Acronis SCS Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 Security Target Document Version: 0.11 Prepared for: Prepared by: Acronis SCS Corsec Security, Inc. 6370 E. Thomas Road, Suite 250 13921 Park Center Road, Suite 460 Scottsdale, AZ 85251 Herndon, VA 20171 United States of America United States of America Phone: +1 781 782 9000 Phone: +1 703 267 6050 www.acronisscs.com www.corsec.com Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 2 of 41 Table of Contents 1. Introduction.......................................................................................................................................................4 1.1 Purpose .....................................................................................................................................................4 1.2 Security Target and TOE References.........................................................................................................4 1.3 Product Overview......................................................................................................................................5 1.3.1 Product Components........................................................................................................................5 1.4 TOE Overview............................................................................................................................................6 1.4.1 TOE Environment..............................................................................................................................7 1.5 TOE Description.........................................................................................................................................8 1.5.1 Physical Scope ..................................................................................................................................8 1.5.2 Logical Scope ................................................................................................................................. 10 1.5.3 Product Physical/Logical Features and Functionality not included in the TOE............................. 11 1.5.4 Scope of Evaluation....................................................................................................................... 11 2. Conformance Claims....................................................................................................................................... 12 3. Security Problem Definition............................................................................................................................ 13 3.1 Threats ................................................................................................................................................... 13 3.2 Assumptions........................................................................................................................................... 13 3.3 Organizational Security Policies............................................................................................................. 13 4. Security Objectives ......................................................................................................................................... 14 4.1 Security Objectives for the TOE ............................................................................................................. 14 4.2 Security Objectives for the Operational Environment........................................................................... 14 4.3 Security Objectives Rationale ................................................................................................................ 15 5. Extended Components ................................................................................................................................... 16 5.1 Extended TOE Security Functional Components ................................................................................... 16 5.2 Extended TOE Security Assurance Components.................................................................................... 16 6. Security Assurance Requirements.................................................................................................................. 17 7. Security Functional Requirements.................................................................................................................. 18 7.1 Conventions ........................................................................................................................................... 18 7.2 Security Functional Requirements......................................................................................................... 18 7.2.1 Class FCS: Cryptographic Support.................................................................................................. 19 7.2.2 Class FDP: User Data Protection.................................................................................................... 22 7.2.3 Class FIA: Identification and Authentication................................................................................. 23 7.2.4 Class FMT: Security Management................................................................................................. 24 7.2.5 Class FPR: Privacy .......................................................................................................................... 24 7.2.6 Class FPT: Protection of the TSF.................................................................................................... 24 7.2.7 Class FTP: Trusted Path/Channel................................................................................................... 26 8. TOE Summary Specification............................................................................................................................ 27 8.1 TOE Security Functionality ..................................................................................................................... 27 8.1.1 Cryptographic Support .................................................................................................................. 28 8.1.2 User Data Protection..................................................................................................................... 30 8.1.3 Identification and Authentication ................................................................................................. 30 8.1.4 Security Management ................................................................................................................... 31 8.1.5 Privacy ........................................................................................................................................... 32 8.1.6 Protection of the TSF..................................................................................................................... 32 Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 3 of 41 8.1.7 Trusted Path/Channels.................................................................................................................. 33 8.2 Timely Security Updates ........................................................................................................................ 33 9. Rationale......................................................................................................................................................... 35 9.1 Conformance Claims Rationale.............................................................................................................. 35 9.1.1 Variance Between the PP and this ST............................................................................................ 35 9.1.2 Security Assurance Requirements Rationale ................................................................................ 35 10. Acronyms.................................................................................................................................................... 36 Appendix A: Supported Platform APIs..................................................................................................................... 38 Appendix B: Included Third-party Libraries............................................................................................................. 39 List of Figures Figure 1 – Physical TOE Boundary ..............................................................................................................................9 List of Tables Table 1 – ST and TOE References ...............................................................................................................................4 Table 2 – Environmental Components.......................................................................................................................7 Table 3 – Guidance Documentation...........................................................................................................................9 Table 4 – CC and PP Conformance .......................................................................................................................... 12 Table 5 – Threats ..................................................................................................................................................... 13 Table 6 – Assumptions............................................................................................................................................. 13 Table 7 – Security Objectives for the TOE............................................................................................................... 14 Table 8 – Security Objectives for the Operational Environment............................................................................. 15 Table 9 – Extended TOE Security Assurance Components...................................................................................... 16 Table 10 – Security Assurance Requirements ......................................................................................................... 17 Table 11 – TOE Security Functional Requirements ................................................................................................. 