RSA, The Security Division Of EMC RSA Data Loss Prevention Suite V6.5 .
RSA, The Security Division of EMCRSA Data Loss Prevention Suitev6.5Security TargetEvaluation Assurance Level: EAL2Augmented with ALC FLR.1Document Version: 0.7Prepared for:Prepared by:RSA, The Security Division of EMCCorsec Security, Inc.174 Middlesex TurnpikeBedford, MA 01730Phone: (877) 772-4900Fax: (781) 515-501010340 Democracy Lane, Suite 201Fairfax, VA 22030http://www.rsa.comhttp://www.corsec.comPhone: (703) 267-6050 2009 RSA, The Security Division of EMC
Security Target, Version 0.7April 20, 2009Revision HistoryVersionModification DateModified ByDescription of Changes0.12008-07-07Amy NicewickInitial draft.0.22008-08-01Amy NicewickRemoved SFRs related to encryption; added Guidancedocuments to section 1.4.1.0.32008-12-19Amy NicewickAddressed PETR v0.1-1, and changed version numberto v6.5.0.42009-02-10Zac CorbetUpdated product name to include registered trademark.Updated RSA company name. Added statementregarding Figure 1.0.52009-03-12Amy NicewickAddressed follow-up verdicts and CB OR 1.0.62009-03-19Amy NicewickAdded FDP IFC.1 and FDP IFF.1.0.72009-04-20Amy NicewickAddressed minor issues.RSA Data Loss Prevention Suite v6.5 2009 RSA, The Security Division of EMCPage 2 of 73
Security Target, Version 0.7April 20, 2009Table of ContentsREVISION HISTORY .2TABLE OF CONTENTS .3TABLE OF FIGURES .4TABLE OF TABLES .41SECURITY TARGET INTRODUCTION .61.1PURPOSE .61.2SECURITY TARGET AND TOE REFERENCES .71.3TOE OVERVIEW .71.3.1Brief Description of the Components of the TOE .91.3.2DLP Network .91.3.3DLP Endpoint . 111.3.4DLP Datacenter . 121.3.5DLP Enterprise Manager . 131.3.6Policies . 141.3.7TOE Environment . 151.4TOE DESCRIPTION . 161.4.1Physical Scope . 171.4.2Logical Scope. 181.4.3Physical and Logical Features and Functionality Not Included in the Evaluated Configuration of theTOE202CONFORMANCE CLAIMS . 213SECURITY PROBLEM DEFINITION . 223.1THREATS TO SECURITY. 223.2ORGANIZATIONAL SECURITY POLICIES . 233.3ASSUMPTIONS . 234SECURITY OBJECTIVES . 244.1SECURITY OBJECTIVES FOR THE TOE. 244.2SECURITY OBJECTIVES FOR THE OPERATIONAL ENVIRONMENT . 254.2.1IT Security Objectives . 254.2.2Non-IT Security Objectives . 255EXTENDED COMPONENTS DEFINITION . 265.1EXTENDED TOE SECURITY FUNCTIONAL COMPONENTS . 265.1.1Class FIH: Incident Handling . 275.2EXTENDED TOE SECURITY ASSURANCE COMPONENTS . 306SECURITY REQUIREMENTS . 316.1CONVENTIONS . 316.2SECURITY FUNCTIONAL REQUIREMENTS . 316.2.1Class FAU: Security Audit . 336.2.2Class FDP: User Data Protection . 356.2.3Class FIA: Identification and Authentication . 436.2.4Class FMT: Security Management . 446.2.5Class FTA: TOE Access . 506.2.6Class EXT FIH: Incident Handling . 516.3SECURITY ASSURANCE REQUIREMENTS . 537TOE SUMMARY SPECIFICATION . 547.1TOE SECURITY FUNCTIONS. 547.1.1Security Audit. 55RSA Data Loss Prevention Suite v6.5 2009 RSA, The Security Division of EMCPage 3 of 73
Security Target, Version 0.77.1.27.1.37.1.47.1.57.1.6April 20, 2009User Data Protection . 56Identification and Authentication . 56Security Management . 56TOE Access . 57Incident Handling . 578RATIONALE . 588.1CONFORMANCE CLAIMS RATIONALE . 588.2SECURITY OBJECTIVES RATIONALE. 588.2.1Security Objectives Rationale Relating to Threats . 588.2.2Security Objectives Rationale Relating to Policies . 618.2.3Security Objectives Rationale Relating to Assumptions . 618.3RATIONALE FOR EXTENDED SECURITY FUNCTIONAL REQUIREMENTS . 628.4RATIONALE FOR EXTENDED TOE SECURITY ASSURANCE REQUIREMENTS . 628.5SECURITY REQUIREMENTS RATIONALE . 638.5.1Rationale for Security Functional Requirements of the TOE Objectives . 638.5.2Security Assurance Requirements Rationale . 678.5.3Dependency Rationale . 679ACRONYMS AND TERMINOLOGY . 719.1ACRONYMS. 719.2TERMINOLOGY . 73Table of FiguresFIGURE 1 - DEPLOYMENT CONFIGURATION OF THE TOE.8FIGURE 2 - SAMPLE DLP NETWORK DEPLOYMENT . 10FIGURE 3 - SAMPLE DLP ENDPOINT DEPLOYMENT . 11FIGURE 4 - SAMPLE DLP DATACENTER DEPLOYMENT . 12FIGURE 5 - PHYSICAL TOE BOUNDARY. 18FIGURE 6 – IT SECURITY OBJECTIVES . 25FIGURE 7 - EXT FIH: INCIDENT HANDLING CLASS DECOMPOSITION . 