Acronis SCS Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 Security Target Document Version: 0.14 Prepared for: Prepared by: Acronis SCS Corsec Security, Inc. 6370 E. Thomas Road, Suite 250 13921 Park Center Road, Suite 460 Scottsdale, AZ 85251 Herndon, VA 20171 United States of America United States of America Phone: +1 781 782 9000 Phone: +1 703 267 6050 www.acronisscs.com www.corsec.com Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 2 of 38 Table of Contents 1. Introduction.......................................................................................................................................................4 1.1 Purpose .....................................................................................................................................................4 1.2 Security Target and TOE References.........................................................................................................4 1.3 Product Overview......................................................................................................................................5 1.3.1 Product Components........................................................................................................................5 1.4 TOE Overview............................................................................................................................................6 1.4.1 TOE Environment..............................................................................................................................7 1.5 TOE Description.........................................................................................................................................8 1.5.1 Physical Scope ..................................................................................................................................8 1.5.2 Logical Scope ....................................................................................................................................9 1.5.3 Product Physical/Logical Features and Functionality not included in the TOE............................. 10 1.5.4 Scope of Evaluation....................................................................................................................... 10 2. Conformance Claims....................................................................................................................................... 11 3. Security Problem Definition............................................................................................................................ 12 3.1 Threats ................................................................................................................................................... 12 3.2 Assumptions........................................................................................................................................... 12 3.3 Organizational Security Policies............................................................................................................. 12 4. Security Objectives ......................................................................................................................................... 13 4.1 Security Objectives for the TOE ............................................................................................................. 13 4.2 Security Objectives for the Operational Environment........................................................................... 13 4.3 Security Objectives Rationale ................................................................................................................ 14 5. Extended Components ................................................................................................................................... 15 5.1 Extended TOE Security Functional Components ................................................................................... 15 5.2 Extended TOE Security Assurance Components.................................................................................... 15 6. Security Assurance Requirements.................................................................................................................. 16 7. Security Functional Requirements.................................................................................................................. 17 7.1 Conventions ........................................................................................................................................... 17 7.2 Security Functional Requirements......................................................................................................... 17 7.2.1 Class FCS: Cryptographic Support.................................................................................................. 18 7.2.2 Class FDP: User Data Protection.................................................................................................... 21 7.2.3 Class FMT: Security Management................................................................................................. 22 7.2.4 Class FPR: Privacy .......................................................................................................................... 22 7.2.5 Class FPT: Protection of the TSF.................................................................................................... 22 7.2.6 Class FTP: Trusted Path/Channel................................................................................................... 24 8. TOE Summary Specification............................................................................................................................ 25 8.1 TOE Security Functionality ..................................................................................................................... 25 8.1.1 Cryptographic Support .................................................................................................................. 26 8.1.2 User Data Protection..................................................................................................................... 28 8.1.3 Security Management ................................................................................................................... 29 8.1.4 Privacy ........................................................................................................................................... 29 8.1.5 Protection of the TSF..................................................................................................................... 30 8.1.6 Trusted Path/Channels.................................................................................................................. 31 8.2 Timely Security Updates ........................................................................................................................ 31 Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 3 of 38 9. Rationale......................................................................................................................................................... 33 9.1 Conformance Claims Rationale.............................................................................................................. 33 9.1.1 Variance Between the PP and this ST............................................................................................ 33 9.1.2 Security Assurance Requirements Rationale ................................................................................ 33 10. Acronyms.................................................................................................................................................... 34 Appendix A: Supported Platform APIs..................................................................................................................... 36 Appendix B: Included Third-party Libraries............................................................................................................. 37 List of Figures Figure 1 – Physical TOE Boundary ..............................................................................................................................8 Figure 2 – Querying Current Version of Application Software................................................................................ 30 List of Tables Table 1 – ST and TOE References ...............................................................................................................................4 Table 2 – Environmental Components.......................................................................................................................7 Table 3 – Guidance Documentation...........................................................................................................................9 Table 4 – CC and PP Conformance .......................................................................................................................... 11 Table 5 – Threats ..................................................................................................................................................... 12 Table 6 – Assumptions............................................................................................................................................. 12 Table 7 – Security Objectives for the TOE............................................................................................................... 13 Table 8 – Security Objectives for the Operational Environment............................................................................. 