Compliant Product - Cisco Nexus 5000 Series Switch w/2000 Series Fabric Extenders running s/w NX-OS v5.0(3)N1(1c), and Cisco Secure Access Control Server (ACS) running s/w v5.2 patch 3
Certificate Date: 08 September 2011
Validation Report Number: CCEVS-VR-VID10384-2011
Product Type: Network Switch, Sensitive Data Protection, VPN
Conformance Claim: EAL4 Augmented with ALC_FLR.2
PP Identifiers: None
CC Testing Lab: SAIC Common Criteria Testing Laboratory
The Target of Evaluation (TOE) is the Nexus 5000 Series Switch with 2000 Series Fabric Extenders and Cisco Secure Access Control Server (ACS) solution. The following models were evaluated:
- Nexus 5000 Series Switch:
- Cisco Nexus 5548P - Supporting 32 fixed 1 and 10 Gigabit Ethernet ports(Ports 1 to 16 Can Run at 1 Gigabit Ethernet), FCoE, and 1 Expansion Module Slot
- Cisco Nexus 5596UP - A 2RU switch supporting 48 1/10 Gigabit Ethernet fixed enhanced Small Form-Factor Pluggable (SFP+) Ethernet/FCoE or 1/2/4/8-Gbps native FC unified ports and three expansion slots.
- Cisco Nexus 5020 - Supporting 40 Fixed Ports of 10 Gigabit Ethernet (Ports 1 to 16 Can Run at 1 Gigabit Ethernet), FCoE, and 2 Expansion Module Slots
- Cisco Nexus 5010 - Supporting 20 Fixed Ports of 10 Gigabit Ethernet (Ports 1 to 16 Can Run at 1 Gigabit Ethernet), FCoE, and 1 Expansion Module Slot
- Nexus 2000 Series Fabric Extenders –
- Designed specifically to give customers a means of granularly transitioning from Gigabit Ethernet to 10 Gigabit Ethernet and Unified Fabric; and supporting up to 48 Gigabit Ethernet downlinks and 4 10 Gigabit Ethernet uplinks
- Cisco appliance models 1120, 1121, or virtual appliance running the ACS software
All appliance models comprising the TOE provide the same security functionality. They differ only in the number and speed of their network connections and their processing capacity (in terms of memory and processor speeds).
The Nexus 5000 Series TOE offers a unified fabric with high-capacity 10GbE, Fibre-Channel over Ethernet (FCoE) with low-latency, together with Data Center Ethernet (DCE). In addition to the Nexus 5000 Series Switch itself, the solution provided by the TOE includes the CISCO Nexus 2000 Series Fabric Extender, the NX-OS software and the Cisco Secure Access Control Server (ACS), which provides a scalable IGbE and 10GbE Data Center access solution in addition to providing classical Ethernet.
The ACS TOE component is an AAA server that provided authentication services and supports the implementation of information flow policies by the Nexus 5000 switch TOE component. The AAA services provided by the ACS server include RADIUS and TACACS+ for authentication.
SECURITY EVALUATION SUMMARY
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Cisco Nexus 5000 Series Switch with 2000 Series Fabric Extenders and ACS TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 3. Science Applications International Corporation (SAIC) determined that the evaluation assurance level (EAL) for the product is EAL 4 augmented with ALC_FLR.2. The product, when delivered configured as identified in Nexus 5000 Series Switch Nexus 2000 Series Fabric Extender Cisco Secure ACS Preparative Procedures and Operational User Guidance Wrapper document, satisfies all of the security functional requirements stated in the Cisco Nexus 5000 Switch Series Security Target (Version .15). The project underwent one Validation Oversight Panel (VOR) panel review. The evaluation was completed in August 2011. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-10384-2011, dated August 2011) prepared by CCEVS.
The logical boundaries of Nexus 5000 Series Switch with 2000 Series Fabric Extenders and ACS TOE are realized in the security functions that they implement. These security functions are realized at the interfaces that service clients and via the administrator commands. Each of these security functions is summarized below.
Data Plane Information Flow Control – The TOE provides the ability to control traffic flow into or out of the Nexus 5000 switch using Routing Access Control Lists (RACLs), Port Access Control Lists (PACLs), VLAN Access Control Lists (VACLs), and Virtual Routing and Forwarding (VRF). A PACL is an administratively configured access control list that is applied to Layer 2 traffic that is routed into Nexus 5000 switch. A VACL is an administratively configured access control list that is applied to packets that are routed into or out of a VLAN or are bridged within a VLAN. VACLs are strictly for security packet filtering and for redirecting traffic to specific physical interfaces. PACLs can filter ingress traffic filtered based on the following: Source IP address, Destination IP address, Source port number, Destination port number, Protocol, ICMP message type, ICMP message code, IGMP message type, Source MAC address, Destination MAC address, Protocol, Class of Service (COS), VLAN ID, Precedence, Packet Length, TTL, or DSCP value. VRFs allow multiple instances of routing tables to exist within the Nexus 5000 switch TOE component simultaneously. Each VRF instance uses a single routing table. These tables prevent traffic from being forwarded outside a specific VRF path and also keep out traffic that should remain outside the VRF path.
Management Security - Users must be authenticated prior to gaining access to the administrative functionality of the Nexus 5000 switch and ACS TOE components. Administrative authentication options include RADIUS or TACACS+ authentication facilitated by the ACS TOE component and authentication against a database local to the Nexus 5000 appliance. Both the Nexus 5000 switch and ACS TOE components also audit administrator actions. Additionally, the Nexus 5000 switch TOE component implements Role-based Access Control (RBAC) in providing a granular administration authorization framework for defining the exact Nexus 5000 administrative capabilities available to the user based on assigned role(s).
Virtualization and Availability – The TOE provides several measures to help assure that Nexus 5000 switch is able to constantly provide the desired switching services. The Control Plan Protection feature allows policing of control-plane traffic by classifying traffic into different categories. This feature requires no configuration and is statically implemented to protect the CPU ensuring the CPU is not overwhelmed as excessive traffic could overload the CPU and slow down the performance of the entire TOE. The TOE also provides a several traffic control policies specifically to ensure that the TOE services are available to legitimate traffic. A VLAN on a network is a broadcast domain. All of the hosts on that VLAN can communicate with the other members of the same VLAN. Private VLANs allow traffic to be segmented at the data-link layer (layer 2) of the OSI model, limiting the size of the broadcast domain.