Sophos SAFEGUARD User and administrator help
SafeGuard® Enterprise 5.50
User and administrator help supplement:
Manual for certification-compliant operation
Document date: April 2010
Content
1 Preface............................................................................................................................................................. 2
2 Certification of SafeGuard Enterprise Device Encryption...................................................................... 3
3 Secure operation of SafeGuard Enterprise Device Encryption............................................................... 7
4 Copyright .................................................................................................................................................... 15
5 Technical Support ...................................................................................................................................... 16
1
SafeGuard® Enterprise 5.50, Manual for certification-compliant operation
1 Preface
This document is a supplement for the SafeGuard Enterprise User help and the SafeGuard
Enterprise Administrator help.
It especially addresses those users who intend to use SafeGuard Enterprise Device Encryption as
a certified security software product.
References
SafeGuard Enterprise User help, Utimaco Safeware AG - a member of the Sophos Group, 2010
SafeGuard Enterprise Administrator help, Utimaco Safeware AG - a member of the Sophos
Group, 2010
SafeGuard Enterprise Installation manual, Utimaco Safeware AG - a member of the Sophos
Group, 2010
2
SafeGuard® Enterprise 5.50, Manual for certification-compliant operation
2 Certification of SafeGuard Enterprise Device Encryption
SafeGuard Enterprise Device Encryption, Version 5.30, has passed a certification process
according to Common Criteria (CC), version 2.3.
The Common Criteria provide a standard criteria catalog for the security evaluation of products
and systems for information technology. The Common Criteria have been commonly prepared
by governmental organizations of Australia/New Zealand, Canada, France, Germany, Japan, the
Netherlands, Spain, the United Kingdom and the USA and are accepted as an international
standard.
The certification has been performed by the German BSI ("Bundesamt für Sicherheit in der
Informationstechnik") as a certification body.
The Evaluation Assurance Level of SafeGuard Enterprise Device Encryption is "EAL3+". The
specified minimum strength of the security functions of SafeGuard Enterprise Device Encryption,
Version 5.30, is "SOF-medium".
2.1 Evaluation Assurance Level
In the scope of the Common Criteria, the Evaluation Assurance Level (EAL) specifies the accuracy
and the effort used to analyze and verify the correct implementation of the security functions of
a certified product.
The Common Criteria specify seven different Evaluation Assurance Levels. Level "EAL1" defines
the lowest, "EAL7" the highest Evaluation Assurance Level.
Depending on the EAL, different objectives and specified security criteria have to be fulfilled and
verified. For level "EAL3+", this comprises providing a Security Target document including an
analysis of the security functional requirements, a functional and interface specification and an
informal architecture description (High Level Design) of the product to be evaluated.
Furthermore, independent testing of the security functionality, evidence of developer testing
based on the functional specification, selective independent confirmation of the developer test
results and a vulnerability analysis demonstrating resistance to penetration attackers with a
standard attack potential are required. User and administrator guidance must comply with
specified requirements. Additionally, an automated configuration control system supporting
development, appropriate measures for securing the development environment as well as an
approved distribution method have to be applied.
3
SafeGuard® Enterprise 5.50, Manual for certification-compliant operation
2.2 Information concerning the Common Criteria
The Common Criteria originate from separate IT security criteria catalogs published by national
authorities for the evaluation of IT security products and systems.
The following countries take part in the definition of the Common Criteria: Australia/New
Zealand, Canada, France, Germany, Japan, the Netherlands, Spain, the United Kingdom and the
United States of America. The Common Criteria are based on the following single criteria
catalogs: CTCPEC (Canada), FC, TCSEC (both USA) and ITSEC (Europe).
The Common Criteria ensure comparable evaluations of IT security products and systems in all
these countries. An automatic mutual approval of granted certificates was established in May
2000.
The Common Criteria were issued on an international level by ISO/IEC JTC 1/SC 27/WG 3 and
as an international standard titled ISO/IEC 15408 "Evaluation Criteria for Information
Technology Security" in December 1998.
2.3 Information concerning the certification process
The following parties are involved in the certification process according to the Common Criteria:
the certification body, an evaluation facility and the producer or the distributor of the product.
The certification body for SafeGuard Enterprise Device Encryption is the BSI ("Bundesamt für
Sicherheit in der Informationstechnik"), Bonn, Germany. The evaluation facility is SRC GmbH,
Bonn, Germany.
The certification process is initiated on the request of the producer or distributor. The main part
of the process is the technical assessment (evaluation) of the product according to the criteria
catalog. Technical assessment is performed by an evaluation facility licensed by the certification
body. Afterwards, the certificate is issued by the certification body on the basis of an Evaluation
Technical Report (ETR) prepared by the evaluation facility.
Details of the certificate, for example the threats averted by the product, the scope of the certified
security functions and possible requirements for the operation as a certified product, are
published by the certification body in the certification report. The certification report and the
Security Target document are made available to the public.
4
SafeGuard® Enterprise 5.50, Manual for certification-compliant operation
2.4 Scope of the certified product
The scope of evaluated parts of SafeGuard Enterprise Device Encryption consists of:
1. the installable program code of the Device Encryption client for SafeGuard Enterprise Version
5.30, English program version. The program code is a part of SafeGuard Enterprise, delivered
on the SafeGuard Enterprise product CD-ROM and identified as "[SafeGuard® Enterprise Client Modules 5.30.1]".
2. the guidance documentation consisting of:
a) SafeGuard Enterprise User help
b) SafeGuard Enterprise Administrator help
c) SafeGuard Enterprise Installation manual
d) SafeGuard Enterprise User and administrator help supplement:
Manual for certification-compliant operation
Note: Only the device encryption client component of SafeGuard Enterprise is part of the
certification. All other SafeGuard Enterprise modules - SafeGuard Enterprise Server, SafeGuard
Management Center, SafeGuard Data Exchange, SafeGuard File & Folder Encryption, SafeGuard
Configuration Protection and SafeGuard Partner Connect - are not part of the certification.
2.5 Scope of certified security functions
The following security features of SafeGuard Enterprise Device Encryption have been certified:
Power-on Authentication (POA):
Provides secure identification and authentication of authorized users by user name and password
or by using a CryptoToken and the appropriate PIN.
Protection of data on protected devices (using device encryption):
User data on protected devices, which are under control of SafeGuard Enterprise Device
Encryption, is protected against disclosure and intentional modification. This is achieved by
encrypting the data on the maintained protected devices. The symmetrical encryption algorithms
used comply with standards
AES-128 (CBC mode) and AES-256 (CBC mode).
5
Loading...