Mercury Systems
ASURRE
-Stor
®
SSD
Administrative Guidance
Copyright 2020 Mercury Systems. May only be reproduced in its original form (without revision)
Rev. 1.5.1 February 2020 © 2020 Mercury Systems. All rights reserved
Mercury Systems, Inc. • (602) 437-1520 •
21
29
Security Guidance Summary
The following security guidance may be useful when using the
ASURRE-S
tor
®
SSD in mission critical applications:
•
The TOE can be configured to operate in one of several modes of operation. The modes of operation differ in
how the TOE DEK is established and stored. Only 2 modes are CC compliant and covered by the CC evaluation.
a)
Self-generated random Permanent key with ATA Password (Mode 1).
b)
KEK with BLACK key and ATA Password (Mode 6).
Administrators and Crypto Officers performing the initial secure configuration must configure the TOE into one
of these two modes to ensure that the TOE is CC compliant.
•
The Crypto Officer
shall
inspect each TOE carefully for any signs of tampering that may have occurred during
shipment from Mercury Systems. Any TOE that shows signs of tampering should be returned to Mercury
Systems.
•
The Crypto Officer
shall
perform the initial secure configuration of the TOE prior to deploying the unit to the
field.
•
The Crypto Officer
shall
make no assumptions as to default values for any configurable TOE parameter.
•
The Crypto Officer
shall
configure the initial Configuration Password (Crypto Officer Password) with a minimum
Configuration Password length of 12 characters and preferably 32 to 64, 8-bit bytes.
•
The Crypto Officer
shall
select the option to disable Firmware Updates. This option prevents an attacker from
attempting to change to a different firmware version in the field.
•
The Crypto Officer
shall
enforce the use of 8 character minimum password lengths for the User ATA Password,
Master ATA Password. Be aware that the security strength of passwords is directly proportional to the length
of the password and the number of bits per character as shown in Table 8.
Password
Length
Password bit strength using all printable
characters except the space.
(6.555-bits entropy per symbol)
Password bit strength with all possible
8-bit values.
(8-bits entropy per symbol)
8
52
64
12
78
96
16
104
128
24
157
192
32
209
256
64
419
512
Table 8: Password strength in bits
•
The Crypto Officer
shall
enable and configure the Authentication Penalty Count to a value of 1, 5, 10 or 15 and
inform users that the TOE allows a limited number of failed authentication attempts before executing a penalty
to clear keys, and all user data in the TOE. The failed attempts counter increments for invalid ATA Passwords,
Configuration Passwords, key values, and invalid signatures during firmware updates.
•
The Crypto Officer
shall
enable and configure the initial User ATA Password and Master ATA Password in both
CC compliant modes.
•
The Crypto Officer
shall
disable intermediate power-savings modes in both CC compliant modes. This option
prevents the TOE from entering into a power state other than D0 or D3.
•
The Crypto Officer
shall
setup a security inspection policy to inspect the TOE for evidence of enclosure
tampering a minimum of once per year. Tamper evidence appears as enclosure dents, marring, scratches
caused by prying, milling or drilling. It may also appear as missing screws, scratched screw heads, damaged
screw heads or missing orange colored material (Figure 9, 10, 11) covering 2 enclosure corner screw heads.
