may be able to access TSF oruser data or modify TOE behaviour without a record of thoseactions in order to circumvent TOE security functionality.Objectives:O.AUDITRationale:O.AUDIT mitigates this threat by ensuring audit records are createdto make note of access to TSF and user data.Doc No: 1986-000-D102Version: 1.2The TOE must record audit records for use ofthe TOE functions, and must protect thestored audit records to prevent unauthorizedmodification or removal.Date: 10 July 2017Page 14 of 36

Dell EMC NetWorker 9.1Security Target4.3.2Security Objectives Rationale Related toAssumptionsThe security objectives rationale related to assumptions traces the securityobjectives for the operational environment back to the assumptions for theTOE’s operational environment.Assumption:A.LOCATEThe TOE will be located within controlled access facilities, which willprevent unauthorized physical access.Objectives:OE.PROTECTRationale:OE.PROTECT supports this assumption by protecting TOEcomponents from physical attack.Assumption:There are one or more competent individuals assigned to managethe TOE.A.MANAGEThose responsible for the TOE must ensurethat TOE components are protected frominterference, tampering and physical attack.Objectives:OE.MANAGERationale:OE.MANAGE supports this assumption by ensuring that competent,trained individuals who follow guidance are in place to manage theTOE.Assumption:A.NOEVILThe authorized administrators are not careless, wilfully negligent,or hostile, are appropriately trained and will follow the instructionsprovided by the TOE AGE supports this assumption by ensuring that theindividuals managing the TOE are competent, trained and follow allguidance.Assumption:The operational environment provides the TOE with reliabletimestamps.A.TIMEObjectives:OE.TIMEDoc No: 1986-000-D102Version: 1.2Those responsible for TOE deployment willprovide competent administrators who areappropriately trained and follow all guidance.Those responsible for TOE deployment willprovide competent administrators who areappropriately trained and follow all guidance.The operational environment must providereliable timestamps for use by the TOE.Date: 10 July 2017Page 15 of 36

Dell EMC NetWorker 9.1Security TargetRationale:OE.TIME supports this assumption by ensuring that the operationalenvironment provides reliable timestamps.Doc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 16 of 36

Dell EMC NetWorker 9.1Security Target5 EXTENDED COMPONENTS DEFINITION5.1 SECURITY FUNCTIONAL REQUIREMENTSThis ST does not include extended Security Functional Requirements.5.2SECURITY ASSURANCE REQUIREMENTSThis ST does not include extended Security Assurance Requirements.Doc No: 1986-000-D102Version: 1.2Date: 10 July 2017Page 17 of 36

Dell EMC NetWorker 9.1Security Target6 SECURITY REQUIREMENTSSection 6 provides security functional and assurance requirements that must besatisfied by a compliant TOE. These requirements consist of functionalcomponents from Part 2 of the CC, and an Evaluation Assurance Level (EAL) thatcontains assurance components from Part 3 of the CC.6.1CONVENTIONSThe CC permits four types of operations to be performed on functionalrequirements: selection, assignment, refinement, and iteration. Theseoperations, when performed on requirements that derive from CC Part 2, areidentified in this ST in the following manner: Selection: Indicated by surrounding brackets, e.g., [selected item]. Assignment: Indicated by surrounding brackets and italics, e.g., [assigneditem]. Refinement: Refined components are identified by using bold foradditional information, or strikeout for deleted text. Iteration: Indicated by assigning a number in parenthesis to the end ofthe functional component identifier as well as by modifying the functionalcomponent title to distinguish between iterations, e.g., ‘FDP ACC.1(1),Subset access control (administrators)’ and ‘FDP ACC.1(2) Subset accesscontrol (devices)’.6.2TOE SECURITY FUNCTIONAL REQUIREMENTSThe security functional requirements for this ST consist of the followingcomponents from Part 2 of the CC, and are summarized in Table 9 - Summary ofSecurity Functional Requirements.ClassIdentifierNameSecurity Audit (FAU)FAU GEN.1Audit data generationFAU STG.1Protected audit trail storageFDP ACC.1(1)Subset access control (RBAC)FDP ACC.1(2)Subset access control (Backup andRecovery)FDP ACF.1(1)Security attribute based access control(RBAC)FDP ACF.1(2)Security attribute based access control(Backup and Recovery)FIA UAU.2User authentication before any actionVersion: 1.2Date: 10 July 2017User Data Protection(FDP)Identification andDoc No: 1986-000-D102Page 18 of 36

Dell EMC NetWorker 9.1Security TargetClassAuthentication (FIA)Security Management(FMT)TOE Access (FTA)IdentifierNameFIA UID.2User identification before any actionFMT MSA.1(1)Management of security attributes (RBAC)FMT MSA.1(2)Management of security attributes (Backupand Recovery)FMT MSA.3(1)Static attribute initialisation (RBAC)FMT MSA.3(2)Static attribute initialisation (Backup andRecovery)FMT SMF.1Specification of Management FunctionsFMT SMR.1Security rolesFTA SSL.3TSF-initiated terminationFTA TAB.1Default TOE access bannersTable 8 – Summary of Security Functi

Dell EMC NetWorker 9.1 . Server allows to be simultaneously active for the purposes of backup or recovery. Data lifecycle operations require that the server routinely compare the age and status of stored data with policies specified by the administrator, and take the actio