PRODUCT DESCRIPTION

The TOE provides hardware and software components for a Storage Area Network (SAN).  Specifically, the TOE provides a Fibre Channel switched fabric to transport data for storage or retrieval enabling back-end storage devices to communicate with file or application servers. The TOE is inclusive of:

• The SAN-OS operating system running on the MDS 9000 family of Multilayer Directors and Fabric Switches.
• Fabric Manager, a web-based management application.

SECURITY EVALUATION SUMMARY

The evaluation was carried out in accordance with the Arca Common Criteria Test Laboratory processes and procedures that are compliant with the Common Criteria Evaluation and Validation Scheme (CCEVS). The evaluation demonstrated that Cisco MDS 9000 meets the security requirements contained in the Security Target.  The criteria against which the Cisco MDS 9000 TOE was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2 Parts 2 and 3 and the International Interpretations effective on 30 January 2004.  The evaluation methodology used by the Evaluation Team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.2.  Arca CCTL determined that the evaluation  assurance level (EAL) for the product is EAL 3 set of assurance components augmented with ALC_FLR.1.  The product, when configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Cisco MDS 9000 Security Target, Version 3.0.  The evaluation was completed in September 2008. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP) CCEVS Validation Team.

For this evaluation, it was appropriate for the Security Target to claim compliance with the external standard for FIPS 140 for the definition of the encryption algorithm. Cisco MDS 9000 has chosen to make a developer claim of compliance. This means that there has been no independent verification (by either the evaluators or a third party standards body, such as a FIPS laboratory) that the implementation of the cryptographic algorithms actually meets the claimed standards. Potential users of this product should confirm that the cryptographic capabilities are suitable to meet the user's requirements.

ENVIRONMENTAL STRENGTHS

The TOE provides a Storage Area Network (SAN) enabling back-end storage devices to communicate with host servers.

Specifically, the TOE:

• Ensures that only authorized switches and hosts within the SAN fabric to access other switches and hosts.
• Ensures that the TOE will only permit those authorized devices and user groups within the same virtual SAN (VSAN) to access a zone.
• Ensures that only permitted authorized users, switches, hosts and devices within the SAN fabric access to the appropriate VSAN.
• Prevent unauthorized disclosure of VSAN traffic from those users and devices belonging to other VSANs within the SAN fabric.

Consumers of the product are expected to do the following:

• Place the TOE in a controlled access facility that mitigates unauthorized physical access.
• Ensure that administrators have been trained to securely configure the TOE.
• Ensure that administrators of the TOE use passwords that conform to complexity requirements as described in the evaluated guidance documentation.
• The Management LAN is protected, meaning the TOE is not expected to deal with malicious attacks on its management interface. As such all services such as Authentication, Authorization, and Auditing (AAA) or Network Time Protocol (NTP) provided by the management LAN and all devices attached to the management LAN are expected to perform in a secure manner.
• Time sources external to the TOE are stored in a secure location and configured accurately so as to provide an accurate clock source for the TOE.

Vendor Information

Cisco Systems, Inc.
+1 410 309 4862
certteam@cisco.com

http://www.cisco.com