18 Table 12 – Mapping of TOE Security Functionality to Security Functional Requirements...................................... 27 Table 13 – Cryptographic Algorithms and Key Sizes ............................................................................................... 28 Table 14 – Acronyms ............................................................................................................................................... 36 Table 15 – Included Third-party Windows Libraries................................................................................................ 39 Table 16 – Included Third-party Linux Libraries ...................................................................................................... 39 Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 4 of 41 1. Introduction This section identifies the Security Target (ST), Target of Evaluation (TOE), and the organization of the ST. The TOE is the Acronis Cyber Backup 12.5 SCS Hardened Edition Agent developed by Acronis SCS and will hereafter be referred to as the TOE throughout this document. The TOE is the Backup Agent component of the Acronis Cyber Backup 12.5 SCS Hardened Edition solution, which consists of a Management Server and multiple Backup Agents. Backup Agents are responsible for performing specific backup, recovery, replication and data-manipulation tasks on their host machines. The Backup Agents are able to work independently from the Management Server to run their scheduled backup operations. 1.1 Purpose This ST is divided into 10 sections, as follows: • Introduction (Section 1) – Provides a brief summary of the ST contents and describes the organization of other sections within this document. It also provides an overview of the TOE security functionality and describes the physical and logical scope for the TOE as well as the ST and TOE references. • Conformance Claims (Section 2) – Provides the identification of any Common Criteria (CC), Protection Profile (PP), and Evaluation Assurance Level (EAL) package claims. It also identifies whether the ST contains extended security requirements. • Security Problem (Section 3) – Describes the threats, organizational security policies, and assumptions that pertain to the TOE and its environment. • Security Objectives (Section 4) – Identifies the security objectives that are satisfied by the TOE and its environment. • Extended Components (Section 5) – Identifies new components (extended Security Functional Requirements (SFRs) and extended Security Assurance Requirements (SARs)) that are not included in CC Part 2 or CC Part 3. • Security Assurance Requirements (Section 6) – Presents the SARs met by the TOE. • Security Functional Requirements (Section 7) – Presents the SFRs met by the TOE. • TOE Summary Specification (Section 8) – Describes the security functions provided by the TOE that satisfy the SFRs and objectives. • Rationale (Section 9) – Presents the conformance claims rationale for the selected PP. • Acronyms (Section 10) – Defines the acronyms used within this ST. 1.2 Security Target and TOE References Table 1 below shows the ST and TOE references. Table 1 – ST and TOE References ST Title Acronis SCS Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 Security Target ST Version Version 0.10 ST Author Corsec Security, Inc. ST Publication Date July 16, 2020 Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 5 of 41 TOE Reference Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 1.3 Product Overview The Product Overview provides a high-level description of the product that is the subject of the evaluation. The following section, TOE Overview, will provide the introduction to the parts of the overall product offering that are specifically being evaluated. Acronis Cyber Backup 12.5 SCS Hardened Edition is an advanced data protection solution that provides reliable backup and recovery of physical, virtual, and cloud workloads with a wide range of storage options. It may be used to protect data residing on-premises, in remote locations, in the cloud, and on mobile devices. Centralized and remote management of backups is performed via the Management Server’s web-based Management Console, with customizable dashboards, advanced reporting, and auditing. Backup Agents installed on protected platforms perform data backup and recovery of physical or virtual machines, hypervisors, applications, and mobile devices. Acronis Cyber Backup 12.5 SCS Hardened Edition supports application-aware backup and recovery features for Oracle database, Microsoft Office 365, Microsoft Exchange, Microsoft SQL1 Server, Microsoft SharePoint, and Microsoft Active Directory. Acronis Cyber Backup 12.5 SCS Hardened Edition may be deployed in an on-premise or cloud configuration. With the on-premise configuration, the Management Server is installed on a customer’s local network. With the cloud configuration, it is installed in a secure Acronis Data Center. Both the Management Server and Backup Agents are supported on both Windows and Linux platforms. Acronis Cyber Backup 12.5 SCS Hardened Edition includes the Acronis SCS Cryptographic Library and Acronis SCS Protocol Library in both the Management Server and Backup Agents. They provide the underlying cryptographic and protocol functionality necessary to support the use of secure communications protocols, encrypted backups, and secure file sharing. 1.3.1 Product Components The following paragraphs provide a brief description of the product components. 1.3.1.1 Management Server The Management Server provides the means to configure, monitor, and manage backups and provides the web server (Web UI) for the Management Console. The Management Server is comprised of a number of management services responsible for management functions of Acronis Cyber Backup 12.5 SCS Hardened Edition. The Management Server also includes an API2 Gateway to communicate with the Backup Agents. The Management Server does not actually perform backup, recovery, or other data-manipulation operations. These are performed by the Backup Agents installed on each protected machine. The Management Console allows an administrator to create a backup plan, or set of rules, to specify how data will be backed up on a given machine. This includes specifying what to back up (for example, disks or volumes), where to back it up to, and the schedule (by event or time) for backups. The same backup plan can be applied to groups 1 SQL – Structured Query Language 2 API – Application Programming Interface Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 6 of 41 of machines of the same type to simplify management of a large number of machines. Backup infrastructures can be organized into departments allowing for role-based administration of separate resources. The Management Server also allows a user to recover an entire machine or individual files, folders, VM3 s, or databases from a backup. The Management Server uses a built-in SQLite database by default to store its operational data but may be configured at installation to use Microsoft SQL server instead. The Acronis Cyber Backup 12.5 SCS Hardened Edition Monitoring Service provides monitoring and reporting features. Its dashboard provides a number of customizable, dynamic widgets that give an overview of a backup infrastructure and backed-up devices, allowing an administrator to easily monitor the current state of a backup infrastructure. The reporting feature generates on-demand and scheduled reports about the backup infrastructure. The Reports section is available only with an Advanced license. The option to install the Monitoring Service component is provided through a custom install. If installed, the Management Console will show Dashboard and Reports sections under the Overview tab. 1.3.1.2 Backup Agents Backup Agents are installed as a number of services to perform the actual backup and recovery operations on each machine that requires protection. They are typically installed on each machine that requires protection and then added to the Management Server. However, they are able to operate independently from the Management Server. Backup Agents are supported on both Windows and Linux OS4 s. Different agent types are used to protect different data sources, but they all share the same architecture, communication protocols, and the vast majority of the functionality. A command-line interface (CLI) is installed with the Backup Agents to allow for management of the Backup Agents separately from the Management Console. 1.3.1.3 Version-Check Tool A separately installed version-check tool can be found in Acronis’s GitHub repository to allow the user to check the version of the Backup Agent currently running on the platform. If an internet connection is present, the script will compare the Backup Agent’s installed version to the version in the repository and display whether or not an update is available. If no internet connection is present, the script will compare the Backup Agent’s version against the version contained within the script and display whether or not an update is available. 1.4 TOE Overview The TOE Overview summarizes the usage and major security features of the TOE. The TOE Overview provides a context for the TOE evaluation by identifying the TOE type, describing the product, and defining the specific evaluated configuration. The software-only TOE is the Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5. It is a standalone software application that runs on both Windows and Linux operating systems and provides backup and restore functionality for the host machine. Its security features include securely storing the application token, checking for updates and patches to the application software, using a digital signature to protect the integrity of the installation and update files, versioning the software with SWID tags, and using anti-exploitation capabilities such as not mapping memory to explicit addresses, file permission protections, and stack buffer overflow protections. 