McAfee® Email Gateway Appliance Version 7.0.1 NDPP Compliance Security Target Release Date: 8 August 2013 Version: 2.3 niap Prepared By

McAfee Email Gateway Security Target McAfee Incorporated Page 10 of 61 Phishing This category includes sites that typically arriv

McAfee Email Gateway Security Target McAfee Incorporated Page 11 of 61 1.4.2 Acronyms CAVP Cryptographic Algorithm Validation P

McAfee Email Gateway Security Target McAfee Incorporated Page 12 of 61 TSP TOE Security Policy WMC Web Mail Client Table 2 - Acr

McAfee Email Gateway Security Target McAfee Incorporated Page 13 of 61 Figure 1: Architectural Diagram (placement in network)

McAfee Email Gateway Security Target McAfee Incorporated Page 14 of 61 appliance’s core functionality. The core MEG application

McAfee Email Gateway Security Target McAfee Incorporated Page 15 of 61 Hardware Platform 4000-B 4500-B 5000-B 5000-C 5000-C-2U

McAfee Email Gateway Security Target McAfee Incorporated Page 16 of 61 TOE or Environment Component Name Description of Component

McAfee Email Gateway Security Target McAfee Incorporated Page 17 of 61 module based scanning approach. Traffic is first intercept

McAfee Email Gateway Security Target McAfee Incorporated Page 18 of 61 Administrator functions can be managed within the internal

McAfee Email Gateway Security Target McAfee Incorporated Page 19 of 61 events, and/or for identified behavior patterns seen in tra

McAfee Email Gateway Security Target McAfee Incorporated Page 2 of 61 Table of Contents 1 INTRODUCTION ...

McAfee Email Gateway Security Target McAfee Incorporated Page 20 of 61 2 CC Conformance Claim The TOE is Common Criteria (CC) Ver

McAfee Email Gateway Security Target McAfee Incorporated Page 21 of 61 3 TOE Security Problem Definition The TOE is intended to b

McAfee Email Gateway Security Target McAfee Incorporated Page 22 of 61 security mechanisms. T.TSF_FAILURE Security mechanisms o

McAfee Email Gateway Security Target McAfee Incorporated Page 23 of 61 4 Security Objectives This chapter describes the security

McAfee Email Gateway Security Target McAfee Incorporated Page 24 of 61 4.2 Security Objectives for the Environment The security

McAfee Email Gateway Security Target McAfee Incorporated Page 25 of 61 A.NO_GENERAL_PURPOSE A.PHYSICAL A.TRUSTED_ADMIN T.ADMIN_

McAfee Email Gateway Security Target McAfee Incorporated Page 26 of 61 (O.TSF_SELF_TEST). 4.5 Rationale for Organizational Securi

McAfee Email Gateway Security Target McAfee Incorporated Page 27 of 61 5 IT Security Requirements The security requirements that

McAfee Email Gateway Security Target McAfee Incorporated Page 28 of 61 Functional Components FPT_STM.1 Reliable time stamps FPT

McAfee Email Gateway Security Target McAfee Incorporated Page 29 of 61 Management: FAU_STG_EXT.1 The following actions could be co

McAfee Email Gateway Security Target McAfee Incorporated Page 3 of 61 4.6 RATIONALE FOR ASSUMPTION COVERAGE ...

McAfee Email Gateway Security Target McAfee Incorporated Page 30 of 61 a) Minimal: Failure of the activity. FCS_CKM_EXT.4 Crypto

McAfee Email Gateway Security Target McAfee Incorporated Page 31 of 61 FCS_RBG_EXT.1.2 The deterministic RBG shall be seeded with

McAfee Email Gateway Security Target McAfee Incorporated Page 32 of 61 Component levelling FCS_SSH_EXT.1 places specific requi

McAfee Email Gateway Security Target McAfee Incorporated Page 33 of 61 This family is added to the class FCS, and places specific

McAfee Email Gateway Security Target McAfee Incorporated Page 34 of 61 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDHE_ECDSA_WIT

McAfee Email Gateway Security Target McAfee Incorporated Page 35 of 61 This family is added to the class FIA, and combines aspects

McAfee Email Gateway Security Target McAfee Incorporated Page 36 of 61 5.1.9 User authentication (FIA_UAU) Family behaviour This

McAfee Email Gateway Security Target McAfee Incorporated Page 37 of 61 FIA_UAU_EXT.2.1 The TSF shall provide a local password-base

McAfee Email Gateway Security Target McAfee Incorporated Page 38 of 61 Management: FPT_APW_EXT.1 There are no management activitie

McAfee Email Gateway Security Target McAfee Incorporated Page 39 of 61 FPT_TUD_EXT.1.2 The TSF shall provide security administrato

McAfee Email Gateway Security Target McAfee Incorporated Page 4 of 61 Table 5 - Physical Scope and Boundary: Software ...