27FIGURE 8 - EXT FIH ARP INCIDENT AUTOMATIC RESPONSE FAMILY DECOMPOSITION . 28FIGURE 9 - INCIDENT ANALYSIS FAMILY DECOMPOSITION . 29Table of TablesTABLE 1 - ST AND TOE REFERENCES .7TABLE 2 – TOE ENVIRONMENT COMPONENTS . 15TABLE 3 - CC AND PP CONFORMANCE . 21TABLE 4 - THREATS . 22TABLE 5 - ASSUMPTIONS . 23TABLE 6 - SECURITY OBJECTIVES FOR THE TOE . 24TABLE 7 - NON-IT SECURITY OBJECTIVES . 25TABLE 8 - EXTENDED TOE SECURITY FUNCTIONAL REQUIREMENTS. 26TABLE 9 - TOE SECURITY FUNCTIONAL REQUIREMENTS . 31TABLE 10 - MANAGEMENT OF SECURITY FUNCTIONS BEHAVIOR. 44TABLE 11 – STATIC ATTRIBUTE INITIALISATION . 48TABLE 12 - ASSURANCE REQUIREMENTS . 53TABLE 13 - MAPPING OF TOE SECURITY FUNCTIONS TO SECURITY FUNCTIONAL REQUIREMENTS . 54TABLE 14 - THREATS:OBJECTIVES MAPPING . 58TABLE 15 - ASSUMPTIONS:OBJECTIVES MAPPING . 61RSA Data Loss Prevention Suite v6.5 2009 RSA, The Security Division of EMCPage 4 of 73
Security Target, Version 0.7April 20, 2009TABLE 16 - OBJECTIVES:SFRS MAPPING. 63TABLE 17 - FUNCTIONAL REQUIREMENTS DEPENDENCIES . 67TABLE 18 - ACRONYMS . 71RSA Data Loss Prevention Suite v6.5 2009 RSA, The Security Division of EMCPage 5 of 73
Security Target, Version 0.7April 20, 20091 Security Target IntroductionThis section identifies the Security Target (ST), Target of Evaluation (TOE), and the ST organization. The Target ofEvaluation is the RSA Data Loss Prevention Suite v6.5, and will hereafter be referred to as the TOE throughoutthis document. The software-only TOE is a suite of products that allows an enterprise to identify sensitiveinformation stored on its computers, as it is transmitted between Information Technology (IT) entities, and as it isbeing copied, saved, or printed.1.1 PurposeThis ST contains the following sections to provide mapping of the Security Environment to the SecurityRequirements that the TOE meets in order to remove, diminish or mitigate the defined threats: Security Target Introduction (Section 1) – Provides a brief summary of the ST contents and describes theorganization of other sections within this document. It also provides an overview of the TOE securityfunctions and describes the physical and logical scope for the TOE, as well as the ST and TOE references. Conformance Claims (Section 2) – Provides the identification of any Common Criteria (CC), ST ProtectionProfile, and Evaluation Assurance Level (EAL) package claims. It also identifies whether the ST containsextended security requirements. Security Problem Definition (Section 3) – Describes the threats, organizational security policies, andassumptions that pertain to the TOE and its environment. Security Objectives (Section 4) – Identifies the security objectives that are satisfied by the TOE and itsenvironment. Extended Components Definition (Section 5) – Identifies new components (extended Security FunctionalRequirements (SFRs)) and extended Security Assurance Requirements (SARs)) that are not included in CCPart 2 or CC Part 3. Security Requirements (Section 6) – Presents the SFRs and SARs met by the TOE. TOE Summary Specification (Section 7) – Describes the security functions provided by the TOE that satisfythe security functional requirements and objectives. Rationale (Section 8) - Presents the rationale for the security objectives, requirements, and SFRdependencies as to their consistency, completeness, and suitability. Acronyms and Terminology (Section 9) – Defines the acronyms and terminology used within this ST.RSA Data Loss Prevention Suite v6.5 2009 RSA, The Security Division of EMCPage 6 of 73