3 VM – Virtual Machine 4 OS – Operating System Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 7 of 41 It also secures communications between itself and the Management Server. The TOE implements the cryptographic functionality for cryptographic services, including TLS5 v1.2, through its embedded Acronis SCS Cryptographic Library and Acronis SCS Protocol Library. The TOE also includes the separately downloaded version- check tool that will query the current version of the TOE and report if an update is available. In the evaluated configuration, the TOE is setup in two configurations: one where the Windows Agent is installed on a Windows 10 machine that is on a network connected to the Management Server in the TOE environment, and the other is where the Linux Agent is installed on a RHEL v7.6 machine on a network connected to the Management Server in the TOE environment. Note that both of these configurations can be setup and used on the same network and use the same Management Server without interfering with each other. Both setups will also include separate installations of the version-check tool on the same machine as the Backup Agent. The Protection Profile for Application Software specifies several use cases that may be implemented by conformant TOEs. The Acronis Cyber Backup 12.5 SCS Hardened Edition Agent is considered to implement both content creation and content consumption. 1.4.1 TOE Environment Table 2 defines the environmental component requirements. In the evaluated configuration, the TOE is provided as an Acronis Cyber Backup 12.5 SCS Hardened Edition setup program. The TOE is installed on a computer running either Microsoft Windows 10 or RHEL v7.6. Table 2 – Environmental Components Component Requirements Management Server This machine is used to host the Management Server software and Monitoring Service. The following are required: • Microsoft Windows Server 2016 OS • Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 software with licenses • 200 MB6 of RAM7 and 1.7 GB8 of free space on the system volume • Intel Xeon E-2136 CPU9 Windows Agent Computer This machine is a general-purpose computer that will have the Windows Agent installed on it. The following are required: • Microsoft Windows 10 OS • Acronis Cyber Backup 12.5 SCS Hardened Edition Agent for Windows v12.5 software • Acronis SCS Version-check v1.8 • 720 MB disk space and 130 MB RAM • Intel Core i7-8650U CPU 5 TLS – Transport Layer Security 6 MB – Megabyte 7 RAM – Random-Access Memory 8 GB – Gigabyte 9 CPU – Central Processing Unit Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 8 of 41 Component Requirements Linux Agent Computer This machine is a general-purpose computer that will have the Linux Agent installed on it. The following are required: • RHEL v7.6 OS • Acronis Cyber Backup 12.5 SCS Hardened Edition Agent for Linux v12.5 software • Acronis SCS Version-check v1.8 • 850 MB disk space and 150 MB RAM • Intel Core i5-8350U CPU CA10 Server A CA server is used for certificate creation/signing and to host the CRL11 for certificate validation. This connection is over HTTP12. No specific CA server is required as long as it follows RFC 5280. The TOE relies on an embedded SQLite database to store configuration data that is downloaded from the Management Server. This database is part of the TOE. 1.5 TOE Description This section primarily addresses the physical and logical components of the TOE that are included in the evaluation. 1.5.1 Physical Scope Figure 1 illustrates the physical scope and the physical boundary of the overall solution and ties together all of the components of the software-only TOE and the constituents of the TOE environment. 10 CA – Certificate Authority 11 CRL – Certificate Revocation List 12 HTTP – Hypertext Transfer Protocol Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 9 of 41 Figure 1 – Physical TOE Boundary The TOE Boundary includes all the Acronis SCS developed parts of the Acronis Cyber Backup 12.5 SCS Hardened Edition Agent product. Any third-party source code or software that Acronis SCS has modified is considered to be TOE Software. 1.5.1.1 Guidance Documentation Table 3 lists the TOE Guidance Documentation to install, configure, and maintain the TOE. Table 3 – Guidance Documentation Document Name Description Acronis SCS Acronis Cyber Backup 12.5 SCS Hardened Edition User Guide Contains steps for the basic initialization and setup of the TOE. Also contains guidance on how to use and maintain the TOE. Acronis SCS Acronis Cyber Backup 12.5 SCS Hardened Edition Command-Line Reference Acronis SCS Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 Guidance Documentation Supplement Document Version: 0.10 Contains information regarding specific configuration for the TOE evaluated configuration. Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 10 of 41 1.5.2 Logical Scope The logical boundary of the TOE is broken down into the following security classes, which are further described in Sections 7 and 8 of this ST. The logical scope also provides the description of the security features of the TOE. The SFRs implemented by the TOE are usefully grouped under the following Security Function Classes. 1.5.2.1 Cryptographic Support The TOE provides cryptographic functions to secure sessions between the Management Server and the TOE using TLS v1.2. The Acronis SCS Cryptographic Library and Acronis SCS Protocol Library are used to provide the required algorithms and protocols for all cryptographic operations. The TOE also stores its application token in the Windows Data Protection API (DPAPI) and the Linux keyring, depending on the OS. 1.5.2.2 User Data Protection The TOE protects sensitive data in non-volatile memory according to the requirements in FCS_STO_EXT.1. The TOE restricts its access to network connectivity provided by the platform’s hardware resources. Specifically, it will only use network connectivity for connections from itself to the Management Server, from itself to the CA server, and from itself to GitHub for version checking. The TOE does not access any of the platform’s sensitive information repositories. 1.5.2.3 Identification and Authentication To facilitate secure communications using TLS, the TOE provides a mechanism to validate X.509v3 certificates as defined by RFC13 5280. The TOE uses a CRL to check the certificate’s revocation status and will not permit certificates to be used when the CRL is not available or if the certificate is invalid. 1.5.2.4 Security Management The TOE does not provide default credentials. It uses the service accounts on the platform and does not have an authenticated user interface. The TOE does not provide any management features that write or change settings. Non-security-related settings are stored on the Management Server and are queried when performing tasks. The TOE and its data are protected against unauthorized access by default file permissions. Section 8.1.4 provides a list of security-relevant management functions provided by the TOE. 1.5.2.5 Privacy The TOE does not transmit personally identifiable information (PII). 1.5.2.6 Protection of the TSF The TOE does not allocate memory with both write and execute permissions and does not write user-modifiable files to directories that contain executable files. The TOE is compiled with the /GS flag to enable stack-based buffer overflow protection on the Windows Agent and Stack Smashing Protector (SSP) on the Linux Agent. Both agents are compatible with their platform’s security features. The TOE uses standard platform APIs and includes only the third-party libraries it needs to perform its functionality. The TOE is versioned with SWID14 tags that comply with the minimum requirements from ISO15 /IEC16 19770-2:2015 and provides the ability to check for updates to the application software. 13 RFC – Request for Comments 14 SWID – Software Identification 15 ISO – International Organization for Standardization 16 IEC – International Electrotechnical Commission Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 11 of 41 The TOE is distributed as an additional software package to the platform OS. The TOE is packaged such that its removal results in the deletion of all traces of the application, except for configuration settings, output files, and audit/log events. The TOE does not download, modify, replace or update its own binary code. 1.5.2.7 Trusted Path/Channels The TOE provides trusted channels using its cryptographic functions to encrypt transmitted sensitive data. The TOE secures communications using TLS v1.2 between itself and the Management Server. 1.5.3 Product Physical/Logical Features and Functionality not included in the TOE Features and Functionality that are not part of the evaluated configuration of the TOE are: • Remote and cloud storage locations • Cloud configuration deployments • Functionality of the Management Server 1.5.4 Scope of Evaluation The evaluation is limited in scope to the secure features described in the Protection Profile for Application Software v1.3; March 01, 2019 (AS PP) and the Functional Package for Transport Layer Security (TLS), Version 1.1, 12 February 2019 (TLS-PKG) and detailed in Section 1.5.2. Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 12 of 41 2. Conformance Claims This section provides the identification for any CC, PP, Technical Decisions (TD), and EAL package conformance claims. Rationale is provided for any extensions or augmentations to the conformance claims. Rationale for CC and PP conformance claims can be found in Section 9.1. Table 4 – CC and PP Conformance Common Criteria (CC) Identification and Conformance Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017; CC Part 2 extended; CC Part 3 extended; PP claim to the Protection Profile for Application Software v1.3; March 01, 2019 conformant; Functional Package for Transport Layer Security (TLS), Version 1.1, 12 February 2019. PP Identification Exact Conformance17 to the Protection Profile for Application Software v1.3; March 01, 2019 and the Functional Package for Transport Layer Security (TLS), Version 1.1, 12 February 2019. TD Conformance Conformance to the following TDs and Technical Queries are claimed for the Application Software PP: • TD0521: Updates to Certificate Revocation (FIA_X509_EXT.1) • TD0519: Linux symbolic links and FMT_CFG_EXT.1 • TD0498: Application Software PP Security Objectives and Requirements Rationale • TD0495: FIA_x509_EXT.1.2 Test Clarification • TD0465: Configuration Storage for .NET Apps • TD0445: User Modifiable File Definition • TD0437: Supported Configuration Mechanism • TD0435: Alternative to SELinux for FPT_AEX_EXT.1.3 • TD0434: Windows Desktop Applications Test • TD0427: Reliable Time Source • TD0416: Correction to FCS_RBG_EXT.1 Test Activity Conformance to the following TDs is claimed for the TLS functional package: • TD0442: Updated TLS Ciphersuites for TLS Package • TD0513: CA Certificate loading • TD0499: Testing with pinned certificates 17 Exact Conformance is a type of strict conformance such that the set of SFRs and the SPD/Objectives are exactly as presented within the accepted PP and Extended PP without changes. Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 13 of 41 3. Security Problem Definition This section describes the security aspects of the environment in which the TOE will be used and the manner in which the TOE is expected to be employed. It provides the statements for the TOE security environment’s threats, assumptions, and Organizational Security Policies (OSPs) as identified in the AS PP. 3.1 Threats Table 5 describes the threats that the TOE is expected to address as defined in the AS PP. Table 5 – Threats Threat Description T.LOCAL_ATTACK An attacker can act through unprivileged software on the same computing platform on which the application executes. Attackers may provide maliciously formatted input to the application in the form of files or other local communications. T.NETWORK_ATTACK An attacker is positioned on a communications channel or elsewhere on the network infrastructure. Attackers may engage in communications with the application software or alter communications between the application software and other endpoints in order to compromise it. T.NETWORK_EAVESDROP An attacker is positioned on a communications channel or elsewhere on the network infrastructure. Attackers may monitor and gain access to data exchanged between the application and other endpoints. T.PHYSICAL_ACCESS An attacker may try to access sensitive data at rest. 3.2 Assumptions Table 6 describes the assumptions that are assumed to exist in the TOE’s operating environment as defined in the AS PP. Table 6 – Assumptions Assumption Description A.PLATFORM The TOE relies upon a trustworthy computing platform with a reliable time clock for its execution. This includes the underlying platform and whatever runtime environment it provides to the TOE. A.PROPER_ADMIN The administrator of the application software is not careless, willfully negligent or hostile, and administers the software in compliance with the applied enterprise security policy. A.PROPER_USER The user of the application software is not willfully negligent or hostile, and uses the software in compliance with the applied enterprise security policy. 3.3 Organizational Security Policies There are no OSPs defined in the AS PP. Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 14 of 41 4. Security Objectives This section identifies the security objectives for the TOE and its supporting environment. 4.1 Security Objectives for the TOE Table 7 describes the security objectives that the TOE is required to meet as defined in the AS PP. Table 7 – Security Objectives for the TOE Objective Description O.INTEGRITY Conformant TOEs ensure the integrity of their installation and update packages, and also leverage execution environment-based mitigations. Software is seldom, if ever, shipped without errors. The ability to deploy patches and updates to fielded software with integrity is critical to enterprise network security. Processor manufacturers, compiler developers, execution environment vendors, and operating system vendors have developed execution environment-based mitigations that increase the cost to attackers by adding complexity to the task of compromising systems. Application software can often take advantage of these mechanisms by using APIs provided by the runtime environment or by enabling the mechanism through compiler or linker options. Addressed by: FDP_DEC_EXT.1, FMT_CFG_EXT.1, FPT_AEX_EXT.1, FPT_TUD_EXT.1 O.MANAGEMENT To facilitate management by users and the enterprise, conformant TOEs provide consistent and supported interfaces for their security-relevant configuration and maintenance. This includes the deployment of applications and application updates through the use of platform-supported deployment mechanisms and formats, as well as providing mechanisms for configuration. This also includes providing control to the user regarding disclosure of any PII. Addressed by: FMT_SMF.1, FPT_IDV_EXT.1, FPT_TUD_EXT.1, FPR_ANO_EXT.1, FCS_COP.1(3) O.PROTECTED_COMMS To address both passive (eavesdropping) and active (packet modification) network attack threats, conformant TOEs will use a trusted channel for sensitive data. Sensitive data includes cryptographic keys, passwords, and any other data specific to the application that should not be exposed outside of the application. Addressed by: FTP_DIT_EXT.1, FCS_RBG_EXT.1, FCS_RBG_EXT.2, FCS_CKM_EXT.1, FCS_CKM.2, FCS_HTTPS_EXT.1, FDP_NET_EXT.1, FIA_X509_EXT.1 O.PROTECTED_STORAGE To address the issue of loss of confidentiality of user data in the event of loss of physical control of the storage medium, conformant TOEs will use data-at-rest protection. This involves encrypting data and keys stored by the TOE in order to prevent unauthorized access to this data. This also includes unnecessary network communications whose consequence may be the loss of data. Addressed by: FDP_DAR_EXT.1, FCS_STO_EXT.1, FCS_RBG_EXT.1, FCS_CKM.1(3), FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(4) O.QUALITY To ensure quality of implementation, conformant TOEs leverage services and APIs provided by the runtime environment rather than implementing their own versions of these services and APIs. This is especially important for cryptographic services and other complex operations such as file and media parsing. Leveraging this platform behavior relies upon using only documented and supported APIs. Addressed by: FMT_MEC_EXT.1, FPT_API_EXT.1, FPT_API_EXT.2, FPT_LIB_EXT.1, FPT_TUD_EXT.2, FCS_CKM.1(1) 4.2 Security Objectives for the Operational Environment Table 8 describes the security objectives that the TOE’s operating environment is required to meet as defined in the AS PP. Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 15 of 41 Table 8 – Security Objectives for the Operational Environment Assumption Description OE.PLATFORM The TOE relies upon a trustworthy computing platform for its execution. This includes the underlying operating system and any discrete execution environment provided to the TOE. OE.PROPER_ADMIN The administrator of the application software is not careless, willfully negligent or hostile, and administers the software within compliance of the applied enterprise security policy. OE.PROPER_USER The user of the application software is not willfully negligent or hostile, and uses the software within compliance of the applied enterprise security policy. 4.3 Security Objectives Rationale Please refer to section 4.3 of the AS PP for a description of how the assumptions, threats, and organizational security policies map to the security objectives defined in the AS PP. Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 16 of 41 5. Extended Components This section defines the extended SFRs and extended SARs met by the TOE. 5.1 Extended TOE Security Functional Components Table 11 in section 7.2 below identifies the extended SFRs implemented by the TOE. These extended SFRs’ definitions are not repeated in this ST because they are taken directly from the AS PP and TLS-PKG. 5.2 Extended TOE Security Assurance Components Table 9 identifies the extended SARs claimed for the TOE. These extended SARs’ definitions are taken directly from the AS PP and are not repeated in this ST. Table 9 – Extended TOE Security Assurance Components Name Description ALC_TSU_EXT.1 Timely Security Updates Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 17 of 41 6. Security Assurance Requirements The AS PP identifies the SARs to frame the extent to which the evaluator assesses the documentation applicable for the evaluation and performs independent testing. This section lists the set of SARs that are required in evaluations against the AS PP. The AS PP is conformant to Parts 2 (extended) and 3 (extended) of CC V3.1, Revision 5. The general model for evaluation of TOEs against STs written to conform to PPs is as follows: after the ST has been approved for evaluation, the ITSEF18 will obtain the TOE, supporting environment (if required), and the guidance documentation for the TOE. The ITSEF is expected to perform actions mandated by the Common Evaluation Methodology (CEM) for the ASE and ALC SARs. The ITSEF also performs the Assurance Activities contained within the AS PP. The Assurance Activities that are captured in the AS PP also provide clarification as to what the developer needs to provide to demonstrate the TOE is compliant with the PP. The TOE security assurance requirements are identified in Table 10. Table 10 – Security Assurance Requirements Assurance Requirements Security Target (ASE) Conformance claims (ASE_CCL.1) Extended components definition (ASE_ECD.1) ST introduction (ASE_INT.1) Security objectives (ASE_OBJ.1) Security requirements (ASE_REQ.1) Security problem definition (ASE_SPD.1) TOE summary specification (ASE_TSS.1) Development (ADV) Basic functional specification (ADV_FSP.1) Guidance documents (AGD) Operational user guidance (AGD_OPE.1) Preparative procedures (AGD_PRE.1) Life Cycle Support (ALC) Labeling of the TOE (ALC_CMC.1) TOE CM19 coverage (ALC_CMS.1) Timely Security Updates (ALC_TSU_EXT.1) Tests (ATE) Independent testing – Conformance (ATE_IND.1) Vulnerability assessment (AVA) Vulnerability survey (AVA_VAN.1) 18 ITSEF – Information Technology Security Evaluation Facility 19 CM – Configuration Management Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 18 of 41 7. Security Functional Requirements The individual SFRs are specified in the sections below. SFRs in this section are mandatory SFRs that any conformant TOE must meet. Based on selections made in these SFRs, it will also be necessary to include some of the selection-based SFRs in Appendix B. Optional or Objective SFRs may also be adopted from those listed in Appendix A and Appendix C respectively. The Assurance Activities defined in AS PP describe actions that the evaluator will take in order to determine compliance of a particular TOE with the SFRs. The content of these Assurance Activities will therefore provide more insight into deliverables required from TOE Developers. 