Assurance Activity Report (NDcPP10) for Brocade Communications Systems, Inc. Directors and Switches using Fabric OS v8.1.0

Transcription

1 Assurance Activity Report (NDcPP10) for Brocade Communications Systems, Inc. Directors and Switches using Fabric OS v8.1.0 Version /22/2017 Prepared by: Gossamer Security Solutions Accredited Security Testing Laboratory Common Criteria Testing Catonsville, MD Prepared for: National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme 2017 Gossamer Security Solutions, Inc.

2 REVISION HISTORY Revision Date Authors Summary Version /20/2017 Haley Initial draft Sykes /05/2017 Gossamer Updated to reflect validation comments The TOE Evaluation was Sponsored by: Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA Evaluation Personnel: Cornelius Haley Katie Sykes Common Criteria Versions: Common Criteria for Information Technology Security Evaluation Part 1: Introduction, Version 3.1, Revision 4, September 2012 Common Criteria for Information Technology Security Evaluation Part 2: Security functional components, Version 3.1, Revision 4, September 2012 Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components, Version 3.1 Revision 4, September 2012 Common Evaluation Methodology Versions: Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 4, July 2012 GSS CCT Assurance Activity Report Page 2 of Gossamer Security Solutions, Inc.

3 TABLE OF CONTENTS 1 Introduction Test Platform Equivalency CAVP Certificate Justification References Protection Profile SFR Assurance Activities Security audit (FAU) Audit Data Generation (FAU_GEN.1) User identity association (FAU_GEN.2) Protected audit trail storage (FAU_STG.1) Protected Audit Event Storage (FAU_STG_EXT.1) Cryptographic support (FCS) Cryptographic Key Generation (FCS_CKM.1) Cryptographic Key Establishment (FCS_CKM.2) Cryptographic Key Destruction (FCS_CKM.4) Cryptographic Operation (AES Data Encryption/Decryption) (FCS_COP.1(1)) Cryptographic Operation (Signature Generation and Verification) (FCS_COP.1(2)) Cryptographic Operation (Hash Algorithm) (FCS_COP.1(3)) Cryptographic Operation (Keyed Hash Algorithm) (FCS_COP.1(4)) HTTPS Protocol (FCS_HTTPS_EXT.1) Random Bit Generation (FCS_RBG_EXT.1) SSH Server Protocol (FCS_SSHS_EXT.1) TLS Client Protocol with authentication (FCS_TLSC_EXT.2) TLS Server Protocol (FCS_TLSS_EXT.1) Identification and authentication (FIA) Password Management (FIA_PMG_EXT.1) Protected Authentication Feedback (FIA_UAU.7) Password-based Authentication Mechanism (FIA_UAU_EXT.2) User Identification and Authentication (FIA_UIA_EXT.1) GSS CCT Assurance Activity Report Page 3 of Gossamer Security Solutions, Inc.

4 2.3.5 X.509 Certificate Validation (FIA_X509_EXT.1) X.509 Certificate Authentication (FIA_X509_EXT.2) X.509 Certificate Requests (FIA_X509_EXT.3) Security management (FMT) Management of security functions behavior - Trusted Update (FMT_MOF.1(1)) Management of security functions behavior - Audit (FMT_MOF.1(3)) Management of security functions behavior - Audit (FMT_MOF.1(4)) Management of TSF Data (FMT_MTD.1(1)) Management of TSF data - Admin Actions (FMT_MTD.1(2)) Specification of Management Functions (FMT_SMF.1) Restrictions on Security Roles (FMT_SMR.2) Protection of the TSF (FPT) Protection of Administrator Passwords (FPT_APW_EXT.1) Protection of TSF Data (for reading of all symmetric keys) (FPT_SKP_EXT.1) Reliable Time Stamps (FPT_STM.1) TSF testing (FPT_TST_EXT.1) Trusted update (FPT_TUD_EXT.1) TOE access (FTA) TSF-initiated Termination (FTA_SSL.3) User-initiated Termination (FTA_SSL.4) TSF-initiated Session Locking (FTA_SSL_EXT.1) Default TOE Access Banners (FTA_TAB.1) Trusted path/channels (FTP) Inter-TSF trusted channel (FTP_ITC.1) Trusted Path (FTP_TRP.1) Protection Profile SAR Assurance Activities Development (ADV) Basic functional specification (ADV_FSP.1) Guidance documents (AGD) Operational user guidance (AGD_OPE.1) GSS CCT Assurance Activity Report Page 4 of Gossamer Security Solutions, Inc.

5 3.2.2 Preparative procedures (AGD_PRE.1) Life-cycle support (ALC) Labelling of the TOE (ALC_CMC.1) TOE CM coverage (ALC_CMS.1) Security Target (ASE) Security Target (ASE_TSS.1) Tests (ATE) Independent testing - conformance (ATE_IND.1) Vulnerability assessment (AVA) Vulnerability survey (AVA_VAN.1) GSS CCT Assurance Activity Report Page 5 of Gossamer Security Solutions, Inc.

6 1 INTRODUCTION This document presents evaluations results of the Brocade Fabric OS NDcPP10 evaluation. This document contains a description of the assurance activities and associated results as performed by the evaluators. 1.1 TEST PLATFORM EQUIVALENCY This section presents the test environment and explains why the test subset was adequate to address all product installations. The TOE was tested both at Brocade s SQA facility in Denver Colorado, and at Gossamer s test facility in Catonsville Maryland. Initial testing was performed at Brocade, with follow up testing completed at Gossamer. Each Device Under Test (DUT) was configured according to the step-by-step instructions in [CC-Guide]. TOE Platforms: Figure 1 Test Setup Brocade 620 SAN (T1022 processor) Brocade 6520 SAN (MPC8548 processor) The evaluators ran all SSHS and TLSS tests on both the G6520 and G620 DUT and observed identical results. The remainder of the tests were executed primarily on the G620. All models identified in the Security Target run the same FOS version 8.1.0b software and utilize the same features in equivalent Power Architecture instruction sets. The evaluators loaded the same image onto the G620 and the G6520 Brocade SAN devices. The same configuration instructions were used on both of the DUT. Since GSS CCT Assurance Activity Report Page 6 of Gossamer Security Solutions, Inc.