Security Target, Version 0.7April 20, 20091.2 Security Target and TOE ReferencesTable 1 - ST and TOE ReferencesST TitleRSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5 SecurityTargetST VersionVersion 0.7ST AuthorCorsec Security, Inc.Amy NicewickST Publication DateTOE ReferenceKeywords2009-04-20RSA Data Loss Prevention Suite v6.5 build 6.5.0.2179Data Loss Prevention, DLP, Datacenter, Network, Endpoint1.3 TOE OverviewThe TOE Overview summarizes the usage and major security features of the TOE. The TOE Overview provides acontext for the TOE evaluation by identifying the TOE type, describing the product, and defining the specificevaluated configuration.RSA’s Data Loss Prevention (DLP) suite of products allows an enterprise to identify sensitive information in textformat stored on its computers, and as it is being transmitted between IT entities or being copied, saved, or printed.The TOE then takes actions based on pre-defined policies to protect the information from loss and misuse. Thereare four products within the DLP suite that provide this functionality: DLP Enterprise Manager, DLP Datacenter,DLP Network, and DLP Endpoint. The DLP Datacenter, DLP Network, and DLP Endpoint are managed throughthe DLP Enterprise Manager, a web application with a consistent user interface across all the products. The DLPDatacenter, DLP Network, and DLP Endpoint can each be used independently, or integrated with one or both of theothers, to provide the sensitive data protection required by RSA’s customers. However, in order for any one of theother products to work, the DLP Enterprise Manager must also be installed. This is because the DLP EnterpriseManager is necessary to provide administrative access to the other products, and without it, there would be no wayto manage the other products.Each product consists of one or more components, as shown in Figure 1. The DLP Network product consists of thefollowing components: DLP Network ControllerDLP Network SensorDLP Network InterceptorDLP Network ICAP ServerThe DLP Endpoint product consists of the following components: DLP Endpoint Enterprise Coordinator DLP Endpoint Site CoordinatorRSA Data Loss Prevention Suite v6.5 2009 RSA, The Security Division of EMCPage 7 of 73
Security Target, Version 0.7April 20, 2009 DLP Endpoint AgentThe DLP Datacenter product consists of the following components: DLP Datacenter Enterprise CoordinatorDLP Datacenter Site CoordinatorDLP Datacenter Grid WorkerDLP Datacenter AgentThe DLP Enterprise Manager is a stand-alone component that comprises the DLP Enterprise Manager product.Figure 1 shows the four DLP products available in the DLP Suite. Note: This diagram depicts the architecture ofthe DLP Suite as it appears in stand-alone mode, but only one Enterprise Coordinator is supported when deployed asa LPNetworkSensorDLPNetworkInterceptorDLPNetwork ICAPServerEnterprise ResultsDatabaseDLP Enterprise terAgentWorkstationServerDataRepositoryFigure 1 - Deployment Configuration of the TOERSA Data Loss Prevention Suite v6.5 2009 RSA, The Security Division of EMCPage 8 of 73
Security Target, Version 0.7April 20, 20091.3.1 Brief Description of the Components of the TOEThe DLP Datacenter, DLP Network, and DLP Endpoint products perform content analysis on documents andtransmissions using a shared, policy-driven engine.Using these policies, an enterprise can examinecommunications, track end-user1 actions, and locate stored documents that contain sensitive content, and determinewhether the action being taken on that content should be permitted. Sensitive content might include PersonallyIdentifiable Information (PII), such as Social Security Numbers, Non-Public Personal Information (NPI), such asemail addresses, or information protected by the Payment Card Industry (PCI) Data Security Standard, such as creditcard information. DLP policies can define documents or transmissions as sensitive based on their content, sender,receiver, owner, source, destination, device, file type, or file size. RSA provides built-in, expert policies forimmediate use. Administrators2 of the DLP products can also build their own custom policies to identify sensitivecontent specific to their enterprise.1.3.2 DLP NetworkThe DLP Network product detects sensitive data while it is being transmitted across the network, and generatesevents and incidents reflecting policy violations. The targeted data is referred to as “Data In Motion”. DLPNetwork can automatically monitor or block identified transmissions, or quarantine messages that may need priorapproval before leaving the network. In addition, encryption of emails containing sensitive content can beperformed by the operational environment when the TOE is configured to do so. Figure 2 below shows a typicalDLP Network deployment.12End-users are those individuals accessing the targeted computers on the network.Administrators are those individuals who perform management functions on the TOE.RSA Data Loss Prevention Suite v6.5 2009 RSA, The Security Division of EMCPage 9 of 73
