IBM Corporation IBM Security QRadar FIPS Appliance Hardware Part Number: QR24; Firmware Version: v7.1 MR1 FIPS 140-2 Non-Proprietary Security Policy FIPS Security Level: 2 Document Version: 0.6 Prepared for: Prepared by: IBM Corporation Corsec Security, Inc. 1 New Orchard Road 13135 Lee Jackson Memorial Hwy, Suite 220 Armonk, NY 10504-1722 Fairfax, VA 22033 United Stated of America United States America Phone: +1 914-499-1900 Phone: +1 703-267-6050 http://www.ibm.com http://www.corsec.com Security Policy, Version 0.6 November 13, 2014 Table of Contents 1 INTRODUCTION ................................................................................................................... 4 1.1 PURPOSE ................................................................................................................................................................ 4 1.2 REFERENCES .......................................................................................................................................................... 4 1.3 DOCUMENT ORGANIZATION ............................................................................................................................ 4 2 IBM SECURITY QRADAR FIPS APPLIANCE ...................................................................... 5 2.1 OVERVIEW ............................................................................................................................................................. 5 2.2 MODULE SPECIFICATION..................................................................................................................................... 7 2.3 MODULE INTERFACES .......................................................................................................................................... 7 2.4 ROLES, SERVICES, AND AUTHENTICATION ....................................................................................................... 9 2.4.1 Authorized Roles ..................................................................................................................................................... 9 2.4.2 Services ...................................................................................................................................................................... 9 2.4.3 Authentication Mechanisms ............................................................................................................................. 13 2.5 PHYSICAL SECURITY ...........................................................................................................................................15 2.6 OPERATIONAL ENVIRONMENT.........................................................................................................................15 2.7 CRYPTOGRAPHIC KEY MANAGEMENT ............................................................................................................15 2.7.1 Key Generation..................................................................................................................................................... 20 2.7.2 Key Entry and Output ........................................................................................................................................ 20 2.7.3 Key/CSP Storage and Zeroization .................................................................................................................. 20 2.8 EMI/EMC ............................................................................................................................................................20 2.9 SELF-TESTS ..........................................................................................................................................................20 2.9.1 Power-Up Self-Tests ............................................................................................................................................ 20 2.9.2 Conditional Self-Tests ......................................................................................................................................... 20 2.10 MITIGATION OF OTHER ATTACKS ..................................................................................................................21 3 SECURE OPERATION ......................................................................................................... 22 3.1 CRYPTO-OFFICER GUIDANCE ..........................................................................................................................22 3.1.1 Appliance Setup ................................................................................................................................................... 22 3.1.2 Initialization ........................................................................................................................................................... 24 3.1.3 Management ........................................................................................................................................................ 25 3.1.4 Physical Inspection............................................................................................................................................... 25 3.1.5 Zeroization ............................................................................................................................................................ 25 3.2 USER GUIDANCE ................................................................................................................................................25 3.3 NON-APPROVED MODE OF OPERATION .......................................................................................................25 4 ACRONYMS .......................................................................................................................... 26 Table of Figures FIGURE 1 – IBM SECURITY QRADAR FIPS APPLIANCE ........................................................................................................6 FIGURE 2 – QRADAR FIPS APPLIANCE FRONT PANEL FEATURES AND INDICATORS ......................................................8 FIGURE 3 – QRADAR FIPS APPLIANCE BACK PANEL FEATURES AND INDICATORS.........................................................8 FIGURE 4 – TAMPER-EVIDENT SEAL APPLICATION POSITIONS (TOP) ............................................................................. 