7.1 Conventions The conventions used in descriptions of the SFRs are as follows: • Refinement: Indicated with bold text (e.g., [refinement]). • Selection: Indicated with underlined text surrounded by brackets (e.g., [selection]). • Assignment: Indicated with italicized text surrounded by brackets (e.g., [assignment]). • Assignment within a Selection: Indicated with italicized and underlined text surrounded by brackets (e.g., [assignment within a selection]). • Refinement within a Selection: Indicated with bold and underlined text surrounded by brackets (e.g., [assignment within a selection]). • Iteration: Indicated by appending the iteration number in parenthesis, e.g., (1), (2), (3). • Extended SFRs are identified by having a label ‘EXT’ at the end of the SFR name. Operations such as assignments and selections performed by the PP author are identified as shown above; however, they do not appear within brackets. This is done intentionally to delineate between selections or assignments made by the PP author and those made by the ST author. No refinements have been made by the ST author other than grammatical and formatting corrections, or those made in places where a table reference differs from that of the PP. 7.2 Security Functional Requirements This section specifies the SFRs for the TOE and organizes the SFRs by CC class. Table 11 identifies all SFRs implemented by the TOE and indicates the ST operations performed on each requirement. Note that some column headers use the following abbreviations: S=Selection; A=Assignment; R=Refinement; I=Iteration. Table 11 – TOE Security Functional Requirements Name Description S A R I Required SFRs FCS_RBG_EXT.1 Random Bit Generation Services ✓ FCS_CKM_EXT.1 Cryptographic Key Generation Services ✓ FCS_STO_EXT.1 Storage of Credentials ✓ ✓ Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 19 of 41 Name Description S A R I FDP_DAR_EXT.1 Encryption of Sensitive Application Data ✓ FDP_DEC_EXT.1 Access to Platform Resources ✓ ✓ FDP_NET_EXT.1 Network Communications ✓ ✓ FMT_CFG_EXT.1 Secure by Default Configuration FMT_MEC_EXT.1 Supported Configuration Mechanism FMT_SMF.1 Specification of Management Functions ✓ ✓ FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information ✓ FPT_AEX_EXT.1 Anti-Exploitation Capabilities ✓ ✓ FPT_API_EXT.1 Use of Supported Services and APIs FPT_IDV_EXT.1 Software Identification and Versions ✓ ✓ FPT_LIB_EXT.1 User of Third Party Libraries ✓ FPT_TUD_EXT.1 Integrity for Installation and Update ✓ FTP_DIT_EXT.1 Protection of Data in Transit ✓ Selection-based SFRs FCS_CKM.1(1) Cryptographic Asymmetric Key Generation ✓ ✓ ✓ FCS_CKM.2 Cryptographic Key Establishment ✓ ✓ FCS_COP.1(1) Cryptographic Operation – Encryption/Decryption ✓ ✓ ✓ FCS_COP.1(2) Cryptographic Operation – Hashing ✓ ✓ ✓ FCS_COP.1(3) Cryptographic Operation – Signing ✓ ✓ ✓ FCS_COP.1(4) Cryptographic Operation – Keyed-Hash Message Authentication ✓ ✓ ✓ ✓ FCS_RBG_EXT.2 Random Bit Generation from Application ✓ FCS_TLS_EXT.1 TLS Protocol ✓ FCS_TLSC_EXT.1 TLS Client Protocol ✓ FCS_TLSC_EXT.4 TLS Client Support for Renegotiation FCS_TLSC_EXT.5 TLS Client Support for Supported Groups Extension ✓ FIA_X509_EXT.1 X.509 Certificate Validation ✓ FIA_X509_EXT.2 X.509 Certificate Authentication ✓ FPT_TUD_EXT.2 Integrity for Installation and Update 7.2.1 Class FCS: Cryptographic Support FCS_CKM.1(1) Cryptographic Asymmetric Key Generation FCS_CKM.1.1(1) The application shall [implement functionality] to generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm [ Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 20 of 41 • RSA20 schemes using cryptographic key sizes of 2048 bit or greater that meet the following: FIPS PUB21 186-4, "Digital Signature Standard (DSS), Appendix B.3", • ECC22 schemes using “NIST23 curves” P-256, P-384 and [P-521] that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4 ]. FCS_CKM.2 Cryptographic Key Establishment FCS_CKM.2.1 The application shall [implement functionality] to perform cryptographic key establishment in accordance with a specified cryptographic key establishment method: [ • RSA-based key establishment schemes that meets the following: RSAES-PKCS1-v1_5 as specified in Section 7.2 of RFC 8017, “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1”, • Elliptic curve-based key establishment schemes that meets the following: NIST Special Publication 800-56A, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”, ]. FCS_CKM_EXT.1 Cryptographic Key Generation Services FCS_CKM_EXT.1.1 The application shall [implement asymmetric key generation]. FCS_COP.1(1) Cryptographic Operation – Encryption/Decryption FCS_COP.1.1(1) The application shall perform encryption/decryption in accordance with a specified cryptographic algorithm [ • AES24 -GCM25 (as defined in NIST SP26 800-38D) mode ] and cryptographic key sizes [128-bit, 256-bit] . FCS_COP.1(2) Cryptographic Operation – Hashing FCS_COP.1.1(2) The application shall perform cryptographic hashing services in accordance with a specified cryptographic algorithm [SHA27 -256, SHA-384] and message digest sizes [256, 384] bits that meet the following: FIPS Pub 180-4. FCS_COP.1(3) Cryptographic Operation – Signing FCS_COP.1.1(3) 20 RSA – Rivest, Shamir, Adleman 21 PUB – Publication 22 ECC – Elliptic Curve Cryptography 23 NIST – National Institute of Standards and Technology 24 AES – Advanced Encryption Standard 25 GCM – Galois Counter Mode 26 SP – Special Publication 27 SHA – Secure Hash Algorithm Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 21 of 41 The application shall perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm [ • RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section 4 ]. FCS_COP.1(4) Cryptographic Operation – Keyed-Hash Message Authentication FCS_COP.1.1(4) The application shall perform keyed-hash message authentication in accordance with a specified cryptographic algorithm • HMAC28 -SHA-256 and [ • SHA-384 ] with key sizes [256, 384] and message digest sizes 256 and [384] bits that meet the following: FIPS Pub 198-1 The Keyed-Hash Message Authentication Code and FIPS Pub 180-4 Secure Hash Standard. FCS_RBG_EXT.1 Random Bit Generation Services FCS_RBG_EXT.1.1 The application shall [implement DRBG29 functionality] for its cryptographic operations. FCS_RBG_EXT.2 Random Bit Generation from Application FCS_RBG_EXT.2.1 The application shall perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using [CTR30 _DRBG (AES)]. FCS_RBG_EXT.2.2 The deterministic RBG31 shall be seeded by an entropy source that accumulates entropy from a platform- based DRBG and [a hardware-based noise source] with a minimum of [256 bits] of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate. FCS_STO_EXT.1 Storage of Credentials FCS_STO_EXT.1.1 The application shall [invoke the functionality provided by the platform to securely store [the application token]] to non-volatile memory. FCS_TLS_EXT.1 TLS Protocol FCS_TLS_EXT.1.1 The product shall implement [TLS as a client]. FCS_TLSC_EXT.1 TLS Client Protocol FCS_TLSC_EXT.1.1 28 HMAC – Hash-based Message Authentication Code 29 DRBG – Deterministic Random Bit Generator 30 CTR – Counter Mode 31 RBG – Random Bit Generation Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 22 of 41 The product shall implement TLS 1.2 (RFC 5246) and [no earlier TLS versions] as a client that supports the cipher suites [ • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288, • TLS_ECDHE32 _RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289, • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289, ] and also supports functionality for [session renegotiation]. FCS_TLSC_EXT.1.2 The product shall verify that the presented identifier matches the reference identifier according to RFC 6125. FCS_TLSC_EXT.1.3 The product shall not establish a trusted channel if the server certificate is invalid [with no exceptions]. FCS_TLSC_EXT.4 TLS Client Support for Renegotiation FCS_TLSC_EXT.4.1 The product shall support secure renegotiation through use of the “renegotiation_info” TLS extension in accordance with RFC 5746. FCS_TLSC_EXT.5 TLS Client Support for Supported Groups Extension FCS_TLS_EXT.5.1 The product shall present the Supported Groups Extension in the Client Hello with the supported groups [ • secp256r1, • secp384r1, • secp521r1, ]. 7.2.2 Class FDP: User Data Protection FDP_DAR_EXT.1 Encryption of Sensitive Application Data FDP_DAR_EXT.1.1 The application shall [protect sensitive data in accordance with FCS_STO_EXT.1] in non-volatile memory. FDP_DEC_EXT.1 Access to Platform Resources FDP_DEC_EXT.1.1 The application shall restrict its access to [network connectivity]. FDP_DEC_EXT.1.2 The application shall restrict its access to [no sensitive information repositories]. FDP_NET_EXT.1 Network Communications FDP_NET_EXT.1.1 32 ECDHE – Elliptic Curve Diffie Hellman Ephemeral Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 23 of 41 The application shall restrict network communication to [ • user-initiated communication for [checking for updates], • [application-initiated TLS connections to the Management Server for configuration updates and HTTP network communication for access to a CA server] ]. 