Security Target, Version 0.7April 20, 2009DLPEnterpriseManagerLegend:Enterprise ResultsDatabaseDLPNetworkControllerDLP/TOE ComponentsMail ServerSMTPDLPNetworkInterceptorSMTP SmartHostEncryption ServerProxy ServerHTTP/HTTPS/IMFigure 2 - Sample DLP Network Deployment3DLP Network includes a number of components that integrate to prevent the loss of sensitive information from thetargeted network. The DLP Network Controller is the main appliance that maintains information about confidentialdata and content transmission policies. There are three types of devices that are managed by the DLP NetworkController: DLP Network Sensors, Interceptors, and ICAP servers. These devices monitor network transmissionsand report or intercept identified transmissions. DLP Network Sensors are installed at network boundaries. Theypassively monitor traffic crossing the network boundaries, and analyze it for the presence of sensitive content. DLPNetwork Interceptors are also installed at network boundaries, but they allow administrators to implement policiesthat quarantine or reject email traffic that contains sensitive content. DLP Network ICAP Servers are special3SMTP – Simple Mail Transfer Protocol; ICAP – Internet Content Adaptation Protocol; HTTP – HyperTextTransfer Protocol; HTTPS – Secure HyperText Transfer Protocol; IM – Instant MessagingRSA Data Loss Prevention Suite v6.5 2009 RSA, The Security Division of EMCPage 10 of 73
Security Target, Version 0.7April 20, 2009purpose server devices that allow administrators to implement monitoring or blocking of HTTP, HTTPS, or FileTransfer Protocol (FTP) traffic containing sensitive content.In addition, Administrators can view log entries captured by DLP Network through the Command Line Interface(CLI) on each of the appliances, or through the DLP Enterprise Manager.1.3.3 DLP EndpointThe DLP Endpoint product provides control over confidential information being manipulated by end-users. Thetargeted data is referred to as “Data In Use”. DLP Endpoint monitors data activity for irregularities, alertsadministrators to at-risk processes, and blocks the loss of sensitive content from the network’s computers. Figure 3below shows a typical DLP Endpoint deployment.Figure 3 - Sample DLP Endpoint DeploymentDLP Endpoint consists of three components: DLP Endpoint Agent, DLP Endpoint Site Coordinator, and DLPEndpoint Enterprise Coordinator. The DLP Endpoint Agent enforces policies on usage of data, resulting inblockages, justifications, or notifications, and generates events that describe the violations and the actions taken toenforce the policies. DLP Endpoint Agents push these events to the DLP Endpoint Site Coordinator, and alsoretrieve configuration settings and policy files from the DLP Endpoint Site Coordinator. The DLP Endpoint Agentis a service that starts when the computer starts, and monitors end-user actions as long as the computer is running.DLP Endpoint Agents run from within the targeted machine’s operating system, and are transparent to desktopapplications. The DLP Endpoint Agent injects itself into each running process on the targeted machine, andintercepts and monitors application calls. When an application call for an end-user action such as copy, move, orprint is intercepted, the DLP Endpoint Agent extracts the content of the document involved, and performs ananalysis on the content to determine if a policy violation has occurred. If so, the DLP Endpoint Agent sends anevent to the DLP Endpoint Site Coordinator, and the action is either allowed or disallowed, depending on the policy.The DLP Endpoint Agent displays a system tray icon to the end-user to provide messages and accept justificationtext from end-users.Each DLP Endpoint Agent receives its instructions from a DLP Endpoint Site Coordinator, and returns results to it.DLP Endpoint Site Coordinators are services that manage scans for a local network. An enterprise may install asmany DLP Endpoint Site Coordinator as it wishes to coordinate scans on DLP Endpoint Agents that are dispersedwidely throughout the enterprise.RSA Data Loss Prevention Suite v6.5 2009 RSA, The Security Division of EMCPage 11 of 73