23 FIGURE 5 – TAMPER-EVIDENT SEAL APPLICATION POSITIONS (TOP/SIDE) .................................................................... 23 FIGURE 6 – TAMPER-EVIDENT SEAL APPLICATION POSITIONS (TOP/REAR) .................................................................. 24 FIGURE 7 – TAMPER-EVIDENT SEAL APPLICATION POSITIONS (REAR) ........................................................................... 24 FIGURE 8 – TAMPER-EVIDENT SEAL APPLICATION POSITIONS (FRONT) ........................................................................ 24 List of Tables TABLE 1 – SECURITY LEVEL PER FIPS 140-2 SECTION ..........................................................................................................6 TABLE 2 – FIPS 140-2 LOGICAL AND PHYSICAL INTERFACE MAPPINGS ...........................................................................8 TABLE 3 – CRYPTO-OFFICER ROLE’S SERVICES .................................................................................................................. 10 IBM Security QRadar FIPS Appliance Page 2 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 TABLE 4 – FIPS ADMIN ROLE’S SERVICES ............................................................................................................................ 10 TABLE 5 – USER ROLE’S SERVICES ........................................................................................................................................ 11 TABLE 6 – AUTHENTICATION MECHANISMS EMPLOYED BY THE MODULE .................................................................... 14 TABLE 7 – APPROVED ALGORITHM IMPLEMENTATIONS.................................................................................................... 15 TABLE 8 – APPROVED KEY DERIVATION FUNCTION IMPLEMENTATIONS ...................................................................... 16 TABLE 9 – CRYPTOGRAPHIC KEYS, CRYPTOGRAPHIC KEY COMPONENTS, AND CSPS............................................... 17 TABLE 10 – ACRONYMS ........................................................................................................................................................ 26 IBM Security QRadar FIPS Appliance Page 3 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 1 Introduction This section introduces the non-proprietary Security Policy for the IBM Security QRadar FIPS Appliance. 1.1 Purpose This is a non-proprietary Cryptographic Module Security Policy for the IBM Security QRadar FIPS Appliance. This Security Policy describes how the IBM Security QRadar FIPS Appliance meets the security requirements of FIPS Publication 140-2, which details the U.S. and Canadian Government requirements for cryptographic modules. More information about the FIPS 140-2 standard and validation program is available on the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC) Cryptographic Module Validation Program (CMVP) website at http://csrc.nist.gov/groups/STM/cmvp. This document also describes how to run the module in a secure FIPS-Approved mode of operation. This policy was prepared as part of the Level 2 FIPS 140-2 validation of the module. The IBM Security QRadar FIPS Appliance is referred to in this document as QRadar, the cryptographic module, or the module. 1.2 References This document deals only with operations and capabilities of the module in the technical terms of a FIPS 140-2 cryptographic module security policy. More information is available on the module from the following sources:  The IBM website (www.ibm.com) contains information on the full line of solutions from IBM.  The CMVP website (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm) contains contact information for individuals to answer technical or sales-related questions for the module. 1.3 Document Organization The Security Policy document is one document in a FIPS 140-2 Submission Package. In addition to this document, the Submission Package contains:  Vendor Evidence document  Finite State Model document  Other supporting documentation as additional references This Security Policy and the other validation submission documentation were produced by Corsec Security, Inc. under contract to IBM Corporation. With the exception of this Non-Proprietary Security Policy, the FIPS 140-2 Submission Package is proprietary to IBM and is releasable only under appropriate non- disclosure agreements. For access to these documents, please contact IBM. IBM Security QRadar FIPS Appliance Page 4 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 2 IBM Security QRadar FIPS Appliance This section describes the IBM Security QRadar FIPS Appliance by IBM Corporation. 2.1 Overview IBM’s QRadar Release v7.1 MR1 is a distributed network security management platform that provides situational awareness and compliance support through the combination of flow-based network knowledge, security event correlation, log management, and asset-based vulnerability assessment. QRadar integrates previously disparate functions (including risk management, log management, network behavior analytics, and security event management) into a total security intelligence solution, making it the most intelligent, integrated, and automated SIEM product available. Built on an IBM platform, the QRadar solution provides users with crucial visibility into what is occurring with their networks, data centers, and applications to better protect Information Technology (IT) assets and meet regulatory requirements. QRadar collects and processes data including log data (from security devices, network devices, applications, and databases); network activity data, or “flows” (from network taps, mirror ports, or third- party flow sources such as NetFlow), and vulnerability assessment data. The product produces security events by real-time event and flow matching and by comparing the collected data to historical flow-based behavior patterns. The security events are then correlated by the product to produce weighted alerts (i.e. offenses) which can be viewed in the web-based QRadar Graphical User Interface (GUI) as well as sent to users or other solutions via email, syslog, or SNMP 1 trap. QRadar:  Provides a customizable interface through which users can view summaries and detailed information about offenses, log and event activity, and network activity (flows) occurring on a given network.  