McAfee Email Gateway Security Target McAfee Incorporated Page 40 of 61 Component levelling FTA_SSL_EXT.1 requires the abil

McAfee Email Gateway Security Target McAfee Incorporated Page 41 of 61 5.2 Security Functional Requirements 5.2.1 Introduction T

McAfee Email Gateway Security Target McAfee Incorporated Page 42 of 61 Requirement Auditable Events Additional Audit Record Conte

McAfee Email Gateway Security Target McAfee Incorporated Page 43 of 61 FAU_STG_EXT.1 External Audit Trail Storage FAU_STG_EXT.1.

McAfee Email Gateway Security Target McAfee Incorporated Page 44 of 61 FCS_COP.1(3) Cryptographic Operation (for cryptographic has

McAfee Email Gateway Security Target McAfee Incorporated Page 45 of 61 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_S

McAfee Email Gateway Security Target McAfee Incorporated Page 46 of 61 FIA_UAU.7 Protected Authentication Feedback FIA_UAU.7.1 T

McAfee Email Gateway Security Target McAfee Incorporated Page 47 of 61 FPT_STM.1 Reliable Time Stamps FPT_STM.1.1 The TSF shall

McAfee Email Gateway Security Target McAfee Incorporated Page 48 of 61 modification of the channel data. FTP_ITC.1.2 The TSF sh

McAfee Email Gateway Security Target McAfee Incorporated Page 49 of 61 Assurance Class Assurance Components ASE_TSS.1 TOE summar

McAfee Email Gateway Security Target McAfee Incorporated Page 5 of 61 Document History Release Number Date Author Details 1.0

McAfee Email Gateway Security Target McAfee Incorporated Page 50 of 61 Security Objective Mapping Rationale are defined (FMT_SMR.

McAfee Email Gateway Security Target McAfee Incorporated Page 51 of 61 Functional Component Dependency Included/Rationale FCS_COP.

McAfee Email Gateway Security Target McAfee Incorporated Page 52 of 61 Functional Component Dependency Included/Rationale FTA_SSL_

McAfee Email Gateway Security Target McAfee Incorporated Page 53 of 61 6 TOE Summary Specification 6.1 TOE Security Functions Th

McAfee Email Gateway Security Target McAfee Incorporated Page 54 of 61 new user roles with defined limited responsibilities. FTA

McAfee Email Gateway Security Target McAfee Incorporated Page 55 of 61 FCS_SSH_EXT.1 SSH The administrator can configure the TOE t

McAfee Email Gateway Security Target McAfee Incorporated Page 56 of 61 Passwords for the administration interface are not stored i

McAfee Email Gateway Security Target McAfee Incorporated Page 57 of 61 An internal clock is provided within the McAfee MEG Applian

McAfee Email Gateway Security Target McAfee Incorporated Page 58 of 61 longer available. FIPS mode is disabled by reinstalling the

McAfee Email Gateway Security Target McAfee Incorporated Page 59 of 61 FCS_TLS_EXT.1 The TOE implements TLS 1.0 (RFC 2246)] suppor

McAfee Email Gateway Security Target McAfee Incorporated Page 6 of 61 1 Introduction This section identifies the Security Target

McAfee Email Gateway Security Target McAfee Incorporated Page 60 of 61 A certificate number will be provided when available. 6.2

McAfee Email Gateway Security Target McAfee Incorporated Page 61 of 61 SFR SFR Name Security Function protection FPT_APW_EXT.1 P

McAfee Email Gateway Security Target McAfee Incorporated Page 7 of 61 1.2.1 Anti-Virus Anti-Virus Scanning -The TOE features an

McAfee Email Gateway Security Target McAfee Incorporated Page 8 of 61 browser access to email traffic that policy has defined as s

McAfee Email Gateway Security Target McAfee Incorporated Page 9 of 61 in e-mail messages. Data Loss Prevention (DLP) Refers to sys