The TOE also supports (sometimes optionally) secure connectivity with several other IT environment devices, including,
Component Required Usage/Purpose Description for TOE performance
Management Workstation with Web Browser/SSH Client
Yes This includes any IT Environment Management workstation with a Web Browser and a SSH client installed that is used by the TOE administrator to support TOE administration through HTTPS and SSH protected channels.
Any SSH client that supports SSHv2 may be used. Any web browser that supports TLS 1.0 or greater may be used.
NTP Server No The TOE supports communications with an NTP server to synchronize date and time.
Syslog server No The syslog audit server is used for remote storage of audit records that have been generated by and transmitted from the TOE.
LDAP AAA Server No This includes any IT environment LDAP AAA server that provides authentication services to TOE administrators.
Table 1 IT Environment
2 Test Identification
Test Case ID Description of test case
FAU_GEN.1 Test 1 This test case demonstrated the TOEs ability to generated audit records based on specific events being triggered.
FAU_GEN.1 Guidance 1 Guidance evaluation activity.
FAU_GEN.1 Guidance 2 Guidance evaluation activity.
FAU_STG_EXT.1.1 TSS 1 TSS evaluation activity.
FAU_STG_EXT.1.1 Guidance 1 Guidance evaluation activity.
FAU_STG_EXT.1 Test 1 (not audit server)
This test case showed that the connection between the TOE and the remote audit server could be encrypted
FAU_STG_EXT.1.1 TSS 1 (not audit server)
TSS evaluation activity.
FAU_STG_EXT.1.1 Guidance 1 (not audit server)
Guidance evaluation activity.
FCS_CKM_EXT.4.1 TSS 1 TSS evaluation activity.
FCS_COP.1.1 (1) Test 1 This test case verified the correct implementation of the cryptographic algorithm by testing against the NIST Validation System.
FCS_COP.1.1 (2) Test 1 This test case verified the correct implementation of the cryptographic algorithm by testing against the NIST Validation System.
FCS_COP.1.1 (3) Test 1 This test case verified the correct implementation of the cryptographic algorithm by testing against the NIST Validation System.
FCS_COP.1.1 (4) Test 1 This test case verified the correct implementation of the cryptographic algorithm by testing against the NIST Validation System.
FCS_RBG_EXT.1.1 Test 1 This test case verified the correct implementation of the cryptographic algorithm by testing against the NIST Validation System.
FCS_RBG_EXT.1.1 Test 2 (SP 800-90A DRBG)
This test case verified the correct implementation of the cryptographic algorithm by testing against the NIST Validation System.
FCS_RBG_EXT.1.1 Guidance 1 (SP 800-90A DRBG)
Guidance evaluation activity.
FDP_RIP.2.1 TSS 1 TSS evaluation activity.
FIA_PMG_EXT.1.1 Guidance 1 Guidance evaluation activity.
FIA_PMG_EXT.1 Test 1 This test case verified the password capabilities of the TOE by attempting various good and bad password combinations and verifying the TOE handled them correctly.
FIA_UIA_EXT.1 TSS 1 TSS evaluation activity.
Test Case ID Description of test case FIA_UIA_EXT.1 Guidance 1 Guidance evaluation activity.
FIA_UIA_EXT.1 Test #1 This test case verified that for both remote and local login presenting the correct credentials resulted in access to the TOE and presenting incorrect credentials resulted in denied access.
FIA_UIA_EXT.1 Test #2 This test cased demonstrated that there is no remote
functionality available to the administrator prior the logging into the TOE.
FIA_UIA_EXT.1 Test #3 This test case demonstrated that there is no local functionality available to the administrator prior the logging into the TOE.
FIA_UAU.7 Test #1 This test case demonstrated that during both local and remote logon the tester is not presented any feedback of the password entered.
FMT_MTD.1 Guidance 1 Guidance evaluation activity.
FMT_MTD.1 TSS 1 TSS evaluation activity.
FMT_SMR.2 Guidance 1 Guidance evaluation activity.