Analyzes overall network security, vulnerability states, and network traffic behavior.  Automatically discovers servers and hosts operating on a given network in order to build an asset profile. User identity, vulnerability data and passively learned services information are correlated back to the asset profile.  Allows users to create, distribute, and manage reports for any data. QRadar tracks significant incidents and threats, and builds a history of supporting and relevant information. Information such as point-in-time, offending users or targets, attacker profiles, vulnerability state, asset value, active threats and records of previous offenses all help provide security teams with the intelligence they need to act regardless of where they are. QRadar employs cryptographic functions to secure the GUI and the QConsole interface. The QConsole is used either locally or over Secure Shell (SSH) to manage the cryptographic module. Administration of the appliance and viewing network events takes place on the GUI over Transport Layer Security (TLS) sessions. The IBM Security QRadar FIPS Appliance (seen in Figure 1 below) is an enterprise-class network security management appliance that combines security information, event management, and log management, and is well-suited for organizations ranging from medium-sized to large, globally-deployed entities. QRadar SNMP – Simple Network Management Protocol 1 IBM Security QRadar FIPS Appliance Page 5 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 serves as the base platform for geographically-dispersed organizations or any organization that requires an integrated solution to monitor their global network with the efficiency of a single web-based QRadar user interface. Figure 1 – IBM Security QRadar FIPS Appliance To provide security for all QRadar flow and event traffic between appliances, SSH encryption can be enabled via the QConsole interface. The appliance employs a cryptographic library to provide its security services needed for the SSH tunnels and the HTTPS2-secured GUI sessions. The IBM Security QRadar FIPS Appliance is validated at the following FIPS 140-2 Section levels shown in Table 1. Table 1 – Security Level per FIPS 140-2 Section Section Section Title Level 1 Cryptographic Module Specification 2 2 Cryptographic Module Ports and Interfaces 2 3 Roles, Services, and Authentication 2 4 Finite State Model 2 5 Physical Security 2 N/A3 6 Operational Environment 7 Cryptographic Key Management 2 EMI/EMC4 8 2 9 Self-tests 2 10 Design Assurance 2 11 Mitigation of Other Attacks N/A 14 Cryptographic Module Security Policy 2 HTTPS – Hypertext Transfer Protocol - Secure 2 N/A – Not Applicable 3 EMI/EMC – Electromagnetic Interference / Electromagnetic Compatibility 4 IBM Security QRadar FIPS Appliance Page 6 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 2.2 Module Specification The IBM Security QRadar FIPS Appliance is a multi-chip standalone hardware module that meets overall Level 2 FIPS 140-2 requirements. The cryptographic boundary of the QRadar is defined by the hard metal appliance chassis, which surrounds all the hardware and software components. 2.3 Module Interfaces Interfaces on the module can be categorized as the following FIPS 140-2 logical interfaces:  Data Input Interface  Data Output Interface  Control Input interface  Status Output Interface  Power Interface These logical ports map to the module’s physical ports and interfaces. Physical ports and interfaces for the module are as follows (quantities appear in parentheses): Front:  Up to 12 hot-swappable Hard Disk Drives  (13) Hard Drive Activity Indicators  (12) Hard Drive Status Indicators  Power Button  Power Supply Status Indicators  Universal Serial Bus (USB) Ports  System error Indicator  Locator  System Identification (ID) label Rear:  Systems-management Ethernet Interface (optional)  Gb5 Ethernet RJ-45 Connectors  Ethernet activity light-emitting diodes (LED)s  Ethernet link LEDs  NMI6 Button  Power Supply Interfaces  Power Supply Status Indicators  (1) 9-Pin Serial Port Connector  (2) USB Ports  (2) 15-pin Video Connectors  (2) PCIe7 slots  (4) Hot swappable Hard Disk Drives Figure 2 and Figure 3 illustrate the front and back panel features and indicators of the module. Gb – Gigabit 5 NMI – Non-Maskable Interrupt 6 PCIe – Peripheral Component Interconnect Express 7 IBM Security QRadar FIPS Appliance Page 7 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 Figure 2 – QRadar FIPS Appliance Front Panel Features and Indicators Figure 3 – QRadar FIPS Appliance Back Panel Features and Indicators All of these physical interfaces map to logical interfaces defined by FIPS 140-2, as described in Table 2. Table 2 – FIPS 140-2 Logical and Physical Interface Mappings FIPS 140-2 Logical Interface Module Interface  Ethernet interfaces Data Input  Serial connector  USB ports  Ethernet interfaces Data Output  Serial connector  USB ports  Control Input System management interface  Ethernet interfaces  NMI button  Power button  Serial connector IBM Security QRadar FIPS Appliance Page 8 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 FIPS 140-2 Logical Interface Module Interface  Status Output System management interface  Hard drive status and activity indicators  Ethernet interfaces  Ethernet interface activity and link indicators  Power supply status indicators  Serial connector  System error indicator  Video connector  Power supply interface Power 2.4 Roles, Services, and Authentication The following sections described the authorized roles supported by the module, the services provided for those roles, and the authentication mechanisms employed. 2.4.1 Authorized Roles The module supports role-based authentication. There are three authorized roles in the module that an operator may assume: a Crypto-Officer (CO) role, a FIPS Admin role, and a User role.  Crypto-Officer – The Crypto-Officer role performs administrative services on the module, such as initialization, configuration, and monitoring of the module. Before accessing the module for any administrative service, the operator must authenticate to the module. The module offers 2 management interfaces: o Web GUI – Accessible only by User roles o QConsole – Accessible only by CO and FIPS Admin roles  FIPS Admin – The FIPS Admin role has the ability to modify system files, view logs, and reboot the appliance.  