7 the same software is installed on all the platforms, all security functions provided by the TOE are implemented in software, all hardware platforms support an equivalent hardware architecture/instruction sets, and the TOE operates only in 32-bit mode (even on 64-bit processors); the evaluation team concluded, that testing of TOE software across two platforms was sufficient. The evaluator perform every test on at least one platform, and sampled some tests on both platforms. The sampling was performed to ensure that the assertion that platforms were equivalent was valid. TOE security behavior is the same on all the switches for each of the SFRs defined by the NDcPP v1.0. These SFRs are instantiated by the same version of the TOE software and in the same way on every platform. 1.2 CAVP CERTIFICATE JUSTIFICATION The following table provides a mapping between the models and the processors. This mapping can be used to reference the CAVP certificates referenced in the next table. All models run the same Brocade Fabric OS (FOS) firmware, version 8.1.0b, which includes the Brocade FIPS crypto Library. Table 1-1 Processor Mapping Model Processor DCX MPC8548 DCX MPC8548 Brocade 6510 PPC440EPX Brocade 6520 MPC8548 Brocade 7840 P3041 X6-4 P4080 X6-8 P4080 Brocade G620 T1022 The following functions have been CAVP tested in accordance with the identified standards. Table 1-2 TOE CAVP Certificates Functions Encryption/Decryption Requirement Cert MPC8548 PPC440EPX T1022 P4080 P3041 AES CBC (128 and 256 bits) FCS_COP.1(1) Cryptographic signature services GSS CCT Assurance Activity Report Page 7 of Gossamer Security Solutions, Inc.

8 Functions Requirement Cert MPC8548 PPC440EPX T1022 P4080 P3041 RSA Digital Signature Algorithm (rdsa) (modulus 2048) ECDSA Digital Signature Algorithm (P-256, P-384) Cryptographic hashing FCS_COP.1(2) FCS_COP.1(2) SHA-1/256/512 (digest sizes 160, 256, and 512 bits) FCS_COP.1(3) Keyed-hash message authentication HMAC-SHA-1, HMAC_SHA2-256, HMAC-SHA2-512 (digest sizes 160, 256, and 512 bits) Random bit generation FCS_COP.1(4) RNG with sw based noise sources Key Generation FCS_RBG_EX T RSA Key Generation FCS_CKM ECDSA Key FCS_CKM Generation DSA Key Generation FCS_CKM Key Establishment ECC FFC CVL FCS_CKM Key Derivation Functions TLS and SSH REFERENCES GSS CCT Assurance Activity Report Page 8 of Gossamer Security Solutions, Inc.

9 The following documentation included material used to satisfy the Guidance assurance activities. [ST] Brocade Communications Systems, Inc. Directors and Switches using Fabric OS v8.1 (NDcPP10) Security Target, Version 0.3, 06/05/2017. [CC-Guide] Configuration Guide Fabric OS Common Criteria Supporting Fabric OS 8.1.0b, June 7, Other Documentation References: [NDcPP10] collaborative Protection Profile for Network Devices, Version 1.0, 27 February GSS CCT Assurance Activity Report Page 9 of Gossamer Security Solutions, Inc.

10 2 PROTECTION PROFILE SFR ASSURANCE ACTIVITIES This section of the AAR identifies each of the assurance activities included in the claimed Protection Profile and describes the findings in each case. 2.1 SECURITY AUDIT (FAU) AUDIT DATA GENERATION (FAU_GEN.1) FAU_GEN FAU_GEN.1.2 Component Component Guidance Assurance Activities: The evaluator shall check the guidance documentation and ensure that it lists all of the auditable events and provides a format for audit records. Each audit record format type must be covered, along with a brief description of each field. The evaluator shall check to make sure that every audit event type mandated by the cpp is described and that the description of the fields contains the information required in FAU_GEN1.2, and the additional information specified in the table of audit events. The evaluator shall also make a determination of the administrative actions that are relevant in the context of the cpp. The evaluator shall examine the guidance documentation and make a determination of which administrative commands, including subcommands, scripts, and configuration files, are related to the configuration (including enabling or disabling) of the mechanisms implemented in the TOE that are necessary to enforce the requirements specified in the cpp. The evaluator shall document the methodology or approach taken while determining which actions in the administrative guide are security relevant with respect to the cpp. The evaluator may perform this GSS CCT Assurance Activity Report Page 10 of Gossamer Security Solutions, Inc.

11 activity as part of the activities associated with ensuring that the corresponding guidance documentation satisfies the requirements related to it. The [CC-Guide] includes a chapter identifying audit messages generated by the TOE. This chapter does include all audit events identified in [ST]. Table 2-1 shows the required audit events. Table 2-1 Collected Audit Events Auditable Events Additional Content Requirement FCS_HTTPS_EXT.1 Failure to establish an HTTPS session. Reason for failure HTTPS sessions will fail to be established either based upon login failures (see FIA_UAU_EXT.1 audits) or TLS errors (see FCS_TLSS_EXT.1 audits). FCS_SSHS_EXT.1 Failure to establish an SSH session Reason for failure The following audit message indicates that an SSH session failed to get established because of cipher mismatch. Similar messages are generated for the following: Key exchange mismatch Key algorithm mismatch MAC mismatch Host key mismatch 63 AUDIT, 2017/03/20-18:14:00 (UTC), [SEC-3076], INFO, SECURITY, NONE/NONE/NONE/None/CLI, None/sw0/FID 128,, Event: SSH, Status: failed, Info: SSH Session establishment failed. Reason: no matching cipher found, IP Addr: FCS_TLSC_EXT.2 Failure to establish an TLS Reason for failure Session The following audit message indicates that a TLS handshake failed because of wrong version number for the TLS protocol. Similar messages are generated for the following: Wrong ciphers Wrong CA certificate Server key length less than AUDIT, 2017/03/20-18:33:13 (UTC), [SEC-3077], INFO, SECURITY, root/root/none/console/cli, ad_0/sw0/fid 128,, Event: TLS SESSION, TLS handshake failed, Info: Wrong Protocol version number. FCS_TLSS_EXT.1 Failure to establish an TLS Reason for failure Session The following audit message indicates that a TLS handshake failed because of wrong version number for the TLS protocol. Similar messages are generated for the following: Wrong ciphers Wrong CA certificate Server key length less than AUDIT, 2017/03/20-18:33:13 (UTC), [SEC-3077], INFO, SECURITY, root/root/none/console/cli, ad_0/sw0/fid 128,, Event: TLS SESSION, TLS handshake failed, Info: Wrong Protocol version number. GSS CCT Assurance Activity Report Page 11 of Gossamer Security Solutions, Inc.