FPT_SKP_EXT.1 TSS 1 TSS evaluation activity.
FPT_APW_EXT.1 TSS 1 TSS evaluation activity.
FPT_APW_EXT.1 TSS 2 TSS evaluation activity.
FPT_ITT.1 TSS 1 TSS evaluation activity.
FPT_ITT.1 TSS 2 TSS evaluation activity.
FPT_ITT.1 Guidance 1 Guidance evaluation activity.
FPT_ITT.1 Test 1 This test case demonstrated secure connectivity between TOE components.
FPT_ITT.1 Test 2 This test case demonstrated secure connectivity between TOE components.
FPT_STM.1 TSS 1 TSS evaluation activity.
FPT_STM.1 Guidance 1 Guidance evaluation activity.
FPT_STM.1 Guidance 2 Guidance evaluation activity.
FPT_STM.1 Test #1 This test demonstrated that the TOE administrator could update the TOE time.
FPT_STM.1 Test #2 This test case demonstrated that the TOE could be configured to use a remote Time server.
FPT_TUD_EXT.1 TSS 1 TSS evaluation activity.
FPT_TUD_EXT.1 TSS 2 TSS evaluation activity.
FPT_TUD_EXT.1 Test #1 This test case demonstrated that the TOE could be updated when presented with a valid upgrade image.
FPT_TUD_EXT.1 Test #2 This test case demonstrated that the TOE could detect and reject invalid software updates.
FPT_TST_EXT.1.1 TSS 1 TSS evaluation activity.
Test Case ID Description of test case FPT_TST_EXT.1.1 TSS 2 TSS evaluation activity.
FPT_TST_EXT.1.1 Guidance 1 Guidance evaluation activity.
FTA_SSL_EXT.1 Test #1 This test case demonstrated that the when a local
administrative session timeout is set the TOE administrator is logged off after that time period has been crossed.
FTA_SSL.3 Test #1 This test case demonstrated that the when a remote
administrative session timeout is set the TOE administrator is logged off after that time period has been crossed.
FTA_SSL.4 Test #1 This test case demonstrated that the local TOE administrator could log off of the TOE.
FTA_SSL.4 Test #2 This test case demonstrated that the remote TOE administrator could log off of the TOE.
FTA_TAB.1 TSS 1 TSS evaluation activity.
FTA_TAB.1 Test #1 This test case demonstrated that the TOE supports a configurable banner for both local CLI and remote CLI administration.
FTP_ITC.1 TSS 1 TSS evaluation activity.
FTP_ITC.1 TSS 2 TSS evaluation activity.
FTP_ITC.1 Guidance 1 Guidance evaluation activity.
FTP_ITC.1 Test #1 This test case showed that the TOE could perform secure communications with remote syslog servers, time servers, and AAA servers over IPsec.
FTP_ITC.1 Test #2 This test case demonstrated that when the TOE connection is physically disconnected from the remote IT entity and
reconnected the communication do not resume in plaintext.
FTP_TRP.1 TSS 1 TSS evaluation activity.
FTP_TRP.1 TSS 2 TSS evaluation activity.
FTP_TRP.1 Guidance 1 Guidance evaluation activity.
FTP_TRP.1 Test #1 This test case demonstrated that remote administration of the TOE takes place over encrypted communications (an SSH connection).
FTP_TRP.1 Test #2 This test case demonstrated that the TOE denies insecure remote administration attempts (telnet/http).
FCS_TLS_EXT.1.1 TSS 1 TSS evaluation activity.
FCS_TLS_EXT.1.1 Guidance 1 Guidance evaluation activity.
FCS_TLS_EXT.1.1 Test #1 This test case demonstrated the TOEs ability to use secure ciphersuites.
FCS_TLS_EXT.1.1 Test #2 This test case demonstrated the TOEs correct implementation of the TLS stack.
FCS_SSH_EXT.1.2 TSS 1 TSS evaluation activity.