Security Target, Version 0.7April 20, 2009The DLP Endpoint Enterprise Coordinator is the master controller of a DLP Endpoint deployment. It sendsinstructions to, and gathers scan results from, all DLP Endpoint Site Coordinator installed in the enterprise.The DLP Endpoint Enterprise Coordinator manages the policies and the collection of events from DLP EndpointSite Coordinator throughout the network, and passes the information to the DLP Enterprise Manager for display inthe Graphical User Interface (GUI). In addition, the DLP Endpoint Enterprise Coordinator, DLP Endpoint SiteCoordinator, and DLP Endpoint Agent capture audit logs and download them to the DLP Enterprise Manager wherethey can be viewed through the GUI.1.3.4 DLP DatacenterThe DLP Datacenter product provides the ability to identify sensitive content stored on laptops, desktops, andservers distributed through a corporate environment. The targeted data is referred to as “Data At Rest”. DLPDatacenter scans the organization’s networks, examining files on all designated machines. Figure 4 below shows atypical DLP Datacenter deployment.DLPEnterpriseManagerLegendEnterprise ResultsDatabaseDLP/TOE WorkstationData RepositoryFigure 4 - Sample DLP Datacenter deploymentSeveral components of the DLP Datacenter product work together to perform scans and act on the informationgathered from them. DLP Datacenter Agents are small programs that perform the analysis on the designatedmachines. Because the DLP Datacenter Agents are deployed onto the selected machines, sensitive data does nothave to be moved to a central location for analysis.Each DLP Datacenter Agent receives its instructions from a DLP Datacenter Site Coordinator, and returns results toit. DLP Datacenter Site Coordinators are services that manage scans for a local network. An enterprise may installas many DLP Datacenter Site Coordinators as it wishes to coordinate scans on DLP Datacenter Agent that aredispersed widely throughout the enterprise.The DLP Datacenter Enterprise Coordinator is the master controller of a DLP Datacenter deployment. It sendsinstructions to, and gathers scan results from, all DLP Datacenter Site Coordinator installed in the enterprise.RSA Data Loss Prevention Suite v6.5 2009 RSA, The Security Division of EMCPage 12 of 73
Security Target, Version 0.7April 20, 2009Finally, th
RSA, The Security Division of EMC RSA Data Loss Prevention Suite v6.5 Security Target ST Version Version 0.7 ST Author Corsec Security, Inc. Amy Nicewick ST Publication Date 2009-04-20 TOE Reference RSA Data Loss Prevention Suite v6.5 build 6.5.0.2179 Keywords Data Loss Prevention, DLP, Datacenter, Network, Endpoint 1.3 TOE Overview
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
- RSA Archer eGRC Suite: Out-of-the-box GRC solutions for integrated policy, risk, compliance, enterprise, incident, vendor, threat, business continuity and audit management - RSA Policy Workflow Manager: RSA Data Loss Prevention and RSA Archer eGRC Platform - RSA Risk Remediation Manager: RSA Data Loss Prevention and RSA Archer
Each RSA number is a semiprime. (A nu mber is semiprime if it is the product of tw o primes.) There are two labeling schemes. by the number of decimal digits: RSA-100, . RSA Numbers x x., RSA-500, RSA-617. by the number of bits: RSA-576, 640, 704, 768, 896, , 151024 36, 2048.
Fedrico Chesani Introduction to Description Logic(s) Some considerations A Description Language DL Extending DL Description Logics Description Logics and SW A simple logic: DL Concept-forming operators Sentences Semantics Entailment Sentences d 1: d 2 Concept d 1 is equivalent to concept d 2, i.e. the individuals that satisfy d 1 are precisely those that satisfy d 2 Example: PhDStudent .