12 FIA_UIA_EXT.1 All use of the identification and authentication mechanism. Provided user identity, origin of the attempt (e.g., IP address). Failed CLI Login Bad Password Failed CLI Login Bad UserID The following audit message indicates that a login attempt failed at SSH (bad username). A similar message is generated for failures due to bad passwords. [SEC-3021], INFO, SECURITY, JBond007/admin/kali-2dot0.englab.brocade.com/ssh/CLI, ad_0/pizzabox12/fid 3,, Event: login, Status: failed, Info: Failed login attempt via REMOTE, IP Addr: kali-2dot0.englab.brocade.com. Successful CLI Login The following audit message indicates that a login attempt with SSH succeeded. [SEC-3020], INFO, SECURITY, root/root/trapazoid.englab.brocade.com/ssh/cli, ad_0/pizzabox12/fid 3, 8.1.0b_rc1_bld16,,,,,,, Event: login, Status: success, Info: Successful login attempt via REMOTE, IP Addr: trapazoid.englab.brocade.com. Failed Web UI Login Bad Password The following audit message indicates that a login attempt via Webtools failed (bad password). A similar message is generated for failures due to bad username. [SEC-3021], INFO, SECURITY, admin/admin/ /https/webtools, ad_255/pizzabox12/fid 3,, Event: login, Status: failed, Info: Failed login attempt via HTTP, IP Addr: Failed Web UI Login Bad UserID The following audit message indicates that a login attempt via Webtools failed (bad user). [SEC-3021], INFO, SECURITY, JBond007/admin/ /https/WebTools, ad_255/pizzabox12/fid 3,,Event: login, Status: failed, Info: Failed login attempt via HTTP, IP Addr: Successful Web UI Login The following audit message indicates a successful login attempt via Webtools. [SEC-3020], INFO, SECURITY, admin/admin/ /https/webtools, ad_0/pizzabox12/fid 3,, Event: login, Status: success, Info: Successful login attempt via HTTP, IP Addr: FIA_UAU_EXT.2 All use of the identification and authentication mechanism. Origin of the attempt (e.g., IP address). See FIA_UIA_EXT.1 audits above FIA_X509_EXT.1 Unsuccessful attempt to validate a certificate Reason for failure The following audit message indicates that certificate validation failed because the local issuer certificate was unavailable. Similar messages are generated for the following: Key usage Extended key usage Self-signed certificates Login with importing CA certificate CN mismatch Others NOTE OpenSSL errors are presented in the information section as-is. GSS CCT Assurance Activity Report Page 12 of Gossamer Security Solutions, Inc.

13 94 AUDIT, 2017/03/20-18:37:04 (UTC), [SEC-3081], INFO, SECURITY, swadmin/admin/ /ssh/cli, ad_0/sw0/fid 128,, Event: TLS SESSION, Certificate Validation failed, Info: Reason = unable to get local issuer certificate. FMT_MOF.1(1)/ TrustedUpdate Any attempt to initiate a manual update None. See audit for FPT_TUD_EXT.1 FMT_MTD.1 All management activities of TSF data. None. See Table 2-2 Collected Admin Action Audits FPT_TUD_EXT.1 Initiation of update; result of the update attempt (success or failure) No additional information. Audit for Initiation of an update The following audit messages indicate that a firmware download was initiated and completed successfully. [SULB-1001], 41547, WWN 10:00:50:eb:1a:48:1d:82 CHASSIS, WARNING, Brocade7840, Firmwaredownload command has started. (From v8.1.0b_rc1_bld07 To v8.1.0_cc_27mar). [SULB-1044], 41549, WWN 10:00:50:eb:1a:48:1d:82 CHASSIS, INFO, Brocade7840, Firmwaredownload to secondary partition has completed successfully. [SULB-1002], 41612, WWN 10:00:50:eb:1a:48:1d:82 CHASSIS, INFO, Brocade7840, Firmwaredownload command has completed successfully. Result of the update attempt The following audit message indicates that a firmware download has failed. 2016/11/08-16:22:09, [SULB-1011], 621, CHASSIS, INFO, Brocade7840, Firmwaredownload command failed. Failed to download RPM package. Please check if the firmware image is accessible. FPT_STM.1 Changes to the time. The old and new values for the time. Origin of the attempt to change time for success and failure (e.g., IP address). TS-1009: The audit message indicates that the time was updated using the date CLI; for example, Apr 1 10:10:01 Brocade300AD raslogd: 2013/04/01-10:10:01, [TS-1009], 90, WWN 10:00:00:05:1e:74:84:73 FID 128, INFO, Brocade300AD, Date changed by user. TS-1010: The audit message indicates that the time was updated from an NTP server; for example, 2015/01/22-11:16:21, [TS-1010], 29, FID 128, INFO, sw0, NTP Server Time Update from 2015/01/22-11:16: to 2015/01/22-11:16: FTA_SSL_EXT.1 Any attempts at unlocking of an interactive session. None. Unlock Using CLI via Console Unlock Using CLI via SSH The following audit message indicates that a login attempt with SSH succeeded. [SEC-3020], INFO, SECURITY, root/root/trapazoid.englab.brocade.com/ssh/cli, ad_0/pizzabox12/fid 3, 8.1.0b_rc1_bld16,,,,,,, Event: login, Status: success, Info: Successful login attempt via REMOTE, IP Addr: trapazoid.englab.brocade.com. GSS CCT Assurance Activity Report Page 13 of Gossamer Security Solutions, Inc.