14 Table 9 – Extended TOE Security Assurance Components...................................................................................... 15 Table 10 – Security Assurance Requirements ......................................................................................................... 16 Table 11 – TOE Security Functional Requirements ................................................................................................. 17 Table 12 – Mapping of TOE Security Functionality to Security Functional Requirements...................................... 25 Table 13 – Cryptographic Algorithms and Key Sizes ............................................................................................... 26 Table 14 – Acronyms ............................................................................................................................................... 34 Table 15 – Included Third-party Libraries................................................................................................................ 37 Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 4 of 38 1. Introduction This section identifies the Security Target (ST), Target of Evaluation (TOE), and the organization of the ST. The TOE is the Acronis Cyber Backup 12.5 SCS Hardened Edition Server developed by Acronis SCS and will hereafter be referred to as the TOE throughout this document. The TOE is the Management Server component of the Acronis Cyber Backup 12.5 SCS Hardened Edition solution, which consists of a Management Server and multiple Backup Agents. The Management Server provides a web UI 1 called the Management Console with customizable dashboards, advanced reporting, and auditing for managing backups. 1.1 Purpose This ST is divided into 10 sections, as follows: • Introduction (Section 1) – Provides a brief summary of the ST contents and describes the organization of other sections within this document. It also provides an overview of the TOE security functionality and describes the physical and logical scope for the TOE as well as the ST and TOE references. • Conformance Claims (Section 2) – Provides the identification of any Common Criteria (CC), Protection Profile (PP), and Evaluation Assurance Level (EAL) package claims. It also identifies whether the ST contains extended security requirements. • Security Problem (Section 3) – Describes the threats, organizational security policies, and assumptions that pertain to the TOE and its environment. • Security Objectives (Section 4) – Identifies the security objectives that are satisfied by the TOE and its environment. • Extended Components (Section 5) – Identifies new components (extended Security Functional Requirements (SFRs) and extended Security Assurance Requirements (SARs)) that are not included in CC Part 2 or CC Part 3. • Security Assurance Requirements (Section 6) – Presents the SARs met by the TOE. • Security Functional Requirements (Section 7) – Presents the SFRs met by the TOE. • TOE Summary Specification (Section 8) – Describes the security functions provided by the TOE that satisfy the SFRs and objectives. • Rationale (Section 9) – Presents the conformance claims rationale for the selected PP. • Acronyms (Section 10) – Defines the acronyms used within this ST. 1.2 Security Target and TOE References Table 1 below shows the ST and TOE references. Table 1 – ST and TOE References ST Title Acronis SCS Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 Security Target ST Version Version 0.14 ST Author Corsec Security, Inc. 1 UI – User Interface Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 5 of 38 ST Publication Date August 19, 2020 TOE Reference Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 1.3 Product Overview The Product Overview provides a high-level description of the product that is the subject of the evaluation. The following section, TOE Overview, will provide the introduction to the parts of the overall product offering that are specifically being evaluated. Acronis Cyber Backup 12.5 SCS Hardened Edition is an advanced data protection solution that provides reliable backup and recovery of physical, virtual, and cloud workloads with a wide range of storage options. It may be used to protect data residing on-premises, in remote locations, in the cloud, and on mobile devices. Centralized and remote management of backups is performed via the Management Server’s web-based Management Console, with customizable dashboards, advanced reporting, and auditing. Backup Agents installed on protected platforms perform data backup and recovery of physical or virtual machines, hypervisors, applications, and mobile devices. Acronis Cyber Backup 12.5 SCS Hardened Edition supports application-aware backup and recovery features for Oracle database, Microsoft Office 365, Microsoft Exchange, Microsoft SQL2 Server, Microsoft SharePoint, and Microsoft Active Directory. Acronis Cyber Backup 12.5 SCS Hardened Edition may be deployed in an on-premise or cloud configuration. With the on-premise configuration, the Management Server is installed on a customer’s local network. With the cloud configuration, it is installed in a secure Acronis Data Center. Both the Management Server and Backup Agents are supported on both Windows and Linux platforms. Acronis Cyber Backup 12.5 SCS Hardened Edition includes the Acronis SCS Cryptographic Library and Acronis SCS Protocol Library in both the Management Server and Backup Agents. They provide the underlying cryptographic and protocol functionality necessary to support the use of secure communications protocols, encrypted backups, and secure file sharing. 1.3.1 Product Components The following paragraphs provide a brief description of the product components. 1.3.1.1 Management Server The Management Server provides the means to configure, monitor, and manage backups and provides the web server (Web UI) for the Management Console. The Management Server is comprised of a number of management services responsible for management functions of Acronis Cyber Backup 12.5 SCS Hardened Edition. The Management Server also includes an API3 Gateway to communicate with the Backup Agents. The Management Server does not actually perform backup, recovery, or other data-manipulation operations. These are performed by the Backup Agents installed on each protected machine. The Management Console allows an administrator to create a backup plan, or set of rules, to specify how data will be backed up on a given machine. This includes specifying what to back up (for example, disks or volumes), where 2 SQL – Structured Query Language 3 API – Application Programming Interface Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 6 of 38 to back it up to, and the schedule (by event or time) for backups. The same backup plan can be applied to groups of machines of the same type to simplify management of a large number of machines. Backup infrastructures can be organized into departments allowing for role-based administration of separate resources. The Management Server also allows a user to recover an entire machine or individual files, folders, VM4 s, or databases from a backup. The Management Server uses a built-in SQLite database by default to store its operational data but may be configured at installation to use Microsoft SQL server instead. The Acronis Cyber Backup 12.5 SCS Hardened Edition Monitoring Service provides monitoring and reporting features. Its dashboard provides a number of customizable, dynamic widgets that give an overview of a backup infrastructure and backed-up devices, allowing an administrator to easily monitor the current state of a backup infrastructure. The reporting feature generates on-demand and scheduled reports about the backup infrastructure. The Reports section is available only with an Advanced license. The option to install the Monitoring Service component is provided through a custom install. If installed, the Management Console will show Dashboard and Reports sections under the Overview tab. 1.3.1.2 Backup Agents Backup Agents are installed as a number of services to perform the actual backup and recovery operations on each machine that requires protection. They are typically installed on each machine that requires protection and then added to the Management Server. However, they are able to operate independently from the Management Server. Backup Agents are supported on both Windows and Linux OS5 s. Different agent types are used to protect different data sources, but they all share the same architecture, communication protocols, and the vast majority of the functionality. A command-line interface (CLI) is installed with the Backup Agents to allow for management of the Backup Agents separately from the Management Console. 