Test Case ID Description of test case
FCS_SSH_EXT.1.2 Test #1 This test case demonstrated the TOEs ability to use
asymmetric authentication for SSH session authentication.
FCS_SSH_EXT.1.2 Test #2 This test case demonstrated the TOEs ability to use password authentication for SSH session authentication.
FCS_SSH_EXT.1.3 TSS 1 TSS evaluation activity.
FCS_SSH_EXT.1.3 Test #1 This test case demonstrated the TOEs ability to reject SSH packets larger than the allowed packet size.
FCS_SSH_EXT.1.4 TSS 1 TSS evaluation activity.
FCS_SSH_EXT.1.4 Guidance 1 Guidance evaluation activity.
FCS_SSH_EXT.1.4 Test #1 This test case demonstrated the TOEs ability to use secure encryption algorithms for SSH sessions.
FCS_SSH_EXT.1.6 TSS 1 TSS evaluation activity.
FCS_SSH_EXT.1.6 Guidance 1 Guidance evaluation activity.
FCS_SSH_EXT.1.6 Test #1 This test demonstrated the TOEs ability to use secure MACing algorithms for session integrity.
FCS_SSH_EXT.1.7 Guidance 1 Guidance evaluation activity.
FCS_SSH_EXT.1.7 TSS 1 TSS evaluation activity.
FCS_SSH_EXT.1.7 Test #1 This test case demonstrated the TOEs ability to use Diffie-Hellman Group 14 for SSH sessions. This test case also
demonstrated the TOEs ability to reject Diffie-Hellman Group 1 during SSH session establishment.
Table 2 Testing Summary
3 Testing Subset
The following table identifies the chosen subset of TOE hardware models to be tested
TOE Model Chosen for Testing
CM Series Appliances
CM 4400 No
CM 7400 Yes
CM 9400 No
FX Series Appliances
FX 5400 Yes
FX 8400 No
EX Series Appliances
EX 3400 No
EX 5400 Yes
EX 8400 No
EX 8420 No
NX Series Appliances
NX 900 No
NX 1400 No
NX 2400 Yes
NX 4400 No
NX 4420 No
NX 7400 Yes
NX 7420 No
NX 7500 Yes
NX 10000 No
NX 9450 No
NX 10450 No
Table 3 Testing Subset
4 Test Equivalency Justification
The following equivalency analysis provides a per category analysis of key areas of differentiation for each hardware model to determine the minimum subset to be used in testing. The areas examined will use the areas and analysis description provided in the supporting documentation for the NDPP.
Platform/Hardware Differences
The TOE boundary is inclusive of all hardware required by the TOE. The hardware platforms do not provide any of the TSF functionality. The hardware within the TOE only differs by configuration and performance. There are no hardware specific dependencies of the product. There isn’t hardware specific functionality between appliance types. The base hardware may be configured as multiple types of appliances.
Result:
There are no hardware dependencies.
All CM Appliances are equivalent.
All EX Appliances are equivalent.
All FX Appliances are equivalent.
NX Appliances: See processor analysis below for hardware related recommendations.
Processor Differences
Across appliance platforms, there are several processors included, as follows, Appliance Processor Processor
Family
Appliance Processor Processor
Appliance Processor Processor
Table 4 Processor Differences
The table above identifies all of the CPUs included in the products, generally speaking two closely related CPUs are used in the platforms. There are several exceptions to this in the NX series appliances. The following table provides an analysis and
recommendations on an appliance series basis.
Appliance Analysis Recommendation
CM Series Appliances
CM 4400 Each of these platforms use one of two very closely related CPUs for processing. Both CPUs are part of the same processor family and support the same instruction sets. These CPUs only differ in performance related metrics (specifically cores and speed). All other aspects of the chips are identical.
Because of the processors are nearly identical.
One example of the CM series of appliances will sufficiently demonstrate the functionality of the devices.
CM 7400 CM 9400
FX Series Appliances
FX 5400 Each of these platforms use one of two very closely related CPUs for processing. Both CPUs are part of the same processor family and support the same instruction sets. These CPUs only differ in performance related metrics (specifically cores and speed). All other aspects of the chips are identical.