7.2.3 Class FIA: Identification and Authentication FIA_X509_EXT.1 X.509 Certificate Validation FIA_X509_EXT.1.1 The application shall [implement functionality] to validate certificates in accordance with the following rules: • RFC 5280 certificate validation and certificate path validation. • The certificate path must terminate with a trusted CA certificate. • The application shall validate a certificate path by ensuring the presence of the basicConstraints extension, that the CA flag is set to TRUE for all CA certificates, and that any path constraints are met. • The application shall validate that any CA certificate includes caSigning purpose in the key usage field. • The application shall validate the revocation status of the certificate using [CRL as specified in RFC 5280 Section 6.3] • The application shall validate the extendedKeyUsage (EKU) field according to the following rules: o Certificates used for trusted updates and executable code integrity verification shall have the Code Signing purpose (id-kp 3 with OID 1.3.6.1.5.5.7.3.3) in the extendedKeyUsage field. o Server certificates presented for TLS shall have the Server Authentication purpose (id-kp 1 with OID 1.3.6.1.5.5.7.3.1) in the EKU field. o Client certificates presented for TLS shall have the Client Authentication purpose (id- kp 2 with OID 1.3.6.1.5.5.7.3.2) in the EKU field. o S/MIME certificates presented for email encryption and signature shall have the Email Protection purpose (id-kp 4 with OID 1.3.6.1.5.5.7.3.4) in the EKU field. o OCSP certificates presented for OCSP responses shall have the OCSP Signing purpose (id-kp 9 with OID 1.3.6.1.5.5.7.3.9) in the EKU field. o Server certificates presented for EST shall have the CMC Registration Authority (RA) purpose (id-kp-cmcRA with OID 1.3.6.1.5.5.7.3.28) in the EKU field. FIA_X509_EXT.1.2 The application shall treat a certificate as a CA certificate only if the basicConstraints extension is present and the CA flag is set to TRUE. FIA_X509_EXT.2 X.509 Certificate Authentication FIA_X509_EXT.2.1 The application shall use X.509v3 certificates as defined by RFC 5280 to support authentication for [TLS]. FIA_X509_EXT.2.2 Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 24 of 41 When the application cannot establish a connection to determine the validity of a certificate, the application shall [not accept the certificate]. 7.2.4 Class FMT: Security Management FMT_CFG_EXT.1 Secure by Default Configuration FMT_CFG_EXT.1.1 The application shall provide only enough functionality to set new credentials when configured with default credentials or no credentials. FMT_CFG_EXT.1.2 The application shall be configured by default with file permissions which protect the application binaries and data files from modification by normal unprivileged users. FMT_MEC_EXT.1 Supported Configuration Mechanism FMT_MEC_EXT.1.1 The application shall [invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.] FMT_SMF.1 Specification of Management Functions FMT_SMF.1.1 The TSF shall be capable of performing the following management functions [ • [Query the version of the TOE • Check for updates to the TOE] ]. 7.2.5 Class FPR: Privacy FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information FPR_ANO_EXT.1.1 The application shall [not transmit PII over a network]. 7.2.6 Class FPT: Protection of the TSF FPT_AEX_EXT.1 Anti-Exploitation Capabilities FPT_AEX_EXT.1.1 The application shall not request to map memory at an explicit address except for [no explicit exceptions]. FPT_AEX_EXT.1.2 The application shall [not allocate any memory region with both write and execute permissions]. FPT_AEX_EXT.1.3 The application shall be compatible with security features provided by the platform vendor. Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 25 of 41 FPT_AEX_EXT.1.4 The application shall not write user-modifiable files to directories that contain executable files unless explicitly directed by the user to do so. FPT_AEX_EXT.1.5 The application shall be built with stack-based buffer overflow protection enabled. FPT_API_EXT.1 Use of Supported Services and APIs FPT_API_EXT.1.1 The application shall use only documented platform APIs. FPT_IDV_EXT.1 Software Identification and Versions FPT_IDV_EXT.1.1 The application shall be versioned with [SWID tags that comply with minimum requirements from ISO/IEC 19770-2:2015]. FPT_LIB_EXT.1 User of Third Party Libraries FPT_LIB_EXT.1.1 The application shall be packaged with only [the list of third-party libraries in Appendix B: Included Third- Party Libraries]. FPT_TUD_EXT.1 Integrity for Installation and Update FPT_TUD_EXT.1.1 The application shall [provide the ability] to check for updates and patches to the application software. FPT_TUD_EXT.1.2 The application shall [provide the ability] to query the current version of the application software. FPT_TUD_EXT.1.3 The application shall not download, modify, replace or update its own binary code. FPT_TUD_EXT.1.4 The application installation package and its updates shall be digitally signed such that its platform can cryptographically verify them prior to installation. FPT_TUD_EXT.1.5 The application is distributed [as an additional software package to the platform OS]. FPT_TUD_EXT.2 Integrity for Installation and Update FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager. FPT_TUD_EXT.2.2 The application shall be packaged such that its removal results in the deletion of all traces of the application, with the exception of configuration settings, output files, and audit/log events. Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 26 of 41 7.2.7 Class FTP: Trusted Path/Channel FTP_DIT_EXT.1 Protection of Data in Transit FTP_DIT_EXT.1.1 The application shall [encrypt all transmitted [sensitive data] with [TLS as defined in the TLS Package]] between itself and another trusted IT33 product. 33 IT – Information Technology Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 27 of 41 8. TOE Summary Specification This section presents information to detail how the TOE meets the functional requirements described in previous sections of this ST. 8.1 TOE Security Functionality Each of the security requirements and the associated descriptions correspond to the security functions. Hence, each function is described by how it specifically satisfies each of its related requirements. This serves to both describe the security functions and rationalize that the security functions satisfy the necessary requirements. Table 12 – Mapping of TOE Security Functionality to Security Functional Requirements TOE Security Function SFR ID34 Description Cryptographic Support FCS_CKM.1(1) Cryptographic Asymmetric Key Generation FCS_CKM.2 Cryptographic Key Establishment FCS_CKM_EXT.1 Cryptographic Key Generation Services FCS_COP.1(1) Cryptographic Operation – Encryption/Decryption FCS_COP.1(2) Cryptographic Operation – Hashing FCS_COP.1(3) Cryptographic Operation – Signing FCS_COP.1(4) Cryptographic Operation – Keyed-Hash Message FCS_RBG_EXT.1 Random Bit Generation Services FCS_RBG_EXT.2 Random Bit Generation from Application FCS_STO_EXT.1 Storage of Credentials FCS_TLS_EXT.1 TLS Protocol FCS_TLSC_EXT.1 TLS Client Protocol FCS_TLSC_EXT.4 TLS Client Support for Renegotiation FCS_TLSC_EXT.5 TLS Client Support for Supported Groups Extension User Data Protection FDP_DAR_EXT.1 Encryption of Sensitive Application Data FDP_DEC_EXT.1 Access to Platform Resources FDP_NET_EXT.1 Network Communications Identification and Authentication FIA_X509_EXT.1 X.509 Certificate Validation FIA_X509_EXT.2 X.509 Certificate Authentication Security Management FMT_CFG_EXT.1 Secure by Default Configuration FMT_MEC_EXT.1 Supported Configuration Mechanism FMT_SMF.1 Specification of Management Functions Privacy FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information 34 ID – Identification Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 28 of 41 TOE Security Function SFR ID34 Description Protection of the TSF FPT_AEX_EXT.1 Anti-Exploitation Capabilities FPT_API_EXT.1 Use of Supported Services and APIs FPT_IDV_EXT.1 Software Identification and Versions FPT_LIB_EXT.1 User of Third Party Libraries FPT_TUD_EXT.1 Integrity for Installation and Update FPT_TUD_EXT.2 Integrity for Installation and Update Trusted Path / Channels FTP_DIT_EXT.1 Protection of Data in Transit 8.1.1 Cryptographic Support The TOE implements the Acronis SCS Cryptographic Library to provide the required algorithms for all cryptographic operations. Each of the cryptographic algorithms supported by the TOE have been tested and certified by the CAVP35 . See Table 13 below for the cryptographic operations implemented by the TOE. Table 13 – Cryptographic Algorithms and Key Sizes Cryptographic Operation Usage Algorithm Key Lengths / Curves / Moduli Certificate Encryption/Decryption TLS AES-GCM 128, 256 CAVP C1351 Key Pair Generation TLS RSA 2048, 3072 CAVP C1351 ECDSA NIST P curves with sizes 256, 384, and 521 CAVP C1351 Digital Signature Generation Digital Signature Verification TLS RSA 2048, 3072 CAVP C1351 Key Establishment TLS RSA 2048, 3072, 4096 N/A36 ECDHE NIST P curves with sizes 256, 384, and 521 CAVP C1351 Message Digest TLS SHA-256, SHA-384 256, 384 CAVP C1351 Message Authentication TLS HMAC-SHA-256, HMAC-SHA-384 256, 384 CAVP C1351 Deterministic Random Bit Generation DRBG CTR_DRBG (AES) 256 CAVP C1351 FCS_CKM_EXT.1 and FCS_CKM.1(1) The TOE implements asymmetric key generation. The schemes implemented by the TOE to generate asymmetric cryptographic keys for key establishment and entity authentication are the RSA and ECC schemes. The RSA keys and key sizes listed in Table 13 are generated for key establishment and entity authentication for TLS. The ECDHE keys and NIST P curves listed in Table 13 are generated for key establishment and entity authentication for TLS. Both RSA and ECC key generation schemes that are implemented by the TOE meet FIPS PUB 186-4. 