User – The User role has the ability to perform basic cryptographic operations. 2.4.2 Services All services require that operators assume an authorized role. The services associated with each role are listed in Table 3, Table 4, and Table 5 below. Please note that the keys and Critical Security Parameters (CSPs) listed in Table 3 use the following indicators to show the type of access required:  R (Read): The CSP is read  W (Write): The CSP is established, generated, modified, or zeroized  X (Execute): The CSP is used within an Approved or Allowed security function or authentication mechanism IBM Security QRadar FIPS Appliance Page 9 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 Table 3 – Crypto-Officer Role’s Services Service Description Input Output CSP and Type of Access Commit Apply changes to system Command Command None files Response Deploy Start a full deploy on the Command Command None appliance. Restarts all Response services and Status Output Disable FIPS Takes the module out of Command Command Advanced Encryption Standard (AES) – W FIPS mode; reboots Response Triple Data Encryption Standard (Triple-DES) appliance; restarts and Status –W services Output RSA public/private keys – W Diffie-Hellman (DH) – W (keyed) Hash Message Authentication Code (HMAC) – W Display status Displays status of the Command Command None operating system (OS), Response required RPM8 files, log and Status settings, and FIPS mode Output Get logs Collects system log data Command Command None Response Modify log source Modifies the sources for Command Command None the system log data Response Reboot Reboots the module Command Status AES – W Output Triple-DES – W RSA public/private keys – W DH – W HMAC – W Start, stop, or Starts, stops, or restarts Command Command AES – W restart a service any service the CO has Response Triple-DES – W access to on the appliance Shutdown Shuts down the appliance Command Status AES – W Output Triple-DES – W RSA public/private keys – W DH – W HMAC – W Table 4 – FIPS Admin Role’s Services Service Description Input Output CSP and Type of Access Commit Apply changes to Command Command None system files Response Deploy Start a full deploy on Command Command AES – W the appliance. Response Triple-DES – W Restarts all services and Status RSA public/private keys – W Output DH – W HMAC – W RPM – Red Hat Package Manager 8 IBM Security QRadar FIPS Appliance Page 10 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 Service Description Input Output CSP and Type of Access Get logs Collects system log Command Command None data Response Modify log source Modifies the sources Command Command None for the system log Response data Reboot Reboots the module Command Status AES – W Output Triple-DES – W RSA public/private keys – W DH – W HMAC – W Shutdown Shuts down the Command Status AES – W appliance Output Triple-DES – W RSA public/private keys – W DH – W HMAC – W Table 5 – User Role’s Services Service Description Input Output CSP and Type of Access Admin GUI User only Manage Roles View, create, edit, and Command Command None delete operator roles for Response GUI only. Manage Accounts Create, edit, and disable Command Command None operator accounts Response Set Authentication Set the module to Command Command RADIUS key – W Type perform authentication Response TACACS key – W via system, RADIUS9, LDAP credential – W TACACS10, or LDAP11/Active Directory Manage License View, update, and export Command Command None Keys license keys Response Restart System Restart the module Command Command AES – W Response Triple-DES – W RSA public/private keys – W DH – W HMAC – W Shut Down System Shut down the module Command Command AES – W Response Triple-DES – W RSA public/private keys – W DH – W HMAC – W RADIUS – Remote Authentication Dial-In User Service 9 TACACS – Terminal Access Control Access Control System 10 LDAP – Lightweight Directory Access Protocol 11 IBM Security QRadar FIPS Appliance Page 11 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 Service Description Input Output CSP and Type of Access Admin GUI User only Configure Access Configure firewall access, Command Command User passwords – W, X Settings update host set-up, Response configure interface roles, change passwords, and update system time Configure System Set up network Command Command None hierarchy, system Response settings, system notifications schedules, and Console settings Manage Authorized View, add, and revoke Command Command None Services authorized services; Response configure customer support service Manage Backup and Manage backup archives Command Command None Recovery and backup/restore data Response Edit Deployment Create a deployment, Command Command AES – R, W, X assign connections, and Response Triple-DES – R, W, X configure individual module component Manage Flow Manage flow sources and Command Command None Sources flow source aliases Response Configure Remote Manage QRadar remote Command Command None Networks and networks and services Response Services Configure Rules Configure rules to Command Command None perform tests on events, Response flows, and offenses Discover Servers Discover servers for Command Command None creating server-type Response building blocks Forward Syslog Forward raw or Command Command None Data normalized syslog data to Response specified destinations Select Data Sources Provides access to Command Command None vulnerability scanners, Response log source management, custom event and flow properties, and flow sources Configure Plug-Ins Provides access to plug- Command Command None in components, such as Response the plug-in for the QRadar Risk Manager View Audit Logs Allow User to view audit Command Command None log files Response Perform self-tests Run self-tests on demand Command Status None via reboot Output IBM Security QRadar FIPS Appliance Page 12 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 Service Description Input Output CSP and Type of Access Admin GUI User only Zeroize Zeroizes the module to Command Status AES – W the factory default state Output