Because of the processors are nearly identical.
One example of the FX series of appliances will sufficiently demonstrate the functionality of the devices.
FX 8400
EX Series Appliances
EX 3400 Each of these platforms use one of two very closely related CPUs for processing. Both CPUs are part of the same processor family and support the same instruction sets. These CPUs only differ in performance related metrics (specifically cores and speed). All other aspects of the chips are identical.
Because of the processors are nearly identical.
One example of the EX series of appliances will sufficiently demonstrate the functionality of the devices.
EX 5400 EX 8400 EX 8420
NX Series Appliances
NX 900 This family of appliances supports several different types of CPUs. Several of the appliances include the same AMD Opteron 6300 CPUs as the CM, EX, and FX appliance. The analyses associated with those platforms apply to these platforms.
Several of the appliances also support the AMD Opteron 4300 CPUs (NX 1400 and 2400) and 3300 CPUs (NX 900). These processors are also very similar to the AMD Operon processors with the exception that there is no FPU support. Amongst these processors, there are several non-security relevant differences
Because of the similarity in processors, one example of a platform with an AMD Opteron 3300/4300, one example with an AMD Opteron 6300, and one example with an Intel Ivy Bridge should be acceptable. One possible subset would include,
Appliance Analysis Recommendation NX 10450 including, cores, base speed, and BUS speed. Finally, two of the
appliances include Intel Ivy Bridge processors. These processors again are very closely related. They both are the same
architecture, support the same instruction sets, and FPUs. They include several non-security relevant differences, including, cores, base speed, and BUS speed.
NX 7500
Table 5 Processor Analysis
Result: See analysis table above for recommendation
Software/OS Dependencies
The underlying OS is installed with the application level software on each of the appliances. The underlying OS for all models within the TOE is CentOS 6.5 (Linux Kernel 3.10.53). There are no specific dependencies on the OS since the TOE will not be installed on different OSs.
Additionally, the underlying OS that is installed as part of the product software is identical between not only platforms in a given appliance series but also across all platforms.
Result:
There are no OS dependencies.
All CM Appliances are equivalent.
All EX Appliances are equivalent.
All FX Appliances are equivalent.
All NX Appliances are equivalent.
Differences in TOE Software Binaries
All platforms run software version 7.6. Additionally, all of each of the platforms within a given appliance series run the exact same binary, as follows,
Appliance Binary CM Series Appliances
CM 4400 image-cms.img
CM 7400 image-cms.img
CM 9400 image-cms.img
FX Series Appliances
FX 5400 image-fms.img
FX 8400 image-fms.img
EX Series Appliances
EX 3400 image-emps.img
EX 5400 image-emps.img
EX 8400 image-emps.img
EX 8420 image-emps.img
NX Series Appliances
NX 900 image-wmps.img
NX 1400 image-wmps.img
NX 2400 image-wmps.img
NX 4400 image-wmps.img
NX 4420 image-wmps.img
NX 7400 image-wmps.img
NX 7420 image-wmps.img
NX 7500 image-wmps.img
NX9450 image-wmps.img
NX 10000 image-wmps.img
NX 10450 image-wmps.img
Table 6 TOE Software Binaries
There are NO differences in the software being run (per appliance series).
Result:
There is no model specific software.
All CM Appliances are equivalent.
All EX Appliances are equivalent.
All FX Appliances are equivalent.
All NX Appliances are equivalent.
Differences in Libraries Used to Provide TOE Functionality
All software binaries compiled in the TOE software are identical including the version of the library regardless of the platform for which the software is compiled. There are no differences between the included libraries.
Result:
There are no differences in the included libraries.
All CM Appliances are equivalent.
All EX Appliances are equivalent.
All FX Appliances are equivalent.
All NX Appliances are equivalent.