1.4 TOE Overview The TOE Overview summarizes the usage and major security features of the TOE. The TOE Overview provides a context for the TOE evaluation by identifying the TOE type, describing the product, and defining the specific evaluated configuration. The software-only TOE is the Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5. It is a standalone software application that runs on a Windows OS and provides a web-based centralized Management Console with customizable dashboards, advanced reporting, and auditing for managing backups. Its security features include securely storing the TLS private key, checking for updates and patches to the application software, using a digital signature to protect the integrity of the installation and update files, versioning the software with SWID tags, and using anti-exploitation capabilities such as not mapping memory to explicit addresses, file permission protections, and stack buffer overflow protections. It also secures remote access to its Management Console and communications between the TOE and Backup Agents. The TOE implements the cryptographic functionality for cryptographic services, including HTTPS6 and TLS7 v1.2, through its embedded Acronis SCS Cryptographic Library 4 VM – Virtual Machine 5 OS – Operating System 6 HTTPS – Hypertext Transfer Protocol Secure 7 TLS – Transport Layer Security Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 7 of 38 and Acronis SCS Protocol Library. Licenses are allocated to Backup Agents in the TOE environment that allow access to more functionality in the Management Console. In the evaluated configuration, the TOE is installed on a Microsoft Windows Server 2016 machine that is on a network connected to two Backup Agents in the TOE environment, an Agent for Windows and an Agent for Linux. The Protection Profile for Application Software specifies several use cases that may be implemented by conformant TOEs. Acronis Cyber Backup 12.5 SCS Hardened Edition Server is considered to implement both content creation and content consumption. 1.4.1 TOE Environment Table 2 defines the environmental component requirements. In the evaluated configuration, the TOE is provided as an Acronis Cyber Backup 12.5 SCS Hardened Edition setup program. The TOE is installed on a Windows Server running Microsoft Windows Server 2016. It is installed with custom installation settings to install the following components of the Acronis Cyber Backup 12.5 SCS Hardened Edition solution: Management Server and Monitoring Service. Table 2 – Environmental Components Component Requirements Management Server This machine is used to host the Management Server software and Monitoring Service. The following are required: • Microsoft Windows Server 2016 OS • Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 software with licenses • 200 MB8 of RAM9 and 1.7 GB10 of free space on the system volume • Intel Xeon E-2136 CPU11 Administrator Workstation This machine is a general-purpose computer used by administrators for remote management of the TOE via one of the following web browsers: • Google Chrome 29 or later • Mozilla Firefox 23 or later • Opera 16 or later • Microsoft Internet Explorer 10 or later • Microsoft Edge 25 or later • Safari 8 or later Windows Agent Computer This machine is a general-purpose computer that will have the Windows Agent installed on it. The following are required: • Microsoft Windows 10 OS • Acronis Cyber Backup 12.5 SCS Hardened Edition Agent for Windows v12.5 software • 720 MB disk space and 130 MB RAM • Intel Core i7-8650U CPU 8 MB – Megabyte 9 RAM – Random-Access Memory 10 GB – Gigabyte 11 CPU – Central Processing Unit Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 8 of 38 Component Requirements Linux Agent Computer This machine is a general-purpose computer that will have the Linux Agent installed on it. The following are required: • RHEL v7.6 OS • Acronis Cyber Backup 12.5 SCS Hardened Edition Agent for Linux v12.5 software • 850 MB disk space and 150 MB RAM • Intel Core i5-8350U CPU The TOE relies on an embedded SQLite database to store configuration data. This database is part of the TOE. 1.5 TOE Description This section primarily addresses the physical and logical components of the TOE that are included in the evaluation. 1.5.1 Physical Scope Figure 1 illustrates the physical scope and the physical boundary of the overall solution and ties together all of the components of the software-only TOE and the constituents of the TOE environment. Figure 1 – Physical TOE Boundary The TOE Boundary includes all the Acronis SCS developed parts of the Acronis Cyber Backup 12.5 SCS Hardened Edition Server product. Any third-party source code or software that Acronis SCS has modified is considered to be TOE Software. 1.5.1.1 Guidance Documentation Table 3 lists the TOE Guidance Documentation to install, configure, and maintain the TOE. Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 9 of 38 Table 3 – Guidance Documentation Document Name Description Acronis SCS Acronis Cyber Backup 12.5 SCS Hardened Edition User Guide Includes steps for the basic initialization and setup of the TOE. Acronis SCS Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 Guidance Documentation Supplement Document Version: 0.10 Contains information regarding specific configuration for the TOE evaluated configuration. 1.5.2 Logical Scope The logical boundary of the TOE is broken down into the following security classes, which are further described in Sections 7 and 8 of this ST. The logical scope also provides the description of the security features of the TOE. The SFRs implemented by the TOE are usefully grouped under the following Security Function Classes. 1.5.2.1 Cryptographic Support The TOE provides cryptographic functions to secure sessions between the administrator workstation connecting via a web browser to the Management Console of the TOE using HTTPS and TLS v1.2. Cryptographic functions are also used to secure communications between the TOE and the Backup Agents in the TOE environment using TLS v1.2. The Acronis SCS Cryptographic Library and Acronis SCS Protocol Library are used to provide the required algorithms and protocols for all cryptographic operations. The TOE also stores its sensitive data in the Windows Data Protection API. 1.5.2.2 User Data Protection The TOE protects sensitive data in non-volatile memory according to the requirements in FCS_STO_EXT.1. The TOE restricts its access to network connectivity provided by the platform’s hardware resources. Specifically, it will only use network connectivity for administrative actions over trusted paths to its Management Console and connections via trusted channels from Backup Agents in the TOE environment. The TOE accesses the platform’s system logs to store audit information and does not access any other sensitive information repositories. 1.5.2.3 Security Management The TOE does not provide default credentials. It uses the existing administrator accounts on the platform for authentication. The TOE creates a group that is assigned to administrators and used to identify the accounts that have access. The application invokes the mechanisms recommended by the platform vendor for storing and setting configuration options. The TOE and its data are protected against unauthorized access by default file permissions. Section 8.1.3 provides a list of security-relevant management functions provided by the TOE. 1.5.2.4 Privacy The TOE does not transmit personally identifiable information (PII). 1.5.2.5 Protection of the TSF The TOE does not allocate memory with both write and execute permissions and does not write user-modifiable files to directories that contain executable files. The TOE is compiled with the /GS flag to enable stack-based buffer overflow protection and is compatible with the platform’s security features. The TOE uses standard platform APIs and includes only the third-party libraries it needs to perform its functionality. The TOE is versioned with SWID12 12 SWID – Software Identification Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 10 of 38 tags that comply with the minimum requirements from ISO13 /IEC14 19770-2:2015 and provides the ability to check for updates to the application software. The TOE is distributed as an additional software package to the platform OS. The TOE is packaged such that its removal results in the deletion of all traces of the application, except for configuration settings, output files, and audit/log events. The TOE does not download, modify, replace or update its own binary code. 1.5.2.6 Trusted Path/Channels The TOE provides trusted paths and trusted channels using its cryptographic functions. The TOE secures administrative communications using HTTPS over TLS v1.2 to its Management Console. The TOE provides trusted communications channels between the TOE and Backup Agents using TLS v1.2. 1.5.3 Product Physical/Logical Features and Functionality not included in the TOE Features and Functionality that are not part of the evaluated configuration of the TOE are the following: • Remote and cloud storage locations • Cloud configuration deployments • Managing agents for hypervisors, applications, and mobile devices 1.5.4 Scope of Evaluation The evaluation is limited in scope to the secure features described in the Protection Profile for Application Software v1.3; March 01, 2019 (AS PP) and the Functional Package for Transport Layer Security (TLS), Version 1.1, 12 February 2019 (TLS-PKG) and detailed in Section 1.5.2. 