35 CAVP – Cryptographic Algorithm Validation Program 36 N/A – Not Applicable Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 29 of 41 FCS_CKM.2 The TOE implements both RSA and elliptic curve-based key establishment schemes for TLS. The RSA-based schemes meet RSAES-PKCS1-v1_5 as specified in Section 7.2 of RFC 8017. The elliptic-curve based schemes for ECDHE meet NIST SP-800 56A. The key sizes and curves used for the key establishment schemes are listed in Table 13. FCS_COP.1(1) The TOE performs AES encryption and decryption for TLS v1.2 trusted channel communications. The AES algorithm operates in GCM mode with key sizes of 128 and 256 bits. In TLS sessions, the TOE acts as a TLS client for connections to the Management Server from itself. Please refer to FCS_TLSC_EXT.1 for more information on the implementation of the TLS protocol. FCS_COP.1(2) and FCS_COP.1(4) Hashing services are performed by the TOE with the SHA-256 and SHA-384 algorithms and the message digest sizes of 256 and 384 in accordance with FIPS Pub 180-4. The hash functions are used with other TOE cryptographic functions, including digital signature verification and MACs37 . The HMAC-SHA-256 cryptographic algorithm uses the SHA-256 hash function with a cryptographic key size of 256 bits and 256-bit message digest size in accordance with FIPS Pub 198-1. The HMAC-SHA-384 cryptographic algorithm uses the SHA-384 hash function with a cryptographic key size of 384 bits and 384-bit message digest size in accordance with FIPS Pub 198-1. FCS_COP.1(3) For signature generation and verification, the TOE uses the RSA algorithm. The RSA algorithm meets FIPS PUB 186- 4 Section 4 and uses the key sizes of 2048 and 3072 bits. The RSA algorithm is used for TLS connections. FCS_RBG_EXT.1 and FCS_RBG_EXT.2 The TOE implements the SP 800-90A CTR_DRBG (AES) for all deterministic random bit generation services. The CTR_DRBG is seeded with a minimum of 256 bits of entropy via RDRAND that accumulates entropy from the Intel DRNG. The amount of entropy used to seed the CTR_DRBG corresponds to the greatest security strength of the algorithms included in the ST (AES-256). Refer to Tables 2 and 3 of NIST SP 800-57A for more information on the algorithm security strengths. FCS_STO_EXT.1 The TOE leverages the Windows Data Protection API (DPAPI) to securely store the TOE’s application token for the Windows Agent. On Linux, the application token is securely stored using the Linux keyring. The application token is used by the TOE to identify itself to the Management Server when downloading configuration settings. The initial application token is generated by the Management Server when the TOE is installed and added as a device to the Management Server. FCS_TLS_EXT.1, FCS_TLSC_EXT.1, FCS_TLSC_EXT.4, and FCS_TLSC_EXT.5 The TOE only implements TLS as a client and is not a TLS server. The TOE implements client-side TLS v1.2 for secure connections from itself to the Management Server. The client- side TLS v1.2 connections support the following cipher suites: • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288 37 MAC – Message Authentication Code Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 30 of 41 • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289 • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289 The TOE looks for the common name in the subject name or the DNS name in the subject alternative name (SAN) of the server’s certificate as the identifier for the Management Server. The reference identifier is established during installation when the Management Server’s name is entered in the connection information. Use of IP addresses and wildcards as the identifiers is supported but are discouraged as identifiers. When constructing the certificate, the SAN is mandated for IP identifiers and not mandated for DNS identifiers. The use of certificate pinning is not supported. If the server’s certificate is not valid, the TOE will not establish a connection. The TOE also supports functionality for session renegotiation. The TOE supports the "renegotiation_info" TLS extension in accordance with RFC 5746. It includes the renegotiation_info extension in ClientHello messages. The TOE uses its Acronis SCS Cryptographic Library to support elliptic curves in TLS and presents the Supported Groups Extension in the ClientHello with NIST curves secp256r1, secp384r1, and secp521r1. TOE Security Functional Requirements Satisfied: FCS_CKM.1(1), FCS_CKM.2, FCS_CKM_EXT.1, FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(3), FCS_COP.1(4), FCS_RBG_EXT.1, FCS_RBG_EXT.2, FCS_STO_EXT.1, FCS_TLS_EXT.1, FCS_TLSC_EXT.1, FCS_TLSC_EXT.4, FCS_TLSC_EXT.5 8.1.2 User Data Protection FDP_DAR_EXT.1 The TOE protects sensitive data in accordance with FCS_STO_EXT.1 when it is stored in non-volatile memory. The application token used to identify the TOE to the Management Server is the only sensitive data that the TOE stores. No other forms of sensitive data are stored by the TOE. The TOE runs as a service in the evaluated configuration and does not require any user credentials to operate. FDP_DEC_EXT.1 and FDP_NET_EXT.1 The TOE restricts its access to platform hardware resources to network connectivity. This is for the TLS connections described in FCS_TLSC_EXT.1 and the HTTP connections to the CA server in the TOE environment. The TLS connections include the TOE initiating a TLS v1.2 connection to the Management Server’s API Gateway and a user- initiated TLS v1.2 connection to the internet for an update check. The TOE initiates communication with the CA server when preforming certificate revocation checking. The TOE does not access any of the sensitive information repositories on the host platform. TOE Security Functional Requirements Satisfied: FDP_DAR_EXT.1, FDP_DEC_EXT.1, FDP_NET_EXT.1 8.1.3 Identification and Authentication FIA_X509_EXT.1 and FIA_X509_EXT.2 The TOE uses X.509v3 certificates as defined by RFC 5280 when it acts as a TLS client for TLS. The TOE does not support TLS mutual authentication but will validate the Management Server’s certificate before establishing a Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 31 of 41 connection. The TOE implements the following rules when validating the Management Server’s certificate when connecting to it: • Certificate validation and certificate path validation as per RFC 5280. • The certificate path must terminate with a trusted CA certificate. • The application shall validate a certificate path by ensuring the presence of the basicConstraints extension, that the CA flag is set to TRUE for all CA certificates, and that any path constraints are met. • The application shall validate that any CA certificate includes caSigning purpose in the key usage field. • The application shall validate the revocation status of the certificate using a CRL as specified in RFC 5280 Section 6.3. • The application shall reject expired certificates. • The application shall validate the extendedKeyUsage field according to the following rules: o Server certificates presented for TLS shall have the Server Authentication purpose (id-kp 1 with OID 1.3.6.1.5.5.7.3.1) in the extendedKeyUsage field. If the TOE cannot establish a connection to the CA server’s CRL to determine the revocation status of a certificate, it does not accept the certificate. TOE Security Functional Requirements Satisfied: FIA_X509_EXT.1, FIA_X509_EXT.2 8.1.4 Security Management FMT_CFG_EXT.1 The TOE does not install with any default credentials. Rather, it uses the platform’s service accounts to run and is available to any user logged into the platform. It is configured by default with file permissions that protect the application binaries and data files from modification by normal unprivileged users. This prevents a standard user from modifying the application or its data files. FMT_MEC_EXT.1 The TOE does not store or set any security-related settings. Non-security-related settings are stored on the Management Server and are queried when performing tasks. The TOE does not provide any management features that write or change settings. FMT_SMF.1 The TOE contains the version-check tool that provides the security-related management functionality. Any user that is logged into the platform may access the TOE’s version-check tool. The TOE is capable of performing the following security-related management functions: • Query the version of the TOE. Using the version-check tool, a user can see the current version of the TOE. • Check for updates to the TOE. Using the version-check tool, a user can check if there are any updates available for the TOE. TOE Security Functional Requirements Satisfied: FMT_CFG_EXT.1, FMT_MEC_EXT.1, FMT_SMF.1 Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 32 of 41 8.1.5 Privacy FPR_ANO_EXT.1 The TOE does not transmit PII. TOE Security Functional Requirements Satisfied: FPR_ANO_EXT.1 8.1.6 Protection of the TSF FPT_AEX_EXT.1 The TOE does not make requests to map memory at an explicit address and is compiled with ASLR enabled. The TOE does not allocate any memory regions with write and execute permissions. The TOE is compatible with the platform’s security features. More specifically, the application can run successfully with Windows Defender Exploit Guard configured with the following minimum mitigations enabled: Control Flow Guard (CFG), Randomize memory allocations (Bottom-Up ASLR), Export address filtering (EAF), Import address filtering (IAF), and Data Execution Prevention (DEP). The TOE is also compatible with SELinux enabled and in enforcing mode. The TOE does not write user-modifiable files to directories that contain executable files. The Windows Agent is compiled with the /GS flag enabled by default for stack-based buffer overflow protection and the /NXCOMPAT flag to enable DEP protections for the application. The Linux Agent uses the __stack_chk_fail symbol in ELF executable files for stack-based buffer overflow protection. FPT_API_EXT.1 The TOE uses only the documented platform APIs listed in Appendix A: Supported Platform APIs. FPT_IDV_EXT.1 The TOE is versioned with SWID tags that comply with the minimum requirements from ISO/IEC 19770-2:2015. FPT_LIB_EXT.1 The TOE is packaged with the third-party libraries listed in Appendix B: Included Third-Party Libraries. FPT_TUD_EXT.1 and FPT_TUD_EXT.2 The TOE provides the ability to check for updates and patches to the application software. To check for an update, the user of the platform runs the TOE’s shell script “Update.ps1” for Windows or “Update.sh” for Linux. If no update is found, the script will report the current version of the TOE and “Installed version is the latest, no update available”. If an update is found, the script will report the current version and “Update Available”. The TOE does not download, modify, replace or update its own binary code. The TOE’s Windows and Linux installation packages and its updates are digitally signed so that the platform can verify their signatures before installation. The packages are digitally signed using a 2048-bit RSA key and SHA-256 digest algorithm. The authorized sources of the Linux and Windows installer signatures are Acronis International GmbH, issued by GlobalSign and Acronis SCS, Inc., issued by DigiCert respectively. The TOE is distributed as an additional software package to the platform OS. The Windows Agent is packaged in the standard executable (.exe) format and the Linux Agent is packaged as an executable binary (.x86_64). The TOE is packaged such that its removal results in the deletion of all traces of the application, with the exception of configuration settings, output files, and audit/log events. Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 33 of 41 TOE Security Functional Requirements Satisfied: FPT_AEX_EXT.1, FPT_API_EXT.1, FPT_IDV_EXT.1, FPT_LIB_EXT.1, FPT_TUD_EXT.1, FPT_TUD_EXT.2 8.1.7 Trusted Path/Channels FTP_DIT_EXT.1 The TOE encrypts all transmitted sensitive data between itself and the Management Server with TLSv1.2. Please refer to the section FCS_TLSC_EXT.1 for more details. TOE Security Functional Requirements Satisfied: FTP_DIT_EXT.1 8.2 Timely Security Updates To keep the TOE secure, Acronis SCS plans to fix security issues depending on the following severity: • Critical: hotfix and workaround are immediately required. • High: hotfix or nearest update, if update is within 3-4 weeks (15-20 business days). • Low-Medium: next major version or update. Issues severity are calculated according to CVSSv3 methodology. For some issues custom severity can be set by security team when CVSSv3 is not appropriate. For example, privacy issues may be prioritized much beyond CVSS score. If issue was reported by 3rd-party and is subject for public disclosure, the fixes will be released within the negotiated disclosure period. Acronis SCS will disclose the following information for vulnerabilities: • Release Notes will contain information that security issues were fixed in a specific release or update. • Release Notes will contain issue IDs and severity in a qualitative form if they are worth mentioning. • In special cases, the details of security issues may be disclosed to customers when it's important to let customers know if their systems/data are at risk. • Acronis SCS will not disclose details of vulnerabilities in documentation. The Acronis SCS Support team will notify customers about security issues related to the TOE in following cases: 1. Issue severity is Critical 2. Issue severity is High and the issue is known to 3rd-party (external report or a known exploitation). The notification will be sent to the most relevant group of customers and include enough information to understand the following: 1. The risk associated with the issue 2. Conditions under which a customer’s system is vulnerable 3. Necessary steps to mitigate the risk Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 34 of 41 Customers that purchase the TOE may email appsupport@acronisscs.com to report security issues pertaining to the TOE. A public key and disclosure policy are posted to the Acronis SCS GitHub (https://github.com/acronisscs/public_disclosure) for use in securing the contents of any security related email. Any update that is released, related to security fixes or not, is deployed to the Acronis SCS website for download. Customers may refer to the email or use the check for update process to see if a new version is available for their installation. Updates can then be downloaded and applied to the TOE as needed. Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 35 of 41 9. Rationale 9.1 Conformance Claims Rationale This Security Target extends Part 2 and extends to Part 3 of the Common Criteria Standard for Information Technology Security Evaluations, Version 3.1 Revision 5. This ST conforms to the AS PP and TLS-PKG. 9.1.1 Variance Between the PP and this ST There is no variance between the AS PP, TLS-PKG, and this ST. 9.1.2 Security Assurance Requirements Rationale The assumptions, threats, OSPs, and objectives defined in this ST are those specified in the AS PP and TLS-PKG. This ST maintains exact conformance to the AS PP and TLS-PKG, including the assurance requirements listed in Section 5 of the AS PP. The TOE is a standalone application that runs on a Windows and Linux desktop platforms and is applicable to the AS PP and TLS-PKG. Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 36 of 41 10. Acronyms Table 14 defines the acronyms used throughout this document. Table 14 – Acronyms Acronym Definition AES Advanced Encryption Standard API Application Programming Interface AS PP Protection Profile for Application Software v1.3; March 01, 2019 ASLR Address Space Layout Randomization CAVP Cryptographic Algorithm Validation Program CC Common Criteria CEM Common Evaluation Methodology CFG Control Flow Guard CLI Command Line Interface CM Configuration Management CTR Counter Mode DEP Data Execution Protection DRBG Deterministic Random Bit Generator DSS Digital Signature Standard EAF Export address filtering EAL Evaluation Assurance Level ECC Elliptic Curve Cryptography ECDHE Elliptic Curve Diffie Hellman Ephemeral FIPS Federal Information Processing Standard GB Gigabyte GCM Galois Counter Mode HMAC Hash-based Message Authentication Code HTTP Hypertext Transport Protocol HTTPS Hypertext Transport Protocol Secure IAF Import address filtering ID Identification IEC International Electrotechnical Commission ISO International Organization for Standardization IT Information Technology Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 37 of 41 Acronym Definition ITSEF Information Technology Security Evaluation Facility MAC Message Authentication Code MB Megabyte N/A Not Applicable NIST National Institute of Standards and Technology OS Operating System OSP Organizational Security Policy PII Personally Identifiable Information PP Protection Profile PUB Publication RAM Random Access Memory RBG Random Bit Generation RFC Request for Comments RSA Rivest, Shamir, Adleman SAR Security Assurance Requirement SFR Security Functional Requirement SHA Secure Hash Algorithm SP Special Publication SQL Structured Query Language SSL Secure Sockets Layer ST Security Target SWID Software Identification TD Technical Decisions TLS Transport Layer Security TLS-PKG Functional Package for Transport Layer Security (TLS), Version 1.1, 12 February 2019 TOE Target of Evaluation UI User Interface VM Virtual Machine Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 38 of 41 Appendix A: Supported Platform APIs The following is a list of the supported platform APIs that the TOE uses: • For Windows: o ReadFile o WriteFile o NtQueryInformationFile o UnlockFile o LockFile o Send o Recv o RegQueryInfoKeyA o RegOpenKey o RegSetInfoKey o RegQueryValue o RegCloseKey o RegQueryMutlipleValueKey o ExitThread o CreateThread • For Linux: o mount o mkdir o exec o mv o sudo o chroot o uname o gawk o echo o cp Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 39 of 41 Appendix B: Included Third-party Libraries Table 15 provides a list of the included third-party libraries that the Windows Agent uses. Table 15 – Included Third-party Windows Libraries Library Library Library curl.dll icudt38.dll mspack.dll tcmalloc.dll zstd.dll python35.dll icu38.dll re2.dll winpthreads4.dll Table 16 provides a list of the included third-party libraries that the Linux Agent uses. Table 16 – Included Third-party Linux Libraries Library Library Library _ctypes.so libftp_item_provider.so libpybind_tol_supp.so _multiprocessing.so libgtob_backup_command_addon.so libpython35.so _psycopg.so libgtob_ensure_backup_invariants_comma nd_addon.so libre2.so _socket.so libgtob_restore_command_addon.so libremote_facade.so _sqlite3.so libhotplug_supp.so libresource.so _ssl.so libhttp.so librestore_vm_addon.so acrort.so libhuman_resolving_mms.so librsm_commands_addon.so libabr10cli.so libicu38.so librsmdb_upgrade.so libabr11cli.so libicudt38.so libscsi.so libaccess_manager.so libinfra_upgrade.so libsecurity_core.so libaccount_server_client.so libipc_client.so libselect_media_addon.so libagent_live_upgrade.so libipc_server.so libservice_commands_addon.so libagent_protection_addon.so libjwt.so libsession_manager.so libaio.so libkvm.so libsettings.so libalerts.so liblibatq.so libsettings_upgrade.so libamsdb_upgrade.so liblibcrypto10.so libslang.so libarchive_mount_helper.so liblibevent.so libsmb_file_item_provider.so libarchive3.so liblibsmtp.so libsmb_supp.so Security Target, Version 0.11 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Agent v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 40 of 41 Library Library Library libarchive3_adapter.so liblibssl10.so libsqlite3.so libasn_upgrade.so liblocal_file_item_provider.so libssl10.so libasndb_upgrade.so liblog_commands_addon.so libstaging_command.so libasync_service.so liblogging.so libsync_connectivity_agent_addon.so libasyncipc.so liblogs_upgrade.so libsysinfo_download_addon.so libatp_upgrade.so liblx_supp.so libtcmalloc.so libauto_update_addon.so libMachineInstanceProvider.so libthread_pool.so libboot_assist.so libmake_shallow_copy_command.so libtm_client.so libcommon_archive_addon.so libmms_recovery_assistant_addon.so libtol_tools.so libcore_workers_shared_context.so libmms_rest_api.so libulxmlrpcpp.so libcounter_service_addon.so libmms_text_bundle.so libunified_access_upgrade.so libcounters.so libmmsdb_upgrade.so libunwind.so libcrypto10.so libmsp_license_addon.so libupgrade_host.so libcurl.so libmsp_mms.so libvirt_gtob_addon.so libdbus-1.so libmspack.so libvirt_task_handlers_registry.so libdelayed_delivery.so libmsvpc_wst.so libVirtualMachineInstanceProvider.so libdisk_item_provider.so libnewt.so libvmb_upgrade.so libDiskBundle.so libnfs_item_provider.so libvmware_srv.so libdml.so libnfs_supp.so libzmq_infra.so libdml_sqlite_addon.so libnfs_vfs_addon.so libzstd.so libdms_provider.so libnotification_upgrade.so pyastorage_client.so libdms_tapes_provider.so libonline_archives_upgrade.so pyexpat.so libdsk_supp.so libpcs_io.so select.so libexpat.so libpopt.so ujson.so libfile_backup.so libpor.so unicodedata.so libfiles_tree_download_addon.so libporconv.so Prepared by: Corsec Security, Inc. 13921 Park Center Road, Suite 460 Herndon, VA 20171 United States of America Phone: +1 703 267 6050 Email: info@corsec.com http://www.corsec.com