Last Updated 2010-11-11
- Product Name :
- Hitachi Adaptable Modular Storage Microprogram
- Version of TOE :
- 0862/A
- Product Type :
- IT Product (Disk Array Control Software)
- Certification No. :
- C0220
- Date :
- 2010-09-28 (Assurance Continuity)
- Version of Common Criteria:
- 2.3
- Conformance Claim :
- EAL2
- PP Identifier :
- None
- Vendor :
- Hitachi, Ltd.
-
- POC :
- Tatsuya Murakami
- Division :
-
Disk Array Systems Division
Disk Array Software Development Dept. III
- Phone :
- +81-465-49-1111
- E-mail :
-
- Evaluation Facility :
- Electronic Commerce Security Technology Laboratory Inc. Evaluation Center
- Security Target :
(787 KB)(2010-11-11) - Assurance Continuity Maintenance Report :
(44 KB)(2010-11-11)
PRODUCT DESCRIPTION
Description of TOE
The TOE is a control program (software) that runs on a disk array subsystem manufactured by Hitachi, Ltd.: 滴itachi Adaptable Modular Storage 2100・ 滴itachi Adaptable Modular Storage 2300・or 滴itachi Adaptable Modular Storage 2500・ The TOE controls data transfer between the disk array subsystem and the host (server) connected to the disk array subsystem and manages the data stored in the subsystem.
The TOE provides a function to permit the management operation of the disk array subsystem only for the account of the authorized administrator and a function to record events of the management operation in logs as the security functions.
TOE security functions
The TOE has the following security functions.
| (1) Account Authentication function | ||
| - Identification/Authentication | ||
| When the administrator performs the setting operations of the disk array subsystem, this function performs the account identification/authentication of the administrator. | ||
| - Execution control by roles | ||
| If the role given to the account permits the setting operation, it is executed. If it is not permitted, the setting operation is not executed. | ||
| - Time-out function | ||
| If the operation is not performed for a certain period of time, the session of the account is disabled, and it is timed out. | ||
| - Account management | ||
| This function manages the user ID, password, account enabled/disabled attribute, and role assignment response per account as the account information. | ||
| (2) Audit Logging function | ||
| - Audit log acquisition | ||
| When an audit event related to the security function in The TOE such as login success/failure of the account of the administrator occurs, this function acquires the event as an audit log. Furthermore, it performs enabled/disabled setting of the audit log acquisition. | ||
| - Audit log erasing | ||
| This function erases the audit logs (batch erasing of all audit logs acquired in the past). | ||
| (3) Setting function | ||
| This function enables or disables the Account Authentication function and the Audit Logging function. | ||