TOE Management Interface Differences
There are several management interfaces for each of the appliances within the TOE including, Appliance Family Local CLI Remote CLI
(via SSH)
Remote GUI (device specific)
Remote GUI (through CM)
CM Series Yes Yes Yes N/A
EX Series Yes Yes Yes Yes
FX Series Yes Yes Yes Yes
NX Series Yes Yes Yes Yes
Table 7 TOE Management Interfaces
The table above illustrates that each appliance can be managed either locally (via CLI) or remotely (via CLI or GUI). There is no difference in the way the administrative user interacts with each of the devices on a per appliance series basis. For example, the user interacts and is presented with the same management interface whether she is interacting with a CM4400 or a CM9400. The management interface is identical for each appliance in a given series.
Result:
There are no differences in the user interface amongst platforms.
All CM Appliances are equivalent.
All EX Appliances are equivalent.
All FX Appliances are equivalent.
All NX Appliances are equivalent.
TOE Functional Differences
Each hardware model within the TOE boundary provides identical functionality. There is no difference in the way the user interacts with each of the devices or the services that are available for each of these devices on a per appliance series basis. For example, the user interaction with a CM4400 is identical to that of a CM9400. Each device within an appliance series runs the same version of software.
Result:
There are no security functional differences between platforms in a series.
All CM Appliances are equivalent.
All EX Appliances are equivalent.
All FX Appliances are equivalent.
All NX Appliances are equivalent.
5 Recommendations/Conclusion
Based on the analysis above, the following will sufficiently test the TOE, Appliance Family Required for Testing
CM Series One appliance example
EX Series One appliance example
FX Series One appliance example
NX Series One of the following appliances: NX900, NX1400, NX2400 One of the following appliances: NX4400, NX4420, NX7400, NX7420, NX10000, NX9450, NX10450
One of the following appliances: NX7500
Table 8 Required Subset
6 TSS and Guidance Activities
6.1.1 FAU_GEN.1 Guidance 1
The evaluator shall check the administrative guide and ensure that it lists all of the auditable events and provides a format for audit records. Each audit record format type must be covered, along with a brief description of each field. The evaluator shall check to make sure that every audit event type mandated by the PP is described and that the description of the fields contains the information required in FAU_GEN1.2, and the additional information specified in Table 1.
6.1.1.1 Evaluator Findings
The evaluator checked the administrative guide to ensure that it lists all of the auditable events and provides a format for audit records. Section "Audit Messages," page 17, of AGD were used to determine the verdict of this work unit. Upon investigation, the evaluator found that AGD explicitly lists each of the auditable events and the fields associated with each audit record.
Based on these findings, this assurance activity is considered satisfied.
6.1.1.2 Verdict Pass
6.1.2 FAU_GEN.1 Guidance 2
The evaluator shall also make a determination of the administrative actions that are relevant in the context of this PP. The evaluator shall examine the administrative guide and make a
determination of which administrative commands, including subcommands, scripts, and configuration files, are related to the configuration (including enabling or disabling) of the mechanisms implemented in the TOE that are necessary to enforce the requirements specified in the PP. The evaluator shall document the methodology or approach taken while determining which actions in the administrative guide are security relevant with respect to this PP. The evaluator may perform this activity as part of the activities associated with ensuring the AGD_OPE guidance satisfies the requirements.
6.1.2.1 Evaluator Findings
The evaluator made a determination of the administrative actions that are relevant in the context of this PP. The AGD document and all of the configuration guides listed in the section 9 of this document were used as part of this evaluation. The evaluator performed the following actions to identify the set of security relevant CLI commands and GUI options required by the evaluated configuration,
The evaluator first began stepping through the AGD document. In addition to providing configuration specific guidance for configuring the TOE in the evaluated configuration, the document acts as a mapping document to other general guidance documents for the TOE.
As part of this review, the evaluator successfully compared the AGD document to the ST to verify that each of the claimed security functionalities are discussed.
Next, the evaluator reviewed each section of the other configuration documents
Next, the evaluator reviewed each section of the other configuration documents