Triple-DES – W RSA public/private keys – W DH – W HMAC – W RADIUS key –W TACACS key – W All Users Manage Dashboard View, create, edit, and Command Command None delete a dashboard Response Analyze Events Analyze records from a Command Command None network activity log Response Analyze Flows Monitor network flow Command Command None data in real-time Response Manage Assets View and manage asset Command Command None profiles Response Manage Reports Create, generate, Command Command None customize, and view Response reports 2.4.3 Authentication Mechanisms The module supports role-based authentication to control access to services that require access to sensitive keys and CSPs. The CO and FIPS Admin roles are the only roles authorized to access the QConsole. Users can only connect to the Web GUI. To access module services, the CO and FIPS Admin role must authenticate using a user ID and password. This can be done locally or using SSH to establishing a secure tunnel to the QConsole. Secure sessions that authenticate the CO and FIPS Admin only provide the services associated with those roles (i.e., they have no interface available to access other services). Each CO or FIPS Admin SSH session remains active and secured using the tunneling protocol until the operator logs out or an inactivity time is reached. Users connecting to the module through the Web GUI must first establish a TLS session. These Users then enter a username and password which may be authenticated locally or through the use of external RADIUS, TACACS, or LDAP servers. The module employs the authentication methods described in Table 6 belowError! Reference source not found. to authenticate a Crypto-Officer, FIPS Admin, and User. IBM Security QRadar FIPS Appliance Page 13 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 Table 6 – Authentication Mechanisms Employed by the Module Role Type of Authentication Authentication Strength Crypto-Officer Password Passwords are required to be at least 6 characters long. The and FIPS Admin maximum password length is 64 characters. Case-sensitive alphanumeric characters and special characters can be used with repetition, which gives a total of 69 characters to choose from. The chance of a random attempt falsely succeeding is 1:696, or 1: 107,918,163,081. This would require about 1,079,181 attempts in one minute to raise the random attempt success rate to more than 1:100,000. The fastest connection supported by the module is 1 Gbps12. Hence, at most 60,000,000,000 bits of data (1000 × 106 × 60 seconds, or 6 x 1010) can be transmitted in one minute. At that rate and assuming no overhead, a maximum of 812,759 attempts can be transmitted over the connection in one minute. The maximum number of attempts that this connection can support is less than the amount required per minute to achieve a 1:100,000 chance of a random attempt falsely succeeding. User Password or Certificate Passwords are required to be at least 6 characters long. The maximum password length is 64 characters. Case-sensitive alphanumeric characters and special characters can be used with repetition, which gives a total of 94 characters to choose from. The chance of a random attempt falsely succeeding is 1:946, or 1: 689,869,781,056. This would require about 6,898,697 attempts in one minute to raise the random attempt success rate to more than 1:100,000. Since the user is locked out for 30 minutes after every 5 unsuccessful attempts, the most attempts that could be done in one minute would be 5. The maximum number of attempts that this connection can support is less than the amount required per minute to achieve a 1:100,000 chance of a random attempt falsely succeeding. Certificates used as part of TLS and SSH are at a minimum 1024 bits. The chance of an attack falsely succeeding is 1:280, or 1:120,893 x 1024. The fastest network connection supported by the module is 1 Gbps. Hence, at most 60,000,000,000 bits of data (1000 × 106 × 60 seconds, or 6 × 1010) can be transmitted in one minute. The passwords are sent to the module via security protocols TLS and SSH. These protocols provide strong encryption (AES 128-bit key at minimum, providing 128 bits of security) and require large computational and transmission capability. The probability that a brute force attack will succeed or a false acceptance will occur is less than 1:2128 x 844. 2.4.3.1 Authentication Data Protection The module does not allow the disclosure, modification, or substitution of authentication data to unauthorized operators. Authentication data can only be modified by the operator who has assumed the Gbps – Gigabits per second 12 IBM Security QRadar FIPS Appliance Page 14 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 User role with administrator privileges. The module hashes User’s passwords with an SHA-113 hash function and stores the hashed password in a password database. CO and FIPS Admin roles passwords are encrypted using Triple-DES and stored in a password database. If a User attempts to access the system multiple times (5 by default) using invalid information, the User must wait the configured amount of time (30 minutes by default) before attempting to access the system again. 2.5 Physical Security The IBM Security QRadar FIPS Appliance is a multi-chip standalone cryptographic module. The module is contained in a hard metal chassis which is defined as the cryptographic boundary of the module. The module’s chassis is opaque within the visible spectrum. The enclosure of the module has been designed to satisfy Level 2 physical security requirements. There are a limited set of ventilation holes provided in the case that, when coupled with factory-installed internal opacity baffles, prevent visual inspection the internal components of the module. Tamper-evident seals are applied to the case to provide physical evidence of attempts to remove the chassis cover or front bezel. The QRadar system has been tested and found conformant to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (i.e., for business use). 2.6 Operational Environment The module employs a non-modifiable operating environment. The module runs Red Hat Enterprise Linux (RHEL) v6.3, and operators are provided with no mechanisms with which to modify the operating system. Also, the module does not provide a mechanism to add additional software/firmware onto the appliance. The module’s firmware is executed by the module’s Intel Xeon processor. 