14 Unlock Using Web UI The following audit message indicates a successful login attempt via Webtools. [SEC-3020], INFO, SECURITY, admin/admin/ /https/webtools, ad_0/pizzabox12/fid 3,, Event: login, Status: success, Info: Successful login attempt via HTTP, IP Addr: FTA_SSL.3 The termination of a remote session by the session locking mechanism. None. Termination using CLI at Console Termination Using CLI via SSH The following audit message indicates that a logout attempt with SSH succeeded. [SEC-3022], INFO, SECURITY, admin/admin/trapazoid.englab.brocade.com/ssh/cli, ad_0/pizzabox12/fid 3, 8.1.0b_rc1_bld16,,,,,,, Event: logout, Status: success, Info: Successful logout by user [admin]. Termination Using Web UI The following audit message indicates that a successful logout has occurred. [SEC-3022], INFO, SECURITY, admin/admin/kali-2dot0.englab.brocade.com/ssh/cli, ad_0/pizzabox12/fid 3,, Event: logout, Status: success, Info: Successful logout by user [admin]. FTA_SSL.4 The termination of an None. interactive session. Termination using CLI at Console Termination Using CLI via SSH The following audit message indicates that a logout attempt with SSH succeeded. [SEC-3022], INFO, SECURITY, admin/admin/trapazoid.englab.brocade.com/ssh/cli, ad_0/pizzabox12/fid 3, 8.1.0b_rc1_bld16,,,,,,, Event: logout, Status: success, Info: Successful logout by user [admin]. Termination Using Web UI The following audit message indicates that a successful logout has occurred. [SEC-3022], INFO, SECURITY, admin/admin/kali-2dot0.englab.brocade.com/ssh/cli, ad_0/pizzabox12/fid 3,, Event: logout, Status: success, Info: Successful logout by user [admin]. FTP_ITC.1 Identification of the initiator and target of failed Initiation of the trusted channel. Termination of the trusted channel. Failure of the trusted channel functions. trusted channels establishment attempt Establishing a Syslog Connection The following audit message indicates that a TLS handshake has been initiated. [SEC-3078], INFO, SECURITY, NONE/root/NONE/None/CLI, ad_0/pizzabox12/fid 3,, Event: TLS SESSION, TLS handshake, Info: Establishing TLS connection. Host= Terminating a Syslog Connection The following audit message indicates that a TLS session has been terminated. [SEC-3078], INFO, SECURITY, NONE/root/NONE/None/CLI, ad_0/pizzabox12/fid 3,, Event: TLS SESSION, TLS handshake, Info: Terminating TLS connection. Host= GSS CCT Assurance Activity Report Page 14 of Gossamer Security Solutions, Inc.

15 Failure of a Syslog Connection See TLSC and X509 audits for failures associated with the failure of a syslog connection. FTP_TRP.1 Initiation of the trusted channel. Termination of the trusted channel. Failures of the trusted path functions. Identification of the claimed user identity. Using CLI via SSH The following audit message indicates that a login attempt with SSH succeeded. [SEC-3020], INFO, SECURITY, root/root/trapazoid.englab.brocade.com/ssh/cli, ad_0/pizzabox12/fid 3, 8.1.0b_rc1_bld16,,,,,,, Event: login, Status: success, Info: Successful login attempt via REMOTE, IP Addr: trapazoid.englab.brocade.com. Using Web UI The following audit message indicates a successful login attempt via Webtools. [SEC-3020], INFO, SECURITY, admin/admin/ /https/webtools, ad_0/pizzabox12/fid 3,, Event: login, Status: success, Info: Successful login attempt via HTTP, IP Addr: Table 2-2 Collected Admin Action Audits FMT_MTD.1 Admin Actions are shown below All management activities of TSF data. None. Configure Secure Connection with Audit Server Change to disable use of external syslog server RAS-2007: The audit message indicates that a syslog server IP address has been removed; for example, Feb 5 21:27: raslogd: AUDIT, 2015/02/05-21:27:43 (GMT), [RAS-2007], INFO, SECURITY, admin/ admin/none/console/cli, ad_0/brocade300/chassis, 7.3.0a1,,,,,,, Syslog server IP address removed. Change to host identified as the external syslog server RAS-2006: The audit message indicates that a syslog server IP address has been added; for example, Feb 5 21:27: raslogd: AUDIT, 2015/02/05-21:27:04 (GMT), [RAS-2006], INFO, SECURITY, admin/ admin/none/console/cli, ad_0/brocade300/chassis, 7.3.0a1,,,,,,, Syslog server IP address added. User Management AUDIT, 2017/05/03-17:40:13 (GMT), [SEC-3027], INFO, SECURITY, admin/admin/ /https/ WebTools, ad_0/ security/fid 128, 8.1.0b,,,,,,, Event: userconfig, Status: success, Info: User account [testuser] [ LFs changed: (null): 128 switchadmin:]. AUDIT, 2017/05/03-17:41:07 (GMT), [SEC-3028], INFO, SECURITY, admin/admin/ /https/ WebTools, ad_0/ security/fid 128, 8.1.0b,,,,,,, Event: userconfig, Status: success, Info: User account [testuser] deleted. GSS CCT Assurance Activity Report Page 15 of Gossamer Security Solutions, Inc.

