Validated Product - Cisco IOS IPSec on the Integrated Services Routers, VPN Services Module (VPNSM) and IPSec VPN Shared Port Adapter (SPA), including VLAN Separation

Certificate Date: 31 May 2008

Validation Report Number: CCEVS-VR-VID10116-2008

Product Type: Router, Switch

Conformance Claim: EAL4 Augmented with ALC_FLR.1

PP Identifiers: None

CC Testing Lab: Arca CCTL

Security Target [PDF]
Validation Report [PDF]
CC Certificate [PDF]

PRODUCT DESCRIPTION

The TOE consists of hardware and software used to construct Virtual Private Networks (VPNs) between networks or a remote access client. The TOE is made up of a Cisco router or Catalyst 6500 switch, inclusive of IOS software and hardware modules used to accelerate the performance of the IPSec protocol. The included Cisco hardware provides options for deploying VPNs from the small office to the large Enterprise. IPSec provides confidentiality, authenticity and integrity for IP data transmitted between trusted (private) networks or remote clients over untrusted (public) links or networks.

SECURITY EVALUATION SUMMARY

 

The evaluation was carried out in accordance with the Arca Common Criteria Test Laboratory processes and procedures that are compliant with the Common Criteria Evaluation and Validation Scheme (CCEVS). The evaluation demonstrated that Cisco IOS-IPSec meets the security requirements contained in the Security Target. The criteria against which the Cisco IOS-IPSec TOE was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 2.3 Parts 2 and 3 and the International Interpretations effective on 8 August 2005. The evaluation methodology used by the Evaluation Team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 2.3. Arca CCTL determined that the evaluation assurance level (EAL) for the product is EAL 4 set of assurance components augmented with ALC_FLR.1. The product, when configured as specified in the installation guide, satisfies all of the security functional requirements stated in the IOS-IPSec Security Target, Version 1.0. The evaluation was completed in April 2008. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP) CCEVS Validation Team.
 

For this evaluation, it was appropriate for the Security Target to claim compliance with the external standard for FIPS 140 for the definition of the encryption algorithm. There are many ways of determining compliance with a standard. Cisco IOS IPSec has chosen to make a developer claim of compliance. This means that there has been no independent verification (by either the evaluators or a third party standards body, such as a FIPS laboratory) that the implementation of the cryptographic algorithms actually meets the claimed standards. Potential users of this product should confirm that the cryptographic capabilities are suitable to meet the user's requirements.

ENVIRONMENTAL STRENGTHS

 

The TOE provides confidentiality, authenticity and integrity for IP data transmitted between a combination of Cisco Systems routers, Catalyst switches, and VPN clients (located in IT Environment).
 
Specifically, the TOE ensures:
  • Packet flows are received/transmitted from/to known, trusted sources.
  • The confidentiality of packet flows is maintained during transmission.
  • Packet flows cannot be modified without being detected by the TOE.
  • Protection of cryptographic keys stored within the TOE.
  • Packet flows transmitted to the TOE has not been copied by an eavesdropper and retransmitted to the TOE.
 
Consumers of the product are expected to do the following:
  • Place the TOE in a controlled access facility that mitigates unauthorized physical access.
  • Ensure administrators identify which interfaces are to be considered untrusted and trusted. An untrusted interface is one that is connected to an untrusted network over which the administrator wishes to send and receive trusted traffic protected by IPSec encryption. 
  • Ensure that administrators have been trained to securely configure the TOE.
  • If the TOE is configured to use digital certificates, the issuing CA is trusted or evaluated to at least the same level as the TOE. This trusted CA must support 3DES for encryption.
  • Pre-shared keys are securely communicated between disparate administrators.
  • Ensure the VPN external IT entity is able to encrypt data transmitted to the TOE and decrypt data received from the TOE in accordance with the negotiated IKE/IPSec policy for the established VPN tunnel.
  • Ensure remote management is initiated from a management station connected to a trusted network and protected using the security functions of the TOE.

Cisco Systems, Inc.

Chris Romeo
919.392.0512
919.392.1790 (Fax)
chromeo@cisco.com

http://www.cisco.com/