2.7 Cryptographic Key Management Security functions offered by the libraries in the module’s Approved mode of operation (and their associated algorithm implementation certificate numbers) are listed in Table 7 below. Table 7 – Approved Algorithm Implementations Algorithm Certificate Number 14 15 16 17 AES in ECB /CBC /CFB /OFB modes: 128/192/256-bit #2562 Triple-DES in ECB/CBC/CFB8/CFB64/OFB modes: 168/192-bit #1550 RSA ANSI X9.31 signature generation (2048/3072-bit); signature #1313 verification (1024/2048/3072-bit) RSA PKCS18 #1.5 signature generation (2048/3072-bit); signature #1313 verification (1024/2048/3072-bit) RSA PSS19 signature generation (2048/3072-bit); signature verification #1313 (1024/2048/3072-bit) SHA – Secure Hash Algorithm 13 ECB – Electronic Code Book 14 CBC – Cipher Block Chaining 15 CFB – Cipher Feedback 16 OFB – Output Feedback 17 PKCS – Public-Key Cryptography Standards 18 IBM Security QRadar FIPS Appliance Page 15 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 Algorithm Certificate Number SHA-1, SHA-256, SHA-512 #2160 HMAC using SHA-1, SHA-256, SHA-512 #1581 ANSI X9.31 Pseudo-Random Number Generator (PRNG) using AES #1216 NOTE: The following security functions have been deemed “deprecated” or “legacy-use” by NIST. Please refer to NIST Special Publication 800-131A for specific guidance on transitions to the use of stronger cryptographic keys and more robust algorithms.  Two-key Triple-DES  RSA 1024-bit signature verification  ANSI X9.31 PRNG Key derivation functions implemented by the module (and their associated CVL 20 certificate numbers) are listed in Table 8 below. Table 8 – Approved Key Derivation Function Implementations Algorithm Certificate Number TLS 1.0 KDF using SHA-1 #194 SSH KDF using SHA-1, SHA-256, and SHA-512 #194 NOTE: The TLS and SSH protocols have not been reviewed or tested by the CAVP and CMVP The module implements the following non-Approved security functions which are allowed for use in a FIPS-Approved mode of operation:  non-Approved random number generator for seed generation  Message Digest 5 (MD5) for password hashing The module utilizes the following key establishment methodologies which are allowed for use in a FIPS- Approved mode of operation:  Diffie-Hellman (key agreement; key establishment methodology provides at least 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)  RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength) The module also includes the following non-compliant algorithms:  1024-bit RSA ANSI X9.31 signature generation  1024-bit RSA PKCS #1 signature generation  1024-bit RSA PSS signature generation PSS – Probabilistic Signature Scheme 19 CVL – Component Validation List 20 IBM Security QRadar FIPS Appliance Page 16 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 The module supports the CSPs listed below in Table 9. Table 9 – Cryptographic Keys, Cryptographic Key Components, and CSPs CSP CSP/Key Type Generation / Input Output Storage Zeroization Use AES Keys AES 128, 192, Internally generated Never Plaintext in On session TLS or SSH session key ECB, CBC, 256-bit keys volatile termination or by OFB, CFB 128 memory command, power Encryption/decryption cycle, reboot Triple-DES Triple-DES 168, Internally generated Never Plaintext in On session TLS or SSH session key Keys 192-bit key volatile termination or by ECB, CBC, memory command, power Encryption/decryption CFB 8, CFB cycle, reboot 64, OFB RSA Private RSA 1024, 2048 Imported via TLS Never Plaintext in By command, Signature generation, Key and 3072-bit key volatile power cycle, decryption memory reboot Negotiating TLS or SSH sessions RSA Public RSA 1024, 2048 Imported via TLS Never Plaintext in By command, Signature verification, Key and 3072-bit key volatile power cycle, encryption memory reboot Output during Negotiating TLS or SSH sessions TLS/SSH negotiation in plaintext DH Public Key Public Module’s public key Output during Plaintext in By command, Negotiating SSH or TLS sessions components of is internally TLS/SSH volatile power cycle, DH protocol generated via negotiation in memory reboot Approved FIPS plaintext PRNG. Other entities’ public keys are sent to the module in plaintext. DH Private Private Internally generated Never Plaintext in By command, Negotiating SSH or TLS sessions Key components of volatile power cycle, DH protocol memory reboot IBM Security QRadar FIPS Appliance Page 17 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 CSP CSP/Key Type Generation / Input Output Storage Zeroization Use ANSI 128-bit random Taken from Never Plaintext in By command, Generate random number X9.31PRNG value dev/urandom volatile power cycle, Seed memory reboot PRNG Seed AES 128-, 192-, Generated internally Never Plaintext in By command, Generate random number Key or 256-bit key volatile power cycle, memory reboot Crypto-Officer Passphrase of at Entered by a CO or Never Stored on disk Zeroized when the Used for authenticating all COs and FIPS Admin over CLI21 Password least six FIPS Admin locally in encrypted password is characters form updated with a FIPS Admin new password Password User Passphrase of at Entered by User over Never Stored on disk Zeroized when the Used for authenticating all Users Password least five secure TLS channel in hashed form password is over GUI characters updated with a new password RADUIS Alpha-numeric Entered by User over Never Stored on disk Zeroized when the This password is used by the credential string secure TLS channel in hashed form password is module to authenticate itself to updated with a the RADIUS server. This new password password is required for the module to validate the credential supplied by the user with the RADIUS server LDAP Alpha-numeric Entered by User over Never Stored on disk Zeroized when the This password is used by the credential string secure TLS channel in hashed form password is module to authenticate itself to updated with a the LDAP server. This password is new password required for the module to validate the credential supplied by the user with the LDAP server TACACS Alpha-numeric Entered by User over Never Stored on disk Zeroized when the A