16 [SEC-1197], 10622, WWN 10:00:c4:f5:7c:00:6d:00 FID 128, INFO, chewy, Changed account newadmin. AUDIT, 2017/05/02-16:41:21 (GMT), [SEC-3024], INFO, SECURITY, admin/admin/ /https/web Tools, ad_0/chewy/fid 128, 8.1.0b,,,,,,, Event: passwd, Status: success, Info: User account [newadmin], password changed. Change Password [SEC-1197], 10622, WWN 10:00:c4:f5:7c:00:6d:00 FID 128, INFO, chewy, Changed account newadmin. AUDIT, 2017/05/02-16:41:21 (GMT), [SEC-3024], INFO, SECURITY, admin/admin/ /https/web Tools, ad_0/chewy/fid 128, 8.1.0b,,,,,,, Event: passwd, Status: success, Info: User account [newadmin], password changed. Configure Time Synchronization TS-1010: The audit message indicates that the time was updated from an NTP server; for example, 2015/01/22-11:16:21, [TS-1010], 29, FID 128, INFO, sw0, NTP Server Time Update from 2015/01/22-11:16: to 2015/01/22-11:16: Component Testing Assurance Activities: The evaluator shall test the TOE's ability to correctly generate audit records by having the TOE generate audit records for the events listed in the table of audit events and administrative actions listed above. This should include all instances of an event: for instance, if there are several different I&A mechanisms for a system, the FIA_UIA_EXT.1 events must be generated for each mechanism. The evaluator shall test that audit records are generated for the establishment and termination of a channel for each of the cryptographic protocols contained in the ST. If HTTPS is implemented, the test demonstrating the establishment and termination of a TLS session can be combined with the test for an HTTPS session. Logging of all activities related to trusted update should be tested in detail and with utmost diligence. When verifying the test results, the evaluator shall ensure the audit records generated during testing match the format specified in the guidance documentation, and that the fields in each audit record have the proper entries. Note that the testing here can be accomplished in conjunction with the testing of the security mechanisms directly. The evaluator created a list of the required audit events. The evaluator then collected the audit event when running the other security functional tests described by the protection profiles. For example, the required event for FPT_STM.1 is Changes to Time. The evaluator collected these audit records when modifying the clock using administrative commands and NTP. The evaluator then recorded these audit events in the proprietary Detailed Test Report (DTR). The security management events are handled in a similar manner. When the administrator was required to set a value for testing, the audit record associated with the administrator action was collected and recorded in the DTR. GSS CCT Assurance Activity Report Page 16 of Gossamer Security Solutions, Inc.

17 2.1.2 USER IDENTITY ASSOCIATION (FAU_GEN.2) FAU_GEN.2.1 Component Component Component Testing Assurance Activities: This activity should be accomplished in conjunction with the testing of FAU_GEN.1.1. See the test results for FAU_GEN PROTECTED AUDIT TRAIL STORAGE (FAU_STG.1) FAU_STG FAU_STG.1.2 Component TSS Assurance Activities: The evaluator shall examine the TSS to ensure it describes the amount of audit data that are stored locally and how these records are protected against unauthorized modification or GSS CCT Assurance Activity Report Page 17 of Gossamer Security Solutions, Inc.

18 deletion. The evaluator shall ensure that the TSS describes the conditions that must be met for authorized deletion of audit records. Section 6.1 of [ST] indicates that the TOE maintains a local audit log buffer that retains the last 1024 messages persistently, overwriting the oldest events as necessary, and is only accessible by TOE administrators after logging in. This section also states that the TOE protects the audit trail from modification and deletion by not allowing direct access to the audit log files. Component Guidance Assurance Activities: The evaluator shall examine the guidance documentation to determine that it describes any configuration required for protection of the locally stored audit data against unauthorized modification or deletion. The [ST] indicates that the audit trail is protected from modification by virtue of the fact that administrators are the only users of the system, and the CLI does not allow direct access to the audit log files. Thus only authenticated administrators and utilize the CLI commands provided, and those commands only allow clearing of the audit trail, not modification of individual records. Component Testing Assurance Activities: The evaluator shall perform the following tests: Test 1: The evaluator shall access the audit trail as an unauthorized administrator and attempt to modify and delete the audit records. The evaluator shall verify that these attempts fail. Test 2: The evaluator shall access the audit trail as an authorized administrator and attempt to delete the audit records. The evaluator shall verify that these attempts succeed. The evaluator shall verify that only the records authorized for deletion are deleted. The evaluator logged in as a default user with no admin permissions and then attempted to view the audit records. Permission was denied. The evaluator logged into the TOE as administrator and attempted to view locally stored audit records. The audit records were displayed. The evaluator then attempted to clear the audit trail and observed that a message was returned indicating that the Audit Log Cleared. Viewing the audit records confirmed the deletion of audit records PROTECTED AUDIT EVENT STORAGE (FAU_STG_EXT.1) FAU_STG_EXT.1.1 GSS CCT Assurance Activity Report Page 18 of Gossamer Security Solutions, Inc.