13 ISO – International Organization for Standardization 14 IEC – International Electrotechnical Commission Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 11 of 38 2. Conformance Claims This section provides the identification for any CC, PP, Technical Decisions (TD), and EAL package conformance claims. Rationale is provided for any extensions or augmentations to the conformance claims. Rationale for CC and PP conformance claims can be found in Section 9.1. Table 4 – CC and PP Conformance Common Criteria (CC) Identification and Conformance Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017; CC Part 2 extended; CC Part 3 extended; PP claim to the Protection Profile for Application Software v1.3; March 01, 2019 conformant; Functional Package for Transport Layer Security (TLS), Version 1.1, 12 February 2019. PP Identification Exact Conformance15 to the Protection Profile for Application Software v1.3; March 01, 2019 and the Functional Package for Transport Layer Security (TLS), Version 1.1, 12 February 2019. TD Conformance Conformance to the following TDs and Technical Queries are claimed for the Application Software PP: • TD0498: Application Software PP Security Objectives and Requirements Rationale • TD0473: Support for Client or Server TOEs in FCS_HTTPS_EXT • TD0465: Configuration Storage for .NET Apps • TD0445: User Modifiable File Definition • TD0437: Supported Configuration Mechanism • TD0434: Windows Desktop Applications Test • TD0427: Reliable Time Source • TD0416: Correction to FCS_RBG_EXT.1 Test Activity Conformance to the following TDs is claimed for the TLS functional package: • TD0469: Modification of test activity for FCS_TLSS_EXT.1.1 test 4.1 • TD0442: Updated TLS Ciphersuites for TLS Package 15 Exact Conformance is a type of strict conformance such that the set of SFRs and the SPD/Objectives are exactly as presented within the accepted PP and Extended PP without changes. Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 12 of 38 3. Security Problem Definition This section describes the security aspects of the environment in which the TOE will be used and the manner in which the TOE is expected to be employed. It provides the statements for the TOE security environment’s threats, assumptions, and Organizational Security Policies (OSPs) as identified in the AS PP. 3.1 Threats Table 5 describes the threats that the TOE is expected to address as defined in the AS PP. Table 5 – Threats Threat Description T.LOCAL_ATTACK An attacker can act through unprivileged software on the same computing platform on which the application executes. Attackers may provide maliciously formatted input to the application in the form of files or other local communications. T.NETWORK_ATTACK An attacker is positioned on a communications channel or elsewhere on the network infrastructure. Attackers may engage in communications with the application software or alter communications between the application software and other endpoints in order to compromise it. T.NETWORK_EAVESDROP An attacker is positioned on a communications channel or elsewhere on the network infrastructure. Attackers may monitor and gain access to data exchanged between the application and other endpoints. T.PHYSICAL_ACCESS An attacker may try to access sensitive data at rest. 3.2 Assumptions Table 6 describes the assumptions that are assumed to exist in the TOE’s operating environment as defined in the AS PP. Table 6 – Assumptions Assumption Description A.PLATFORM The TOE relies upon a trustworthy computing platform with a reliable time clock for its execution. This includes the underlying platform and whatever runtime environment it provides to the TOE. A.PROPER_ADMIN The administrator of the application software is not careless, willfully negligent or hostile, and administers the software in compliance with the applied enterprise security policy. A.PROPER_USER The user of the application software is not willfully negligent or hostile, and uses the software in compliance with the applied enterprise security policy. 3.3 Organizational Security Policies There are no OSPs defined in the AS PP. Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 13 of 38 4. Security Objectives This section identifies the security objectives for the TOE and its supporting environment. 4.1 Security Objectives for the TOE Table 7 describes the security objectives that the TOE is required to meet as defined in the AS PP. Table 7 – Security Objectives for the TOE Objective Description O.INTEGRITY Conformant TOEs ensure the integrity of their installation and update packages, and also leverage execution environment-based mitigations. Software is seldom, if ever, shipped without errors. The ability to deploy patches and updates to fielded software with integrity is critical to enterprise network security. Processor manufacturers, compiler developers, execution environment vendors, and operating system vendors have developed execution environment-based mitigations that increase the cost to attackers by adding complexity to the task of compromising systems. Application software can often take advantage of these mechanisms by using APIs provided by the runtime environment or by enabling the mechanism through compiler or linker options. Addressed by: FDP_DEC_EXT.1, FMT_CFG_EXT.1, FPT_AEX_EXT.1, FPT_TUD_EXT.1 O.MANAGEMENT To facilitate management by users and the enterprise, conformant TOEs provide consistent and supported interfaces for their security-relevant configuration and maintenance. This includes the deployment of applications and application updates through the use of platform-supported deployment mechanisms and formats, as well as providing mechanisms for configuration. This also includes providing control to the user regarding disclosure of any PII. Addressed by: FMT_SMF.1, FPT_IDV_EXT.1, FPT_TUD_EXT.1, FPR_ANO_EXT.1, FCS_COP.1(3) O.PROTECTED_COMMS To address both passive (eavesdropping) and active (packet modification) network attack threats, conformant TOEs will use a trusted channel for sensitive data. Sensitive data includes cryptographic keys, passwords, and any other data specific to the application that should not be exposed outside of the application. Addressed by: FTP_DIT_EXT.1, FCS_RBG_EXT.1, FCS_RBG_EXT.2, FCS_CKM_EXT.1, FCS_CKM.2, FCS_HTTPS_EXT.1, FDP_NET_EXT.1, FIA_X509_EXT.1 O.PROTECTED_STORAGE To address the issue of loss of confidentiality of user data in the event of loss of physical control of the storage medium, conformant TOEs will use data-at-rest protection. This involves encrypting data and keys stored by the TOE in order to prevent unauthorized access to this data. This also includes unnecessary network communications whose consequence may be the loss of data. Addressed by: FDP_DAR_EXT.1, FCS_STO_EXT.1, FCS_RBG_EXT.1, FCS_CKM.1(3), FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(4) O.QUALITY To ensure quality of implementation, conformant TOEs leverage services and APIs provided by the runtime environment rather than implementing their own versions of these services and APIs. This is especially important for cryptographic services and other complex operations such as file and media parsing. Leveraging this platform behavior relies upon using only documented and supported APIs. Addressed by: FMT_MEC_EXT.1, FPT_API_EXT.1, FPT_API_EXT.2, FPT_LIB_EXT.1, FPT_TUD_EXT.2, FCS_CKM.1(1) 4.2 Security Objectives for the Operational Environment Table 8 describes the security objectives that the TOE’s operating environment is required to meet as defined in the AS PP. Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 14 of 38 Table 8 – Security Objectives for the Operational Environment Assumption Description OE.PLATFORM The TOE relies upon a trustworthy computing platform for its execution. This includes the underlying operating system and any discrete execution environment provided to the TOE. OE.PROPER_ADMIN The administrator of the application software is not careless, willfully negligent or hostile, and administers the software within compliance of the applied enterprise security policy. OE.PROPER_USER The user of the application software is not willfully negligent or hostile, and uses the software within compliance of the applied enterprise security policy. 4.3 Security Objectives Rationale Please refer to section 4.3 of the AS PP for a description of how the assumptions, threats, and organizational security policies map to the security objectives defined in the AS PP. Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 15 of 38 5. Extended Components This section defines the extended SFRs and extended SARs met by the TOE. 5.1 Extended TOE Security Functional Components Table 11 in section 7.2 below identifies the extended SFRs implemented by the TOE. These extended SFRs’ definitions are not repeated in this ST because they are taken directly from the AS PP and TLS-PKG. 5.2 Extended TOE Security Assurance Components Table 9 identifies the extended SARs claimed for the TOE. These extended SARs’ definitions are taken directly from the AS PP and are not repeated in this ST. Table 9 – Extended TOE Security Assurance Components Name Description ALC_TSU_EXT.1 Timely Security Updates Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 16 of 38 6. Security Assurance Requirements The AS PP identifies the SARs to frame the extent to which the evaluator assesses the documentation applicable for the evaluation and performs independent testing. This section lists the set of SARs that are required in evaluations against the AS PP. The AS PP is conformant to Parts 2 (extended) and 3 (extended) of CC V3.1, Revision 5. The general model for evaluation of TOEs against STs written to conform to PPs is as follows: after the ST has been approved for evaluation, the ITSEF16 will obtain the TOE, supporting environment (if required), and the guidance documentation for the TOE. The ITSEF is expected to perform actions mandated by the Common