NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - HPE 5400R zl2 Switch Series Version 5.011, KB_15_18_0008p01

Certificate Date:  2016.02.19

Validation Report Number:  CCEVS-VR-VID10587-2016

Product Type:    Network Device
   Network Switch

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Network Devices Version 1.1

CC Testing Lab:  CygnaCom Solutions, Inc

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The TOE is an HPE Networking ProVision Switch, a network device that implements various networking protocols in Layer-2 and Layer-3. The TOE offers network management and interconnectivity functionality by offering nonblocking, line-rate Ethernet switching and a full complement of IP features. The TOE consists of a hardware appliance with embedded software components. The TOE is HPE 5400R zl2 Switch Series running Greenhills Integrity OS version 5.011. The TOE’s Firmware Version is KB_15_18_0008p01.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. The TOE was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R4.

The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 R4. 

CygnaCom Solutions has determined that the product meets the security criteria in the Security Target, which specifies compliance with [U.S. Government Standard Protection Profile for Network Devices, 08 June 2012, Version 1.1] as changed/clarified by Security Requirements for Network Devices Errata #3 [NDPP].

A team of validators, on behalf of the CCEVS Validation Body, monitored the evaluation. The evaluation was completed in January 2016.

Environmental Strengths

The TOE is classified as a network device.

The TOE is designed to provide the following functionality:

The logical boundary of the TOE is defined by the implemented security functions:

·         Security Audit

o   The TOE generates audit records for all security-relevant events. For each event the TOE records the date and time, the type of event, the subject identity, and the outcome of the event logged. The resulting logs can be stored locally to be viewed by Managers and Operators and can securely be sent to a designated syslog server for archiving. The logs can be viewed by Operators and Managers using appropriate commands. The TOE also implements timestamps to ensure reliable audit information is available using appropriate commands.

·         Cryptographic Support

TOE implements following cryptographic protocols:

o   SSHv2 and TLS

TOE implements SSHv2 protocol and supports public key-based or password-based authentication with following parameters:

o   AES-CBC-128, AES-CBC-256 for data encryption

o   SSH_RSA for public-key authentication

o   hmac-sha1 for data integrity

o   diffie-hellman-group14-sha1 for key exchange

TOE implements TLS v1.0 protocol and supports following ciphers:



TOE implements following cryptographic functionality:

o   Random bit generation using CTR_DRBG(AES) seeded with 256 bits of entropy

o   Critical security parameters zeroization

The TSF uses the Mocana cryptographic library to manage Critical Security Parameters (CSPs) that implements zeroization procedures to mitigate the possibility of disclosure or modification of CSPs. Additionally, the TOE implements commands to on-demand zeroize CSPs (e.g. private RSA keys) that can be invoked by an authorized administrator with a sufficient permissions based on their role.

·         User Data Protection

o   The TOE ensures that network packets sent from the TOE do not include data “left over” from processing the previous network information.

·         Identification and Authentication

o   The TOE enforces Role-Based Access Control (RBAC) before allowing access to the command line, and menu interfaces. Before any other action, each user is identified with a login name and authenticated with a password. Each authorized user is associated with assigned role and specific permissions that determine access to TOE features. The TOE enhances user login security by masking passwords during entry on user login.

·         Security Management

o   The TOE supports role-based access to the administrative interfaces and management functions. The TOE provides the following management interfaces: a Command Line Interface (CLI), a Menu Interface, and a physical console available on the front panel of the switch appliance. The TOE supports the following roles: Manager, Operator. Both remote and local administration are accomplished over the CLI that provides access to all management functions used to administer the TOE only for the manager role.

·         Protection of the TSF

o   The TOE implements a number of measures to protect the integrity of its security features:

§  The TOE protects CSPs such as stored passwords and cryptographic keys so they are not directly accessible in plaintext.

§  The TOE ensures that reliable time information is available for both log accountability and synchronization with the operating environment.

§  The TOE employs both dedicated communication channels as well as cryptographic means to protect communication between itself and other components in the operation environment.

§  The TOE performs self-tests to detect failure and protect itself from malicious updates.

·         TOE Access

o   The TOE displays a banner regarding unauthorized use of the TOE before establishing a user session. The banners are customer-configurable. The TOE will also terminate a user’s session after an administrator-configured period of inactivity. Once a session (local or remote) has been terminated, the TOE requires the user to re-authenticate.

·         Trusted Path/Channels

o   The TOE protects remote sessions by establishing a trusted path between itself and the administrator. The TOE prevents disclosure or modification of logs by establishing a trusted channel between itself and the Syslog using the TLS protocol. To implement trusted path/secure channel the TOE uses the SSHv2 protocol.

Vendor Information

Hewlett Packard Enterprise Company
Bob Pittman
Site Map              Contact Us              Home