19 FAU_STG_EXT FAU_STG_EXT.1.3 Component TSS Assurance Activities: The evaluator shall examine the TSS to ensure it describes the means by which the audit data are transferred to the external audit server, and how the trusted channel is provided. The evaluator shall examine the TSS to ensure it describes the amount of audit data that are stored locally; what happens when the local audit data store is full; and how these records are protected against unauthorized access. If the TOE complies with FAU_STG_EXT.2 the evaluator shall verify that the numbers provided by the TOE according to the selection for FAU_STG_EXT.2 are correct when performing the tests for FAU_STG_EXT.1.3. The evaluator shall examine the TSS to ensure that it details the behavior of the TOE when the storage space for audit data is full. When the option 'overwrite previous audit record' is selected this description should include an outline of the rule for overwriting audit data. If 'other actions' are chosen such as sending the new audit data to an external IT entity, then the related behavior of the TOE shall also be detailed in the TSS. Section 6.1 of the ST states that the TOE sends audit records to a configured syslog server in the environment. The environment is relied upon to provide interfaces to read from the audit trail. The TOE generates a complete audit record which is packaged into a syslog protocol message. A network connection is established with the syslog server and the audit record is sent. Section 6.1 of [ST] indicates that the TOE maintains a local audit log buffer that retains the last 1024 messages persistently, overwriting the oldest events as necessary, and is only accessible by TOE administrators after logging in. This section also states that the TOE protects the audit trail from modification and deletion by not allowing direct access to the audit log files. GSS CCT Assurance Activity Report Page 19 of Gossamer Security Solutions, Inc.

20 Component Guidance Assurance Activities: The evaluator shall also examine the guidance documentation to ensure it describes how to establish the trusted channel to the audit server, as well as describe any requirements on the audit server (particular audit server protocol, version of the protocol required, etc.), as well as configuration of the TOE needed to communicate with the audit server. The evaluator shall also examine the guidance documentation to determine that it describes the relationship between the local audit data and the audit data that are sent to the audit log server. For example, when an audit event is generated, is it simultaneously sent to the external server and the local store, or is the local store used as a buffer and 'cleared' periodically by sending the data to the audit server. The evaluator shall also ensure that the guidance documentation describes all possible configuration options for FAU_STG_EXT.1.3 and the resulting behavior of the TOE for each possible configuration. The description of possible configuration options and resulting behavior shall correspond to those described in the TSS. The [CC-Guide] contains a section entitled Configuring the Fabric OS switch for Common Criteria. This section includes instructions to configure TLS protection for audit connections to an external audit server. The [CC-Guide] indicates that the syslog server must support TLSv1.2. The [CC-Guide] contains a description of the processing of the audit data within the TOE, and indicates that audit records are sent to the external server as soon as they are generated. Component Testing Assurance Activities: Testing of the trusted channel mechanism for audit will be performed as specified in the associated assurance activities for the particular trusted channel mechanism. The evaluator shall perform the following additional test for this requirement: a) Test 1: The evaluator shall establish a session between the TOE and the audit server according to the configuration guidance provided. The evaluator shall then examine the traffic that passes between the audit server and the TOE during several activities of the evaluator's choice designed to generate audit data to be transferred to the audit server. The evaluator shall observe that these data are not able to be viewed in the clear during this transfer, and that they are successfully received by the audit server. The evaluator shall record the particular software (name, version) used on the audit server during testing. The evaluator shall perform operations that generate audit data and verify that this data is stored locally. The evaluator shall perform operations that generate audit data until the local storage space is exceeded and verifies that the TOE complies with the behavior defined in FAU_STG_EXT.1.3. Depending on the configuration this means that the evaluator has to check the content of the audit data when the audit data is just filled to the maximum and then verifies that a) The audit data remains unchanged with every new auditable event that should be tracked but that the audit data is recorded again after the local storage for audit data is cleared (for the option 'drop new audit data' in FAU_STG_EXT.1.3). b) The existing audit data is overwritten with every new auditable event that should be tracked according to the specified rule (for the option 'overwrite previous audit records' in FAU_STG_EXT.1.3) GSS CCT Assurance Activity Report Page 20 of Gossamer Security Solutions, Inc.

21 c) The TOE behaves as specified (for the option 'other action' in FAU_STG_EXT.1.3). The evaluator configured the system (per guidance) to securely transfer audit data. The evaluator then captured network traffic between the TOE and the external audit server. The evaluator verified that the packet capture showed the audit data was not cleartext on the network. The evaluator also continued to generate audit data until the local storage space was exceeded. The evaluator verified that when the local audit storage was filled to the maximum, the existing audit data was overwritten based on the following rule: overwrite oldest records first. 2.2 CRYPTOGRAPHIC SUPPORT (FCS) CRYPTOGRAPHIC KEY GENERATION (FCS_CKM.1) FCS_CKM.1.1 Component TSS Assurance Activities: The evaluator shall ensure that the TSS identifies the key sizes supported by the TOE. If the ST specifies more than one scheme, the evaluator shall examine the TSS to verify that it identifies the usage for each scheme. Section 6.2 of the ST identifies the key sizes supported by the TOE for RSA, ECC and FFC schemes. It also describes the key usage for each scheme. Table 7 in Section 6.2 lists the cryptographic functions and the associated algorithms and key size. This includes the following: Cryptographic Signature Services -- using RSA Digital Signature Algorithm with key size 2048 bit and ECDSA Digital Signature Algorithm with NIST curves P-256 and P-384. Key Generation the TOE performs RSA, ECDSA and DSA Key generation Key Establishment -- for elliptic curve and finite-field based key establishment, the TOE implements the following sections of SP800-56A: 5.6 and all subsections. For RSA key establishment, the TOE implements the following sections of SP B: 6 and all subsections. These keys are used in cryptographic functions which support the SSHv2 and TLSv1.2 secure communication protocols. The ECDSA cryptography is available only through SSHv2. GSS CCT Assurance Activity Report Page 21 of Gossamer Security Solutions, Inc.