Evaluation Methodology (CEM) for the ASE and ALC SARs. The ITSEF also performs the Assurance Activities contained within the AS PP. The Assurance Activities that are captured in the AS PP also provide clarification as to what the developer needs to provide to demonstrate the TOE is compliant with the PP. The TOE security assurance requirements are identified in Table 10. Table 10 – Security Assurance Requirements Assurance Requirements Security Target (ASE) Conformance claims (ASE_CCL.1) Extended components definition (ASE_ECD.1) ST introduction (ASE_INT.1) Security objectives (ASE_OBJ.1) Security requirements (ASE_REQ.1) Security problem definition (ASE_SPD.1) TOE summary specification (ASE_TSS.1) Development (ADV) Basic functional specification (ADV_FSP.1) Guidance documents (AGD) Operational user guidance (AGD_OPE.1) Preparative procedures (AGD_PRE.1) Life Cycle Support (ALC) Labeling of the TOE (ALC_CMC.1) TOE CM17 coverage (ALC_CMS.1) Timely Security Updates (ALC_TSU_EXT.1) Tests (ATE) Independent testing – Conformance (ATE_IND.1) Vulnerability assessment (AVA) Vulnerability survey (AVA_VAN.1) 16 ITSEF – Information Technology Security Evaluation Facility 17 CM – Configuration Management Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 17 of 38 7. Security Functional Requirements The individual SFRs are specified in the sections below. SFRs in this section are mandatory SFRs that any conformant TOE must meet. Based on selections made in these SFRs, it will also be necessary to include some of the selection-based SFRs in Appendix B. Optional or Objective SFRs may also be adopted from those listed in Appendix A and Appendix C respectively. The Assurance Activities defined in AS PP describe actions that the evaluator will take in order to determine compliance of a particular TOE with the SFRs. The content of these Assurance Activities will therefore provide more insight into deliverables required from TOE Developers. 7.1 Conventions The conventions used in descriptions of the SFRs are as follows: • Refinement: Indicated with bold text (e.g., [refinement]). • Selection: Indicated with underlined text surrounded by brackets (e.g., [selection]). • Assignment: Indicated with italicized text surrounded by brackets (e.g., [assignment]). • Assignment within a Selection: Indicated with italicized and underlined text surrounded by brackets (e.g., [assignment within a selection]). • Refinement within a Selection: Indicated with bold and underlined text surrounded by brackets (e.g., [assignment within a selection]). • Iteration: Indicated by appending the iteration number in parenthesis, e.g., (1), (2), (3). • Extended SFRs are identified by having a label ‘EXT’ at the end of the SFR name. Operations such as assignments and selections performed by the PP author are identified as shown above; however, they do not appear within brackets. This is done intentionally to delineate between selections or assignments made by the PP author and those made by the ST author. No refinements have been made by the ST author other than grammatical and formatting corrections, or those made in places where a table reference differs from that of the PP. 7.2 Security Functional Requirements This section specifies the SFRs for the TOE and organizes the SFRs by CC class. Table 11 identifies all SFRs implemented by the TOE and indicates the ST operations performed on each requirement. Note that some column headers use the following abbreviations: S=Selection; A=Assignment; R=Refinement; I=Iteration. Table 11 – TOE Security Functional Requirements Name Description S A R I Required SFRs FCS_RBG_EXT.1 Random Bit Generation Services ✓ FCS_CKM_EXT.1 Cryptographic Key Generation Services ✓ FCS_STO_EXT.1 Storage of Credentials ✓ ✓ Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 18 of 38 Name Description S A R I FDP_DAR_EXT.1 Encryption of Sensitive Application Data ✓ FDP_DEC_EXT.1 Access to Platform Resources ✓ FDP_NET_EXT.1 Network Communications ✓ ✓ FMT_CFG_EXT.1 Secure by Default Configuration FMT_MEC_EXT.1 Supported Configuration Mechanism FMT_SMF.1 Specification of Management Functions ✓ ✓ FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information ✓ FPT_AEX_EXT.1 Anti-Exploitation Capabilities ✓ ✓ FPT_API_EXT.1 Use of Supported Services and APIs FPT_IDV_EXT.1 Software Identification and Versions ✓ FPT_LIB_EXT.1 User of Third Party Libraries ✓ FPT_TUD_EXT.1 Integrity for Installation and Update ✓ FTP_DIT_EXT.1 Protection of Data in Transit ✓ Selection-based SFRs FCS_CKM.1(1) Cryptographic Asymmetric Key Generation ✓ ✓ ✓ FCS_CKM.2 Cryptographic Key Establishment ✓ ✓ FCS_COP.1(1) Cryptographic Operation – Encryption/Decryption ✓ ✓ ✓ FCS_COP.1(2) Cryptographic Operation – Hashing ✓ ✓ ✓ FCS_COP.1(3) Cryptographic Operation – Signing ✓ ✓ ✓ FCS_COP.1(4) Cryptographic Operation – Keyed-Hash Message Authentication ✓ ✓ ✓ ✓ FCS_HTTPS_EXT.1/Server HTTPS Protocol ✓ FCS_RBG_EXT.2 Random Bit Generation from Application ✓ FCS_TLS_EXT.1 TLS Protocol ✓ FCS_TLSS_EXT.1 TLS Server Protocol ✓ FCS_TLSS_EXT.4 TLS Server Support for Renegotiation FPT_TUD_EXT.2 Integrity for Installation and Update 7.2.1 Class FCS: Cryptographic Support FCS_CKM.1(1) Cryptographic Asymmetric Key Generation FCS_CKM.1.1(1) The application shall [implement functionality] to generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm [ Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 19 of 38 • RSA18 schemes using cryptographic key sizes of 2048 bit or greater that meet the following: FIPS19 PUB20 186-4, "Digital Signature Standard (DSS), Appendix B.3", • ECC21 schemes using “NIST22 curves” P-256, P-384 and [P-521] that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4 ]. FCS_CKM.2 Cryptographic Key Establishment FCS_CKM.2.1 The application shall [implement functionality] to perform cryptographic key establishment in accordance with a specified cryptographic key establishment method: [ • RSA-based key establishment schemes that meets the following: RSAES-PKCS1-v1_5 as specified in Section 7.2 of RFC 8017, “Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1”, • Elliptic curve-based key establishment schemes that meets the following: NIST Special Publication 800-56A, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography”, ]. FCS_CKM_EXT.1 Cryptographic Key Generation Services FCS_CKM_EXT.1.1 The application shall [implement asymmetric key generation]. FCS_COP.1(1) Cryptographic Operation – Encryption/Decryption FCS_COP.1.1(1) The application shall perform encryption/decryption in accordance with a specified cryptographic algorithm [ • AES23 -GCM24 (as defined in NIST SP25 800-38D) mode ] and cryptographic key sizes [128-bit, 256-bit]. FCS_COP.1(2) Cryptographic Operation – Hashing FCS_COP.1.1(2) The application shall perform cryptographic hashing services in accordance with a specified cryptographic algorithm [SHA26 -256, SHA-384] and message digest sizes [256, 384] bits that meet the following: FIPS Pub 180-4. FCS_COP.1(3) Cryptographic Operation – Signing FCS_COP.1.1(3) 18 RSA – Rivest, Shamir, Adleman 19 FIPS – Federal Information Processing Standards 20 PUB – Publication 21 ECC – Elliptic Curve Cryptography 22 NIST – National Institute of Standards and Technology 23 AES – Advanced Encryption Standard 24 GCM – Galois Counter Mode 25 SP – Special Publication 26 SHA – Secure Hash Algorithm Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 20 of 38 The application shall perform cryptographic signature services (generation and verification) in accordance with a specified cryptographic algorithm [ • RSA schemes using cryptographic key sizes of 2048-bit or greater that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Section 4 ]. FCS_COP.1(4) Cryptographic Operation – Keyed-Hash Message Authentication FCS_COP.1.1(4) The application shall perform keyed-hash message authentication in accordance with a specified cryptographic algorithm • HMAC27 -SHA-256 and [ • SHA-384 ] with key sizes [256, 384] and message digest sizes 256 and [384] bits that meet the following: FIPS Pub 198-1 The Keyed-Hash Message Authentication Code and FIPS Pub 180-4 Secure Hash Standard. FCS_HTTPS_EXT.1/Server HTTPS Protocol FCS_HTTPS_EXT.1.1/Server The application shall implement the HTTPS protocol that complies with RFC 2818. FCS_HTTPS_EXT.1.2/Server The application shall implement HTTPS using TLS as defined in the TLS package. FCS_RBG_EXT.1 Random Bit Generation Services FCS_RBG_EXT.1.1 The application shall [implement DRBG28 functionality] for its cryptographic operations. FCS_RBG_EXT.2 Random Bit Generation from Application FCS_RBG_EXT.2.1 The application shall perform all deterministic random bit generation (DRBG) services in accordance with NIST Special Publication 800-90A using [CTR29 _DRBG (AES)]. FCS_RBG_EXT.2.2 The deterministic RBG30 shall be seeded by an entropy source that accumulates entropy from a platform- based DRBG and [a hardware-based noise source] with a minimum of [256 bits] of entropy at least equal to the greatest security strength (according to NIST SP 800-57) of the keys and hashes that it will generate. FCS_STO_EXT.1 Storage of Credentials FCS_STO_EXT.1.1 The application shall [invoke the functionality provided by the platform to securely store [the TLS private key, registration token, Backup Agent application token]] to non-volatile memory. 