shared secret to remote Server string secure TLS channel in hashed form password is TACACS server Encryption updated with a Key new password CLI – Command Line Interface 21 IBM Security QRadar FIPS Appliance Page 18 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 CSP CSP/Key Type Generation / Input Output Storage Zeroization Use HMAC Key HMAC key Internally generated Never Plaintext in By command, Message Authentication SHA-1, 256, or volatile power cycle, 512 memory reboot Software HMAC SHA-256 Externally generated Never Hard-coded in By uninstalling the Used to perform the software Integrity Keys key and hard-coded in plaintext module integrity test at power-on. the image SMNP Privacy AES CFB 128-bit Externally generated, Never Stored on disk By command, Encrypting SNMPv3 packets Key key imported in in hashed form power cycle, encrypted form via a reboot secure TLS or SSH session IBM Security QRadar FIPS Appliance Page 19 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 2.7.1 Key Generation The module uses an ANSI X9.31 Appendix A.2.4 PRNG implementation to generate cryptographic keys. This PRNG is FIPS-Approved as shown in Annex C to FIPS PUB 140-2. 2.7.2 Key Entry and Output The cryptographic module itself does not support key entry or key output from its physical boundary. However, keys are passed to the module as parameters from the applications resident on the host platform via the exposed APIs. Similarly, keys and CSPs exit the module in plaintext via the well-defined exported APIs. 2.7.3 Key/CSP Storage and Zeroization Symmetric, asymmetric, and HMAC keys are either provided by or delivered to the calling process, and are subsequently destroyed by the module at the completion of the API call. Keys and CSPs stored in random access memory (RAM) can be zeroized by a power cycle or a host system reboot. The X9.31 PRNG seed and seed key are initialized by the module at power-up and remain stored in RAM until the module is uninitialized by a host system reboot or power cycle. The HMAC keys that are used to verify the integrity of the module during power-on self tests are stored in files residing on the host IBM FIPS Appliance. 2.8 EMI/EMC QRadar was tested and found conformant to the EMI/EMC requirements specified by 47 Code of Federal Regulations, Part 15, Subpart B, Unintentional Radiators, Digital Devices, Class A (business use). 2.9 Self-Tests This section describes the power-up and conditional self-tests performed by the module. 2.9.1 Power-Up Self-Tests The IBM Security QRadar FIPS Appliance performs the following self-tests automatically at power-up:  Software integrity check (HMAC-SHA-512) over kernel and critical components of the module  Software integrity check (HMAC SHA-256) over core cryptographic provider  Known Answer Tests (KATs) o AES (Encrypt) o AES (Decrypt) o Triple-DES (Encrypt) o Triple-DES (Decrypt) o RSA (Signature Generation) o RSA (Signature Verification) o HMAC SHA-1 o HMAC SHA-256 o HMAC SHA-512 o ANSI X9.31 PRNG If any of the tests listed above fails to complete successfully, the module enters into a critical error state where all cryptographic operations and output of any data is prohibited. An error message is logged for the CO to review and requires action on the CO’s part to clear the error state. 2.9.2 Conditional Self-Tests The IBM Security QRadar FIPS Appliance performs the following conditional self-tests: IBM Security QRadar FIPS Appliance Page 20 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014  Continuous PRNG Test  RSA Pairwise Consistency Check for sign/verify Failure of any conditional test listed above leads the module to a soft error state and logs an error message. 2.10 Mitigation of Other Attacks This section is not applicable. The module does not claim to mitigate any attacks beyond the FIPS 140-2 Level 2 requirements for this validation. IBM Security QRadar FIPS Appliance Page 21 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 3 Secure Operation The IBM Security QRadar FIPS Appliance meets Level 2 requirements for FIPS 140-2. The sections below describe how to place and keep the module in FIPS-Approved mode of operation. The use of any interfaces and services not documented herein are prohibited and considered in violation of this Security Policy, and shall result in the non-compliant operation of the module. 3.1 Crypto-Officer Guidance The Crypto-Officer shall be responsible for setup, initialization, and management of the module. This Security Policy (as well as the IBM Security QRadar Version 7.1.0 (MR1) FIPS Installation Guide) provides instructions for applying physical security seals on the appliance. This guidance should be used in conjunction with the IBM Security QRadar Hardware Installation Guide to install the module and place it into its Approved mode of operation. Setting the module into its Approved mode will automatically create the crypto and admin accounts which are the only authorized QConsole accounts in FIPS mode. 3.1.1 Appliance Setup Before the module can be placed into its Approved mode of operation, the Crypto-Officer shall install all required physical security mechanisms. Twenty (20) tamper-evident seals are included with the appliance. Sixteen (16) seals are required for FIPS physical security and must be installed before the appliance is placed in the server rack. The internal opacity baffles will be installed prior to delivery; it is the responsibility of the CO to ensure that these baffles are in place. Additionally, the CO must place the tamper-evident seals on the module as described in the information provided below. This information can also be found in the IBM Security QRadar Version 7.1.0 (MR1) FIPS Installation Guide. After the seals are placed as instructed below, the module can be powered up and the Crypto-Officer may proceed with initialization. 3.1.1.1 Prepare Module for Tamper-Evident Seal Application To apply the seals, the appliance surfaces must first be cleaned with rubbing alcohol or an alcohol swab in the area where the tamper-evident seals will be placed. Also, the location must be free of dust or debris before installing the seals. 3.1.1.2 Tamper-Evident Seal Application Place the tamper-evident seals on the appliance as indicated in the steps below. Note that seals for installation steps marked as “OPTIONAL” can alternatively be saved and used as spares, if desired. 