22 Component Guidance Assurance Activities: The evaluator shall verify that the AGD guidance instructs the administrator how to configure the TOE to use the selected key generation scheme(s) and key size(s) for all uses defined in this PP. The section entitled, Configuring the Fabric OS switch for Common Criteria in [CC-Guide] provides a list of configuration steps necessary to configure the TOE in Common criteria mode (i.e., a mode of operation meeting requirements from [ST]). This section includes commands to configure crypto functions that must be configured in order to meet requirements from the [ST]. Component Testing Assurance Activities: FIPS The TOE has been CAVP tested. Refer to Section 1.2, CAVP Certificate Justification and specifically to Table 1-2 TOE CAVP Certificates CRYPTOGRAPHIC KEY ESTABLISHMENT (FCS_CKM.2) FCS_CKM.2.1 Component TSS Assurance Activities: The evaluator shall ensure that the supported key establishment schemes correspond to the key generation schemes identified in FCS_CKM.1.1. If the ST specifies more than one scheme, the evaluator shall examine the TSS to verify that it identifies the usage for each scheme. For SP800-56B Key Establishment Schemes: The evaluator shall verify that the TSS describes whether the TOE acts as a sender, a recipient, or both for RSA-based key establishment schemes. Section 6.2 of the ST identifies the cryptographic functions and algorithms supported by the TOE for RSA, ECC and FFC schemes. It also describes the key usage for each scheme. Table 7 in Section 6.2 lists the cryptographic functions and the associated algorithms and key size. This includes the following: Key Establishment -- for elliptic curve and finite-field based key establishment, the TOE implements the following sections of SP800-56A: 5.6 and all subsections. For RSA key establishment, the TOE implements the following sections of SP B: 6 and all subsections. These keys are used in cryptographic functions which support the SSHv2 and TLSv1.1 and 1.2 secure communication protocols. The TOE acts as an initiator and responder for TLS and Responder for SSH. GSS CCT Assurance Activity Report Page 22 of Gossamer Security Solutions, Inc.

23 Component Guidance Assurance Activities: The evaluator shall verify that the AGD guidance instructs the administrator how to configure the TOE to use the selected key establishment scheme(s). The section entitled, Configuring the Fabric OS switch for Common Criteria in [CC-Guide] provides a list of configuration steps necessary to configure the TOE in Common criteria mode (i.e., a mode of operation meeting requirements from [ST]). This sections includes commands to configure The section entitled, Configuring the Fabric OS switch for Common Criteria in [CC-Guide] provides a list of configuration steps necessary to configure the TOE in Common criteria mode (i.e., a mode of operation meeting requirements from [ST]). This section includes commands to configure crypto functions that must be configured in order to meet requirements from the [ST]. omponent Testing Assurance Activities: FIPS The TOE has been CAVP tested. Refer to Section 1.2, CAVP Certificate Justification and specifically to Table 1-2 TOE CAVP Certificates CRYPTOGRAPHIC KEY DESTRUCTION (FCS_CKM.4) FCS_CKM.4.1 Component TSS Assurance Activities: The evaluator shall check to ensure the TSS lists each type of plaintext key material and its origin and storage location. The evaluator shall verify that the TSS describes when each type of key material is cleared (for example, on system power off, on wipe function, on disconnection of trusted channels, when no longer needed by the trusted channel per the protocol, etc.). The evaluator shall also verify that, for each type of key, the type of clearing procedure that is performed (cryptographic erase, overwrite with zeros, overwrite with random pattern, or block erase) is listed. If different types of memory are used to store the materials to be protected, the evaluator shall check to ensure that the TSS describes the clearing procedure in terms of the memory in which the data are stored (for example, 'secret keys stored on flash are cleared by overwriting once with zeros, while secret keys stored on the internal persistent storage device are cleared by overwriting three times with a random pattern that is changed before each write'). GSS CCT Assurance Activity Report Page 23 of Gossamer Security Solutions, Inc.

24 Section 6.2 of the ST provides a list of the Critical Security Parameters and their storage location. It states that the TOE is designed to zeroize secret and private keys when they are no longer required by the TOE. Zeroization occurs as follows: 1. When deleted from FLASH, the previous value is overwritten once with zeroes 2. When added or changed in FLASH, any old value is overwritten completely with the new value 3. Zeroization of values in RAM is achieved by overwriting once with zeroes. Component Component CRYPTOGRAPHIC OPERATION (AES DATA ENCRYPTION/DECRYPTION) (FCS_COP.1(1)) FCS_COP.1(1).1 Component Component Component Testing Assurance Activities: FIPS The TOE has been CAVP tested. Refer to Section 1.2, CAVP Certificate Justification and specifically to Table 1-2 TOE CAVP Certificates CRYPTOGRAPHIC OPERATION (SIGNATURE GENERATION AND VERIFICATION) (FCS_COP.1(2)) GSS CCT Assurance Activity Report Page 24 of Gossamer Security Solutions, Inc.

25 FCS_COP.1(2).1 Component Component Component Testing Assurance Activities: FIPS The TOE has been CAVP tested. Refer to Section 1.2, CAVP Certificate Justification and specifically to Table 1-2 TOE CAVP Certificates CRYPTOGRAPHIC OPERATION (HASH ALGORITHM) (FCS_COP.1(3)) FCS_COP.1(3).1 Component TSS Assurance Activities: The evaluator shall check that the association of the hash function with other TSF cryptographic functions (for example, the digital signature verification function) is documented in the TSS. Table 7 in Section 6.2 of the ST states that the TOE provides cryptographic hashing services using SHA-1, SHA-256 and SHA-512 and keyed-hash message authentication using HMAC-SHA-1, HMAC-SHA2-256 and HMAC-SHA Section 6.2 of the ST states that the TOE supports TLSv1.1 and TLSv1.2 with AES in conjunction with SHA-1 and SHA-256. The TOE supports SSHv2 with AES in conjunction with HMAC-SHA-1, HMAC-SHA2-256 and HMAC-SHA2-512 and RSA and ECDH using the following key exchange methods: diffie-hellman-group14-sha1, ecdh-sha2- nistp256 and ecdh-sha2-nistp384. The TOE also supports SSH_RSA and ecdsa-sha2-nistp256 for server authentication. Component Guidance Assurance Activities: The evaluator checks the AGD documents to determine that any configuration that is required to configure the required hash sizes is present. GSS CCT Assurance Activity Report Page 25 of Gossamer Security Solutions, Inc.