27 HMAC – Hash-based Message Authentication Code 28 DRBG – Deterministic Random Bit Generator 29 CTR – Counter Mode 30 RBG – Random Bit Generation Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 21 of 38 FCS_TLS_EXT.1 TLS Protocol FCS_TLS_EXT.1.1 The product shall implement [TLS as a server]. FCS_TLSS_EXT.1 TLS Server Protocol FCS_TLSS_EXT.1.1 The product shall implement TLS 1.2 (RFC 5246) and [no earlier TLS versions] as a server that supports the cipher suites [ • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288, • TLS_ECDHE31 _RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289, • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289, ] and no other cipher suites, and also supports functionality for [session renegotiation]. FCS_TLSS_EXT.1.2 The product shall deny connections from clients requesting SSL32 2.0, SSL 3.0, TLS 1.0, and [TLS 1.1]. FCS_TLSS_EXT.1.3 The product shall perform key establishment for TLS using [ • RSA with size [2048 bits, 3072 bits, 4096 bits], • ECDHE parameters using elliptic curves [secp256r1, secp384r1, secp521r1] and no other curves, ]. FCS_TLSS_EXT.4 TLS Server Support for Renegotiation FCS_TLSS_EXT.4.1 The product shall support the “renegotiation_info” TLS extension in accordance with RFC 5746. FCS_TLSS_EXT.4.2 The product shall include the renegotiation_info extension in ServerHello messages. 7.2.2 Class FDP: User Data Protection FDP_DAR_EXT.1 Encryption of Sensitive Application Data FDP_DAR_EXT.1.1 The application shall [protect sensitive data in accordance with FCS_STO_EXT.1] in non-volatile memory. FDP_DEC_EXT.1 Access to Platform Resources FDP_DEC_EXT.1.1 The application shall restrict its access to [network connectivity]. FDP_DEC_EXT.1.2 The application shall restrict its access to [system logs]. FDP_NET.EXT.1 Network Communications FDP_NET_EXT.1.1 31 ECDHE – Elliptic Curve Diffie Hellman Ephemeral 32 SSL – Secure Sockets Layer Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 22 of 38 The application shall restrict network communication to [ • user-initiated communication for [HTTPS over TLS connections to the TOE’s Management Console (Web UI)], • respond to [remotely initiated TLS communication from Backup Agents in the TOE environment] ]. 7.2.3 Class FMT: Security Management FMT_CFG_EXT.1 Secure by Default Configuration FMT_CFG_EXT.1.1 The application shall provide only enough functionality to set new credentials when configured with default credentials or no credentials. FMT_CFG_EXT.1.2 The application shall be configured by default with file permissions which protect the application binaries and data files from modification by normal unprivileged users. FMT_MEC_EXT.1 Supported Configuration Mechanism FMT_MEC_EXT.1.1 The application shall [invoke the mechanisms recommended by the platform vendor for storing and setting configuration options.] FMT_SMF.1 Specification of Management Functions FMT_SMF.1.1 The TSF shall be capable of performing the following management functions [ • [Query the version of the TOE, • Check for updates to the TOE, • Manage the list of Backup Agents allowed to connect to the TOE • Manage registration tokens used by Backup Agents to connect to the TOE.] ]. 7.2.4 Class FPR: Privacy FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information FPR_ANO_EXT.1.1 The application shall [not transmit PII over a network]. 7.2.5 Class FPT: Protection of the TSF FPT_AEX_EXT.1 Anti-Exploitation Capabilities FPT_AEX_EXT.1.1 The application shall not request to map memory at an explicit address except for [no explicit exceptions]. FPT_AEX_EXT.1.2 The application shall [not allocate any memory region with both write and execute permissions]. Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 23 of 38 FPT_AEX_EXT.1.3 The application shall be compatible with security features provided by the platform vendor. FPT_AEX_EXT.1.4 The application shall not write user-modifiable files to directories that contain executable files unless explicitly directed by the user to do so. FPT_AEX_EXT.1.5 The application shall be built with stack-based buffer overflow protection enabled. FPT_API_EXT.1 Use of Supported Services and APIs FPT_API_EXT.1.1 The application shall use only documented platform APIs. FPT_IDV_EXT.1 Software Identification and Versions FPT_IDV_EXT.1.1 The application shall be versioned with [SWID tags that comply with minimum requirements from ISO/IEC 19770-2:2015]. FPT_LIB_EXT.1 User of Third Party Libraries FPT_LIB_EXT.1.1 The application shall be packaged with only [the list of third-party libraries in Appendix B: Included Third- Party Libraries]. FPT_TUD_EXT.1 Integrity for Installation and Update FPT_TUD_EXT.1.1 The application shall [provide the ability] to check for updates and patches to the application software. FPT_TUD_EXT.1.2 The application shall [provide the ability] to query the current version of the application software. FPT_TUD_EXT.1.3 The application shall not download, modify, replace or update its own binary code. FPT_TUD_EXT.1.4 The application installation package and its updates shall be digitally signed such that its platform can cryptographically verify them prior to installation. FPT_TUD_EXT.1.5 The application is distributed [as an additional software package to the platform OS]. FPT_TUD_EXT.2 Integrity for Installation and Update FPT_TUD_EXT.2.1 The application shall be distributed using the format of the platform-supported package manager. FPT_TUD_EXT.2.2 Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 24 of 38 The application shall be packaged such that its removal results in the deletion of all traces of the application, with the exception of configuration settings, output files, and audit/log events. 7.2.6 Class FTP: Trusted Path/Channel FTP_DIT_EXT.1 Protection of Data in Transit FTP_DIT_EXT.1.1 The application shall [ • encrypt all transmitted [sensitive data] with [HTTPS in accordance with FCS_HTTPS_EXT.1, TLS as defined in the TLS Package] ] between itself and another trusted IT33 product. 33 IT – Information Technology Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 25 of 38 8. TOE Summary Specification This section presents information to detail how the TOE meets the functional requirements described in previous sections of this ST. 8.1 TOE Security Functionality Each of the security requirements and the associated descriptions correspond to the security functions. Hence, each function is described by how it specifically satisfies each of its related requirements. This serves to both describe the security functions and rationalize that the security functions satisfy the necessary requirements. Table 12 – Mapping of TOE Security Functionality to Security Functional Requirements TOE Security Function SFR ID34 Description Cryptographic Support FCS_CKM.1(1) Cryptographic Asymmetric Key Generation FCS_CKM.2 Cryptographic Key Establishment FCS_CKM_EXT.1 Cryptographic Key Generation Services FCS_COP.1(1) Cryptographic Operation – Encryption/Decryption FCS_COP.1(2) Cryptographic Operation – Hashing FCS_COP.1(3) Cryptographic Operation – Signing FCS_COP.1(4) Cryptographic Operation – Keyed-Hash Message FCS_HTTPS_EXT.1/Server HTTPS Protocol FCS_RBG_EXT.1 Random Bit Generation Services FCS_RBG_EXT.2 Random Bit Generation from Application FCS_STO_EXT.1 Storage of Credentials FCS_TLS_EXT.1 TLS Protocol FCS_TLSS_EXT.1 TLS Server Protocol FCS_TLSS_EXT.4 TLS Server Support for Renegotiation User Data Protection FDP_DAR_EXT.1 Encryption of Sensitive Application Data FDP_DEC_EXT.1 Access to Platform Resources FDP_NET_EXT.1 Network Communications Security Management FMT_CFG_EXT.1 Secure by Default Configuration FMT_MEC_EXT.1 Supported Configuration Mechanism FMT_SMF.1 Specification of Management Functions Privacy FPR_ANO_EXT.1 User Consent for Transmission of Personally Identifiable Information Protection of the TSF FPT_AEX_EXT.1 Anti-Exploitation Capabilities FPT_API_EXT.1 Use of Supported Services and APIs 34 ID – Identification Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 26 of 38 TOE Security Function SFR ID34 Description FPT_IDV_EXT.1 Software Identification and Versions FPT_LIB_EXT.1 User of Third Party Libraries FPT_TUD_EXT.1 Integrity for Installation and Update FPT_TUD_EXT.2 Integrity for Installation and Update Trusted Path / Channels FTP_DIT_EXT.1 Protection of Data in Transit 8.1.1 Cryptographic Support The TOE implements the Acronis SCS Cryptographic Library to provide the required algorithms for all cryptographic operations. Each of the cryptographic algorithms supported by the TOE have been tested and certified by the CAVP35 . See Table 13 below for the cryptographic operations implemented by the TOE. Table 13 – Cryptographic Algorithms and Key Sizes Cryptographic Operation Usage Algorithm Key Lengths / Curves / Moduli Certificate Encryption/Decryption TLS, HTTPS AES-GCM 128, 256 CAVP C1351 Key Pair Generation TLS, HTTPS RSA 2048, 3072 CAVP C1351 ECDSA NIST P curves with sizes 256, 384, and 521 CAVP C1351 Digital Signature Generation Digital Signature Verification TLS, HTTPS RSA 2048, 3072 CAVP C1351 Key Establishment TLS, HTTPS RSA 2048, 3072, 4096 N/A36 ECDHE NIST P curves with sizes 256, 384, and 521 CAVP C1351 Message Digest TLS, HTTPS SHA-256, SHA-384 256, 384 CAVP C1351 Message Authentication TLS, HTTPS HMAC-SHA-256, HMAC-SHA-384 256, 384 CAVP C1351 Deterministic Random Bit Generation DRBG CTR_DRBG (AES) 256 CAVP C1351 FCS_CKM_EXT.1 and FCS_CKM.1(1) The TOE implements asymmetric key generation. The schemes implemented by the TOE to generate asymmetric cryptographic keys for key