NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - IAS Router Series: IAS STEW, IAS KG-RU, IAS Router MICRO

CC Certificate [PDF] Security Target [PDF] * Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Product Description

The IAS Routers are a family of ultra-portable routers that offer advanced routing capabilities and diverse WAN technology options which enables the users to leverage a wide array of WAN technologies (e.g. Ethernet, Wi-Fi, Cellular) to establish a VPN connection between the IAS Router and a secure LAN.

The Target of Evaluation (TOE) is a VPN Gateway Network Device (router) and consists of the following hardware:
·         IAS STEW Rev. 1.0
·         IAS KG-RU Rev. 1.0
·         IAS Router Micro Rev. 1.0

·         IASRouter-2015-11-24_50e8756_Release-x86-fips_cc. firmware

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target, based on the Security Functional Requirements of the Protection Profile for Network Devices, Version 1.1, June 8, 2012, Security Requirements for Network Devices Errata #3, November 3, 2014, and the Network Device Protection Profile Extended Package VPN Gateway, Version 1.1, April 12, 2013.

The criteria for which the TOE was evaluated against, are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The methodology used by the evaluation team to conduct the evaluation is contained in the Common Methodology for Information Technology Security Evaluation, Version 3.1.

InfoGard Laboratories, Inc. determined that the TOE, configured as specified in the operational guidance, satisfies all of the security functional requirements stated in the Security Target.

Environmental Strengths

The evaluation of the TOE provides assurance that the Security Functional Requirements (SFR) of the Protection Profile for Network Devices, Version 1.1, June 8, 2012, Security Requirements for Network Devices Errata #3, November 3, 2014, and the Network Device Protection Profile Extended Package VPN Gateway, Version 1.1, April 12, 2013, have been met. A summary of the SFRs are as follows:


The TOE generates audit records for security relevant events. The TOE maintains a local audit log as well as sending the audit records to a remote Syslog server. Audit records sent to the remote server are protected by an IPsec tunnel. Each audit record includes identity (username, IP address, or process), date and time of the event, type of event, and the outcome of the event. The TOE prevents modification to the local audit log.

Cryptographic Operations

The TOE implements CAVP validated cryptographic algorithms for random bit generation, encryption/decryption, authentication, and integrity protection/verification. These algorithms are used to provide security for the TLS and IPsec (IKEv1, IKEv2, and ESP) protocols.

The TOE zeroizes all plaintext secret and private cryptographic keys and CSPs once they are no longer required.

User Data Protection

The TOE ensures that previous content of network packets is not reused in subsequent network packets. The TOE zeroizes packet buffers when each buffer is allocated.

Identification and Authentication

The TOE authenticates administrative users using a username/password combination. The TSF does not allow access to any administrative functions prior to successful authentication. The TOE has the capability to lock a remote user’s account if that user exceeds the configured number of failed authentication attempts.

Security Management

The TOE implements a restrictive HTTPs based interface that allows authorized administrative users to manage the TOE. This interface does not allow the execution of arbitrary commands. The TOE also implements a local command line interface (CLI) to allow authorized administrators to reset the TOE to factory defaults and view logs. These interfaces restrict the administrator to executing well-defined commands that are required to configure and administer the TOE.

Packet Filtering

The TOE filters packets received on the physical interfaces and virtual interfaces (IPsec tunnels). The TOE reads each packet’s header and can be configured to allow or deny the packet based on IP source address, IP destination address, Transport Layer Protocol (if specified in the IP header), TCP or UDP source port, and/or TCP or UDP destination port.

Protection of the TSF

The TOE protects itself through a number of features. The administrative interfaces do not allow the administrator to execute arbitrary binaries or provide commands for the administrator to display secret and private keys. The TOE ensures timestamps and timeouts are accurate by maintaining a real-time clock for measuring time as well as polling an NTP server to mitigate drift.

The TOE implements self-tests to verify its correct operation prior to enabling networking. If the power-on self-tests fail or a fatal conditional self-test fails, the TOE enters an error state, disables network services, and disables all cryptographic operations.

The TOE automatically verifies the authenticity and integrity of updates by requiring the updates to be digitally signed. The TOE verifies that every update is digitally signed prior to installing the update.

TOE Access

The TOE can be configured to display a warning and consent banner when an administrator attempts to establish an interactive session over the local CLI or remote HTTPs interface. The TOE also enforces a configurable inactivity timeout for remote administrative and IPsec sessions.

The TOE can be configured to deny establishment of a VPN client session based on the time, day, and/or remote client’s IP address.

Trusted Path/Channels

The TOE uses IPsec to provide a trusted communication channel between itself and VPN peers. The trusted channels utilize X.509 certificates or pre-shared keys to perform mutual authentication. The TOE initiates the IPsec trusted channel with a remote peer to protect user data and protect communication with the syslog server.

The TOE uses TLS/HTTPs to provide a trusted path between itself and remote administrative users. The TOE does not implement any additional methods of remote administration. The administrator can configure the remote administration to be tunneled through IPsec in addition to using TLS/HTTPs.

Vendor Information

Information Assurance Specialists, Inc.
Keiron Tomasso
(202) 640-2623
Site Map              Contact Us              Home