26 The section entitled, Configuring the Fabric OS switch for Common Criteria in [CC-Guide] provides a list of configuration steps necessary to configure the TOE in Common criteria mode (i.e., a mode of operation meeting requirements from [ST]). This section includes commands to configure hash sizes that must be configured in order to meet requirements from the [ST]. Component Testing Assurance Activities: FIPS The TOE has been CAVP tested. Refer to Section 1.2, CAVP Certificate Justification and specifically to Table 1-2 TOE CAVP Certificates CRYPTOGRAPHIC OPERATION (KEYED HASH ALGORITHM) (FCS_COP.1(4)) FCS_COP.1(4).1 Component TSS Assurance Activities: The evaluator shall examine the TSS to ensure that it specifies the following values used by the HMAC function: key length, hash function used, block size, and output MAC length used. Table 7 in Section 6.2 of the ST indicates that the HMAC-SHA-1, HMAC-SHA2-256 and HMAC-SHA2-512 functions are supported with digest sizes 160, 256 and 512 bits. The FCS_COP.1(4) requirement indicates that the cryptographic key sizes are equal to the input block size. Component Component Testing Assurance Activities: FIPS The TOE has been CAVP tested. Refer to Section 1.2, CAVP Certificate Justification and specifically to Table 1-2 TOE CAVP Certificates HTTPS PROTOCOL (FCS_HTTPS_EXT.1) FCS_HTTPS_EXT.1.1 GSS CCT Assurance Activity Report Page 26 of Gossamer Security Solutions, Inc.

27 FCS_HTTPS_EXT FCS_HTTPS_EXT.1.3 TSS Assurance Activities: The evaluator shall check that the TSS describes how peer authentication is implemented when HTTPS protocol is used. (Per TD0125) Section 6.3 of [ST] states that the TOE authenticates administrative users accessing the TOE the web interface (HTTPS) in the same manner using its own password-based authentication mechanism. Component Component Component Testing Assurance Activities: The evaluator shall perform the following tests: Test 1: The evaluator shall attempt to establish an HTTPS connection with a web server, observe the traffic with a packet analyzer, and verify that the connection succeeds and that the traffic is identified as TLS or HTTPS. Other tests are performed in conjunction with the TLS evaluation activities. Certificate validity shall be tested in accordance with testing performed for FIA_X509_EXT.1, and the evaluator shall perform the following test: Test 2: If 'the peer presents a valid certificate during handshake' is selected in FCS_HTTPS_EXT.1.3, then certificate validity shall be tested in accordance with testing performed for FIA_X509_EXT.1 if HTTPS is used for FTP_TRP.1 or FTP_ITC.1. (TD0125 applied) GSS CCT Assurance Activity Report Page 27 of Gossamer Security Solutions, Inc.

28 Login via the TOE GUI is protected by HTTPS/TLS and was conducted during the FTP_TRP.1-t1 test case. Review of the packet capture from FTP_TRP.1-t1, shows that traffic is protected by HTTPS/TLS. This packet capture also shows that traffic is initiated by the TOE s peer RANDOM BIT GENERATION (FCS_RBG_EXT.1) FCS_RBG_EXT FCS_RBG_EXT.1.2 Component Component Guidance Assurance Activities: Documentation shall be produced and the evaluator shall perform the activities in accordance with Appendix D of [NDcPP]. The Entropy description is provided in a separate (non-st) document that has been delivered to NIAP for approval. Note that the entropy analysis has been accepted by NIAP/NSA. Component Testing Assurance Activities: The evaluator shall perform 15 trials for the RNG implementation. If the RNG is configurable, the evaluator shall perform 15 trials for each configuration. The evaluator shall also confirm that the guidance documentation contains appropriate instructions for configuring the RNG functionality. If the RNG has prediction resistance enabled, each trial consists of (1) instantiate DRBG, (2) generate the first block of random bits (3) generate a second block of random bits (4) uninstantiate. The evaluator verifies that the second block of random bits is the expected value. The evaluator shall generate eight input values for each trial. The first is a count (0 â 14). The next three are entropy input, nonce, and personalization string for the instantiate operation. The next two are additional input and entropy input for the first call to generate. The final two are additional input and entropy input for the second call to generate. These values are randomly generated. 'generate one block of random bits' means to generate random bits with number of returned bits equal to the Output Block Length (as defined in NIST SP800-90A). GSS CCT Assurance Activity Report Page 28 of Gossamer Security Solutions, Inc.

29 If the RNG does not have prediction resistance, each trial consists of (1) instantiate DRBG, (2) generate the first block of random bits (3) reseed, (4) generate a second block of random bits (5) uninstantiate. The evaluator verifies that the second block of random bits is the expected value. The evaluator shall generate eight input values for each trial. The first is a count (0 â 14). The next three are entropy input, nonce, and personalization string for the instantiate operation. The fifth value is additional input to the first call to generate. The sixth and seventh are additional input and entropy input to the call to reseed. The final value is additional input to the second generate call. The following paragraphs contain more information on some of the input values to be generated/selected by the evaluator. Entropy input: the length of the entropy input value must equal the seed length. Nonce: If a nonce is supported (CTR_DRBG with no Derivation Function does not use a nonce), the nonce bit length is one-half the seed length. Personalization string: The length of the personalization string must be <= seed length. If the implementation only supports one personalization string length, then the same length can be used for both values. If more than one string length is support, the evaluator shall use personalization strings of two different lengths. If the implementation does not use a personalization string, no value needs to be supplied. Additional input: the additional input bit lengths have the same defaults and restrictions as the personalization string lengths. The TOE has been CAVP tested. Refer to Section 1.2, CAVP Certificate Justification and specifically to Table 1-2 TOE CAVP Certificates SSH SERVER PROTOCOL (FCS_SSHS_EXT.1) FCS_SSHS_EXT FCS_SSHS_EXT.1.2 GSS CCT Assurance Activity Report Page 29 of Gossamer Security Solutions, Inc.