establishment and entity authentication are the RSA and ECC schemes. The RSA keys and key sizes listed in Table 13 are generated for key establishment and entity authentication for TLS and HTTPS. The ECDHE keys and NIST P curves listed in Table 13 are generated for key establishment and entity authentication for TLS and HTTPS. Both RSA and ECC key generation schemes that are implemented by the TOE meet FIPS PUB 186-4. FCS_CKM.2 The TOE implements both RSA and elliptic curve-based key establishment schemes for TLS and HTTPS. The RSA- based schemes meet RSAES-PKCS1-v1_5 as specified in Section 7.2 of RFC 8017. The TOE acts as a recipient for 35 CAVP – Cryptographic Algorithm Validation Program 36 N/A – Not Applicable Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 27 of 38 RSA-based key establishment schemes. The elliptic-curve based schemes for ECDHE meet NIST SP-800 56A. The key sizes and curves used for the key establishment schemes are listed in Table 13. FCS_COP.1(1) The TOE performs AES encryption and decryption for HTTPS and TLS v1.2 trusted path and channel communications. The AES algorithm operates in GCM mode with key sizes of 128 and 256 bits. In TLS and HTTPS sessions, the TOE acts as a TLS server for connections to itself from the Backup Agents and users connecting from a browser. Please refer to FCS_TLSS_EXT.1 for more information on the implementation of the TLS protocol. FCS_COP.1(2) and FCS_COP.1(4) Hashing services are performed by the TOE with the SHA-256 and SHA-384 algorithms and the message digest sizes of 256 and 384 in accordance with FIPS Pub 180-4. The hash functions are used with other TOE cryptographic functions, including digital signature verification and MACs37 . The HMAC-SHA-256 cryptographic algorithm uses the SHA-256 hash function with a cryptographic key size of 256 bits and 256-bit message digest size in accordance with FIPS Pub 198-1. The HMAC-SHA-384 cryptographic algorithm uses the SHA-384 hash function with a cryptographic key size of 384 bits and 384-bit message digest size in accordance with FIPS Pub 198-1. FCS_COP.1(3) For signature generation and verification, the TOE uses the RSA algorithm. The RSA algorithm meets FIPS PUB 186- 4 Section 4 and uses the key sizes of 2048 and 3072 bits. The RSA algorithm is used for HTTPS and TLS connections. FCS_HTTPS_EXT.1/Server The TOE implements HTTPS on trusted paths in compliance with RFC 2818. Acting as a server during remote administration TLS connections, the TOE requires the peer to initiate the connection. The TOE does not support mutual authentication and will not request the peer’s certificate. FCS_RBG_EXT.1 and FCS_RBG_EXT.2 The TOE implements the SP 800-90A CTR_DRBG (AES) for all deterministic random bit generation services. The CTR_DRBG is seeded with a minimum of 256 bits of entropy via RDRAND that accumulates entropy from the Intel DRNG. The amount of entropy used to seed the CTR_DRBG corresponds to the greatest security strength of the algorithms included in the ST (AES-256). Refer to Tables 2 and 3 of NIST SP 800-57A for more information on the algorithm security strengths. FCS_STO_EXT.1 The TOE leverages the Windows Data Protection API to securely store the TOE’s TLS private key, Backup Agent application token, and registration token. The TLS private key is used to decrypt TLS and HTTPS traffic. The registration token is used as an alternative to an administrator’s credentials when installing a Backup Agent while the Backup Agent application token is used by connecting Backup Agents to download the correct configuration and license information. FCS_TLS_EXT.1, FCS_TLSS_EXT.1, and FCS_TLSS_EXT.4 The TOE only implements TLS as a server and is not a TLS client. 37 MAC – Message Authentication Code Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 28 of 38 The TOE implements server-side TLS v1.2 for secure connections from the management workstation to the Management Console (HTTPS) and from the Backup Agents to the Management Server (TLS). The server-side TLS v1.2 connections support the following cipher suites: • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288 • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289 • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289 The TOE only accepts TLS v1.2 requests and denies connections from clients requesting SSL 2.0, SSL 3.0, TLS 1.0, or TLS 1.1. The TOE uses its Acronis SCS Cryptographic Library to generate key establishment parameters for the server Key Exchange message using RSA with key size 2048, 3072, and 4096 bits and ECDHE over NIST curves secp256r1, secp384r1, and secp521r1. The TOE also supports functionality for session renegotiation. The TOE supports the "renegotiation_info" TLS extension in accordance with RFC 5746. It includes the renegotiation_info extension in ServerHello messages. TOE Security Functional Requirements Satisfied: FCS_CKM.1(1), FCS_CKM.2, FCS_CKM_EXT.1, FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(3), FCS_COP.1(4), FCS_HTTPS_EXT.1/Server, FCS_RBG_EXT.1, FCS_RBG_EXT.2, FCS_STO_EXT.1, FCS_TLS_EXT.1, FCS_TLSS_EXT.1, FCS_TLSS_EXT.4 8.1.2 User Data Protection FDP_DAR_EXT.1 The TOE protects sensitive data in accordance with FCS_STO_EXT.1 when it is stored in non-volatile memory. The TOE utilizes the Windows Data Protection API to store a TLS private key that is used for HTTPS and TLS connections, the Backup Agent application tokens for downloading configuration and licensing information, and registration tokens that are used as an alternative to credential when installing the Backup Agents. No other forms of sensitive data are stored by the TOE. Users that authenticate through the TOE are validated by the OS. The TOE only reacts to the returned responses and does not store these credentials. FDP_DEC_EXT.1 and FDP_NET_EXT.1 The TOE restricts its access to platform hardware resources to network connectivity for the TLS connections described in FCS_TLSS_EXT.1. This includes users initiating HTTPS connections to the TOE’s Management Console (via the Web UI) and Backup Agents initiating TLS v1.2 connections to the TOE’s API Gateway. The TOE accesses the system logs to store audit information. It does not access any other sensitive information repositories. TOE Security Functional Requirements Satisfied: FDP_DAR_EXT.1, FDP_DEC_EXT.1, FDP_NET_EXT.1 Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 29 of 38 8.1.3 Security Management FMT_CFG_EXT.1 The TOE does not install with any default credentials. Rather, it uses the credentials of the platform for user authentication. The TOE software must be installed using a local administrator account. During installation all members of the Administrators group are added to the Acronis Centralized Admins group. Any account with the Acronis Centralized Admins group can be used to access the TOE once the installation is complete. The TOE is also configured by default with file permissions that protect the application binaries and data files from modification by normal unprivileged users. This prevents a standard user from modifying the application or its data files. FMT_MEC_EXT.1 The application invokes the mechanisms recommended by the platform vendor for storing and setting configuration options. Application specific settings are stored using the Windows Registry and the C:\ProgramData\ directory. The following features can be used to configure the TOE and the settings saved to the above locations: • Add or delete an agent machine to or from the managed devices. • Manage registration tokens for automated deployment of agent software. FMT_SMF.1 The TOE provides a web UI that is used for all management functionality it provides. If the default port is kept, it can be accessed using either https://localhost:9877/ or at a machine name from the local machine. This is configured during the initial setup and can be accessed by any existing account that is in the Acronis Centralized Admins group. Administrators that are part of the top-level organization in the TOE are able to manage any feature. The TSF is capable of performing the following management functions: • Query the version of the TOE. To check current version, click the question mark icon in the top-right corner and then About. • Check for updates to the TOE. To check for updates manually, click the question mark icon in the top- right corner > About > Check for updates or the question mark icon > Check for updates. • Manage the list of Backup Agent devices allowed to connect to the TOE. To get license information and backup settings, Backup Agents must connect to the TOE. The Devices tab in the web UI allows administrators to add or remove devices from the list of allowed devices. • Manage tokens used by Backup Agents for the initial connection to the TOE when adding a device. A token can be used during the installation of a Backup Agent instead of using the TOE’s administrator account information. Active tokens are listed in the Manage Tokens menu that is viewable when adding a device. TOE Security Functional Requirements Satisfied: FMT_CFG_EXT.1, FMT_MEC_EXT.1, FMT_SMF.1 8.1.4 Privacy FPR_ANO_EXT.1 The TOE does not transmit PII. Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 30 of 38 TOE Security Functional Requirements Satisfied: FPR_ANO_EXT.1 8.1.5 Protection of the TSF FPT_AEX_EXT.1 The TOE does not make requests to map memory at an explicit address and is compiled with ASLR enabled. The TOE does not allocate any memory regions with write and execute permissions. The TOE is compatible with the platform’s security features. More specifically, the application can run successfully with Windows Defender Exploit Guard configured with the following minimum mitigations enabled: Control Flow Guard (CFG), Randomize memory allocations (Bottom-Up ASLR), Export address filtering (EAF), Import address filtering (IAF), and Data Execution Prevention (DEP). The TOE does not write user-modifiable files to directories that contain executable files. The TOE is compiled with the /GS flag enabled by default for stack-based buffer overflow protection and the /NXCOMPAT flag to enable DEP protections for the application. FPT_API_EXT.1 The TOE uses only the documented platform APIs listed in Appendix A: Supported Platform APIs. FPT_IDV_EXT.1 The TOE is versioned with SWID tags that comply with the minimum requirements from ISO/IEC 19770-2:2015. FPT_LIB_EXT.1 The TOE is packaged with the third-party libraries listed in Appendix B: Included Third-Party Libraries. FPT_TUD_EXT.1 and FPT_TUD_EXT.2 The TOE provides the ability to check for updates and patches to the application software. An organization administrator can check for updates by clicking the question mark icon in the top-right corner and then Check for updates. The TOE provides the ability to query the current version of the application software by clicking the question mark icon in the top-right corner and then About. A page pops-up displaying the current version and build number of the TOE as shown in Figure 2. Figure 2 – Querying Current Version of Application Software The TOE does not download, modify, replace or update its own binary code. The TOE’s installation package and its updates are digitally signed so that the platform can verify their signatures before installation. The packages Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 31 of 38 are digitally signed using a 2048-bit RSA key and SHA-256 digest algorithm. The authorized source of this signature is ACRONIS SCS, INC issued by DigiCert. The TOE is distributed as an additional software package to the platform OS. It is packaged in the standard executable (.exe) format. It is packaged such that its removal results in the deletion of all traces of the application, with the exception of configuration settings, output files, and audit/log events. TOE Security Functional Requirements Satisfied: FPT_AEX_EXT.1, FPT_API_EXT.1, FPT_IDV_EXT.1, FPT_LIB_EXT.1, FPT_TUD_EXT.1, FPT_TUD_EXT.2 8.1.6 Trusted Path/Channels FTP_DIT_EXT.1 The TOE encrypts all transmitted sensitive data between itself and a workstation with HTTPS in accordance with HTTPS and TLSv1.2. It also encrypts all transmitted sensitive data between itself and Backup Agents with TLSv1.2. Please refer to the sections FCS_HTTPS_EXT.1 and FCS_TLSS_EXT.1 for more details. TOE Security Functional Requirements Satisfied: FTP_DIT_EXT.1 8.2 Timely Security Updates To keep the TOE secure, Acronis SCS plans to fix security issues depending on the following severity: • Critical: hotfix and workaround are immediately required. • High: hotfix or nearest update, if update is within 3-4 weeks (15-20 business days). • Low-Medium: next major version or update. Issues severity are calculated according to CVSSv3 methodology. For some issues custom severity can be set by security team when CVSSv3 is not appropriate. For example, privacy issues may be prioritized much beyond CVSS score. If issue was reported by 3rd-party and is subject for public disclosure, the fixes will be released within the negotiated disclosure period. Acronis SCS will disclose the following information for vulnerabilities: • Release Notes will contain information that security issues were fixed in a specific release or update. • Release Notes will contain issue IDs and severity in a qualitative form if they are worth mentioning. • In special cases, the details of security issues may be disclosed to customers when it's important to let customers know if their systems/data are at risk. • Acronis SCS will not disclose details of vulnerabilities in documentation. The Acronis SCS Support team will notify customers about security issues related to the TOE in following cases: 1. Issue severity is Critical 2. Issue severity is High and the issue is known to 3rd-party (external report or a known exploitation). Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 32 of 38 The notification will be sent to the most relevant group of customers and include enough information to understand the following: 1. The risk associated with the issue 2. Conditions under which a customer’s system is vulnerable 3. Necessary steps to mitigate the risk Customers that purchase the TOE may email appsupport@acronisscs.com to report security issues pertaining to the TOE. A public key and disclosure policy are posted to the Acronis SCS GitHub (https://github.com/acronisscs/public_disclosure) for use in securing the contents of any security related email. Any update that is released, related to security fixes or not, is deployed to the Acronis SCS website for download. Customers may refer to the email or use the check for update process to see if a new version is available for their installation. Updates can then be downloaded and applied to the TOE as needed. Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 33 of 38 9. Rationale 9.1 Conformance Claims Rationale This Security Target extends Part 2 and extends to Part 3 of the Common Criteria Standard for Information Technology Security Evaluations, Version 3.1 Revision 5. This ST conforms to the AS PP and TLS-PKG. 9.1.1 Variance Between the PP and this ST There is no variance between the AS PP, TLS-PKG, and this ST. 9.1.2 Security Assurance Requirements Rationale The assumptions, threats, OSPs, and objectives defined in this ST are those specified in the AS PP and TLS-PKG. This ST maintains exact conformance to the AS PP and TLS-PKG, including the assurance requirements listed in Section 5 of the AS PP. The TOE is a standalone application that runs on a Windows Server platform and is applicable to the AS PP and TLS-PKG. Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 34 of 38 10. Acronyms Table 14 defines the acronyms used throughout this document. Table 14 – Acronyms Acronym Definition AES Advanced Encryption Standard API Application Programming Interface AS PP Protection Profile for Application Software v1.3; March 01, 2019 ASLR Address Space Layout Randomization CAVP Cryptographic Algorithm Validation Program CC Common Criteria CEM Common Evaluation Methodology CFG Control Flow Guard CLI Command Line Interface CM Configuration Management CTR Counter Mode DEP Data Execution Protection DRBG Deterministic Random Bit Generator DSS Digital Signature Standard EAF Export address filtering EAL Evaluation Assurance Level ECC Elliptic Curve Cryptography ECDHE Elliptic Curve Diffie Hellman Ephemeral FIPS Federal Information Processing Standard GB Gigabyte GCM Galois Counter Mode HMAC Hash-based Message Authentication Code HTTP Hypertext Transport Protocol HTTPS Hypertext Transport Protocol Secure IAF Import address filtering ID Identification IEC International Electrotechnical Commission ISO International Organization for Standardization IT Information Technology Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 35 of 38 Acronym Definition ITSEF Information Technology Security Evaluation Facility MAC Message Authentication Code MB Megabyte N/A Not Applicable NIST National Institute of Standards and Technology OS Operating System OSP Organizational Security Policy PII Personally Identifiable Information PP Protection Profile PUB Publication RAM Random Access Memory RBG Random Bit Generation RFC Request for Comments RSA Rivest, Shamir, Adleman SAR Security Assurance Requirement SFR Security Functional Requirement SHA Secure Hash Algorithm SP Special Publication SQL Structured Query Language SSL Secure Sockets Layer ST Security Target SWID Software Identification TD Technical Decisions TLS Transport Layer Security TLS-PKG Functional Package for Transport Layer Security (TLS), Version 1.1, 12 February 2019 TOE Target of Evaluation UI User Interface VM Virtual Machine Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 36 of 38 Appendix A: Supported Platform APIs The following is a list of the supported platform APIs that the TOE uses: • CreateFile • ReadFile • WriteFile • LockFile • UnlockFile • FILE_NETWORK_OPEN_INFORMATION • NtQueryInformationFile • RegQueryInfoKeyA • RegOpenKey • RegQueryValue • RegCloseKey • Recv • Send • ExitThread • CreateThread Security Target, Version 0.14 August 19, 2020 Acronis Cyber Backup 12.5 SCS Hardened Edition Server v12.5 ©2020 Acronis SCS This document may be freely reproduced and distributed whole and intact including this copyright notice. Page 37 of 38 Appendix B: Included Third-party Libraries Table 15 provides a list of the included third-party libraries that the TOE uses. Table 15 – Included Third-party Libraries Library Library Library curl.dll iconv.dll re2.dll glib-2.0.dll intl.dll tcmalloc.dll gobject-2.0.dll libcurl.dll vix.dll gthread-2.0.dll liblber.dll winpthreads4.dll gvmomi-vix-1.11.0.dll libldap_r.dll zlib1.dll icu38.dll libxml2.dll zstd.dll icudt38.dll python35.dll Prepared by: Corsec Security, Inc. 13921 Park Center Road, Suite 460 Herndon, VA 20171 United States of America Phone: +1 703 267 6050 Email: info@corsec.com http://www.corsec.com