1. (OPTIONAL) Apply two (2) seals on top of the appliance across the horizontal seam as shown in Figure 4. IBM Security QRadar FIPS Appliance Page 22 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 Figure 4 – Tamper-Evident Seal Application Positions (Top) 2. Apply two (2) seals to cover the left and right side panel seam of the appliance as shown in Figure 5. The seals should cover the front and rear panel seam edges and then wrap around to each side of the appliance. Figure 5 – Tamper-Evident Seal Application Positions (Top/Side) 3. Apply two (2) seals on the side, near the back of the appliance as shown in Figure 6. IBM Security QRadar FIPS Appliance Page 23 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 Figure 6 – Tamper-Evident Seal Application Positions (Top/Rear) 4. (OPTIONAL) Apply two (2) seals at the rear of the appliance as shown in Figure 7. Figure 7 – Tamper-Evident Seal Application Positions (Rear) 5. Apply twelve (12) seals to cover the hard drive bays as shown in Figure 8. Ensure that the seals wrap tightly to the top and bottom of the drive bays. Figure 8 – Tamper-Evident Seal Application Positions (Front) 3.1.2 Initialization The IBM Security QRadar Version 7.1.0 (MR1) FIPS Installation Guide includes instructions on placing the module in FIPS mode. Since the underlying cryptographic libraries always operate in FIPS mode, IBM Security QRadar FIPS Appliance Page 24 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 setting the appliance in FIPS mode creates a jailed shell that only allows access to the QConsole to the crypto and admin accounts. 3.1.3 Management The Crypto-Officer shall monitor the module’s status regularly and is responsible for ensuring that only the services listed in Section 2.4.2 of this document are used. If any irregular activity is noticed or the module is consistently reporting errors, then IBM customer support should be contacted. 3.1.4 Physical Inspection For the module to operate in its Approved mode, the internal opacity baffles must be in place, and the tamper-evident seals must be placed by the CO role as specified in Section 3.1.1 above. Per FIPS 140-2 Implementation Guidance (IG) 14.4, the CO is also responsible for the following:  securing and having control at all times of any unused seals  direct control and observation of any changes to the module where the tamper-evident seals are removed or installed to ensure that the security of the module is maintained during such changes and that the module is returned to its Approved state The CO is also required to periodically inspect the module for evidence of tampering at intervals specified per end-user policy. The CO must visually inspect the tamper-evident seals for tears, rips, dissolved adhesive, and other signs of malice. To replace a seal, the CO must first remove any remnants of the previous seal. Then, the new seal shall be applied according to the guidance in Section 3.1.1.1 above. To request additional seals, the Crypto-Officer can call the IBM Support Line and order the FRU22 part number 00AN000. 3.1.5 Zeroization The Crypto-Officer or FIPS Admin may zeroize all keys, CSPs, and certificates by rebooting the appliance via power-cycle or GUI command. The Crypto-Officer should then follow the steps outlined in the IBM Security QRadar Version 7.1.0 (MR1) FIPS Installation Guide to return the module to FIPS-Approved mode. 3.2 User Guidance Only the module’s cryptographic functionalities are available to the User. Users shall only the services that are listed in Table 5. Although the User does not have any ability to modify the configuration of the module, they should report to the Crypto-Officer if any irregular activity is noticed. 3.3 Non-Approved Mode of Operation When initialized and configured according to the Crypto-Officer guidance in this Security Policy, the module does not support a non-Approved mode of operation. 22 FRU – Field Replaceable Unit IBM Security QRadar FIPS Appliance Page 25 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 4 Acronyms This section describes the acronyms used in this document. Table 10 – Acronyms Acronym Definition AES Advanced Encryption Standard ANSI American National Standards Institute CBC Cipher Block Chaining CFB Cipher Feedback CLI Command Line Interface CMVP Cryptographic Module Validation Program CO Crypto-Officer CPU Central Processing Unit CSEC Communications Security Establishment Canada CSP Critical Security Parameter CTR Counter DES Data Encryption Standard DH Diffie-Hellman ECB Electronic Codebook EMC Electromagnetic Compatibility EMI Electromagnetic Interference FIPS Federal Information Processing Standard Gb Gigabit GUI Graphical User Interface HMAC (Keyed-) Hash Message Authentication Code HTTPS Hypertext Transfer Protocol - Secure ID Identification IT Information Technology KAT Known Answer Test LDAP Lightweight Directory Access Protocol LED Light-Emitting Diode MD5 Message Digest 5 N/A Not Applicable NIST National Institute of Standards and Technology NMI Non-Maskable Interrupt IBM Security QRadar FIPS Appliance Page 26 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Security Policy, Version 0.6 November 13, 2014 Acronym Definition NVLAP National Voluntary Laboratory Accreditation Program OFB Output Feedback OS Operating System PCIe Peripheral Component Interconnect Express PKCS Public Key Cryptography Standard PRNG Pseudo Random Number Generator PSS Probabilistic Signature Scheme RADIUS Remote Authentication Dial-In User Service RAM Random Access Memory RHEL Red Hat Enterprise Linux RNG Random Number Generator RPM Red Hat Package Manager RSA Rivest Shamir and Adleman SHA Secure Hash Algorithm SNMP Simple Network Management Protocol SSH Secure Shell TACACS Terminal Access Control Access Control System TLS Transport Layer Security USB Universal Serial Bus IBM Security QRadar FIPS Appliance Page 27 of 28 © 2014 IBM Corporation This document may be freely reproduced and distributed whole and intact including this copyright notice. Prepared by: Corsec Security, Inc. 13135 Lee Jackson Memorial Hwy, Suite 220 Fairfax, VA 22033 United Stated of America Phone: +1 703-267-6050 Email: info@corsec.com http://www.corsec.com