NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Fortress Mesh Point ES210, ES520, ES820, ES2440

Certificate Date:  2016.03.11

Validation Report Number:  CCEVS-VR-VID10667-2016

Product Type:    Virtual Private Network
   Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Network Devices Version 1.1
  Network Device Protection Profile (NDPP) Extended Package VPN Gateway Version 1.1

CC Testing Lab:  UL Verification Services Inc. (Formerly InfoGard)

Maintenance Release:
CC Certificate [PDF] Security Target [PDF] * Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Product Description

The TOE is classified as a VPN Gateway Network Device. The TOE employs Mesh networking, which allows multiple TOEs to network within the operational environment. Only VPN gateway functionality is evaluated in this Security Target. All WLAN functionality was evaluated in a separate Security Target.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target, based on the Security Functional Requirements of the Network Devices Protection Profile, Version 1.1, the Network Devices Errata #3, Version 1.0, November 3, 2014, and the Network Device Protection Profile (NDPP) Extended Package VPN Gateway, Version 1.1, April 12, 2013 documents.

The criteria for which the TOE was evaluated against are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The methodology used by the evaluation team to conduct the evaluation is contained in the Common Methodology for Information Technology Security Evaluation, Version 3.1.

InfoGard Laboratories, Inc. determined that the TOE, configured as specified in the operational guidance, satisfies all of the security functional requirements stated in the Security Target.

Environmental Strengths

The evaluation of the TOE provides assurance that the Security Functional Requirements (SFR) of the Network Devices Protection Profile, Version 1.1, and the Network Device Protection Profile (NDPP) Extended Package VPN Gateway, Version 1.1 have been met.

The TOE consists of the following Security Functions:

·         Security Audit (FAU)

·         Cryptographic Support (FCS)

·         User Data Protection (FDP)

·         Identification and Authentication (FIA)

·         Security Management (FMT)

·         Protection of the TSF (FPT)

·         TOE Access (FTA)

·         Trusted Path/Channels (FTP)

·         Packet Filtering (FPF)


The TOE will audit all events and information defined in [ST] Section 6.1.1, Table 8: Auditable Events. The TOE will also include the identity of the user that caused the event (if applicable), date and time of the event, type of event, and the outcome of the event.

The TOE protects storage of audit information from unauthorized deletion and prevents unauthorized modifications to the stored audit records. The TOE can transmit audit data to/receive data from an external IT entity using the IPsec protocol.

Cryptographic Operations

The TSF performs the following cryptographic operations:

  • IPSEC with:
    • AES128 and AES256 with modes CBC and GCM and 128/256 bit keys respectively.
    • ECDSA with curves P-256 and P-384 for peer authentication to authorized IT entities.
    • DH Groups:  14 (2048-bit MODP) 19 (256-bit Random ECP),  and 20 (384-bit Random ECP) for key exchange
    • Used for communications with authorized IT entities
  • TLS 1.0 with:
    • Used for securing communication with the GUI through HTTPS/TLS, as well as adding additional security in communicating with the RADIUS authentication server
  • SSH with:
    • ecdsa-sha2-nistp256, and ecdsa-sha2-nistp384 for public key algorithm
    • AES-CBC-128 and AES-CBC-256 for encryption algorithm
    • HMAC-SHA1 and HMAC-SHA1-96 for data integrity algorithm
    • diffie-hellman-group14-SHA1, ecdh-sha2-nistp256, and ecdh-sha2-nistp384 for key exchange
    • Used for establishing an administrator CLI tunnel

The TSF zeroizes all plaintext secret and private cryptographic keys and CSPs once they are no longer required.

User Data Protection

The TSF shall enforce that any previous information content of a resource is made unavailable upon the allocation of the resource to all objects. The TOE can maintain user authentication and audit information.

Identification and Authentication

The TSF supports passwords consisting of alphanumeric and special characters. The TSF also allows administrators to set a minimum password length and supports passwords with 15 characters or more.

The TSF requires all administrative users to authenticate before allowing the user to perform any actions other than:

·         Viewing the warning banner

·         Receiving and sending Mesh Viewer Protocol (MVP) packets every 30 seconds on port 4949

Security Management

The TOE maintains the Role of Authorized Administrator. This allows the administrator to administer the TOE either locally or remotely through a CLI/GUI. This includes the ability to:

·         Configure the cryptographic functionality

·         Configure the IPsec functionality

·         Enable, disable, determine and modify the behavior of all the security functions of the TOE identified in this ST to the Administrator

·         Configure all security management functions identified in other sections of this ST

Protection of the TSF

The TSF prevents the reading of secret and private keys. The TOE provides reliable time stamps for itself. The TOE runs a suite of self-tests during the initial start-up (upon power on) to demonstrate the correct operation of the TSF. The TOE provides a means to verify firmware/software updates to the TOE using a digital signature mechanism and published hash prior to installing those updates.

TOE Access

The TOE, for both local and remote interactive sessions, will terminate the session after an Authorized Administrator-specified period of session inactivity. The TOE allows Administrator-initiated termination of the Administrator’s own interactive session. Before establishing an administrative user session, the TOE is capable of displaying an Authorized Administrator-specified advisory notice and consent warning message regarding unauthorized use of the TOE.

Trusted Path/Channels

The TOE permits the TSF, or the authorized IT entities to initiate communication via the trusted channel. The TSF trusted channel provides assured identification of its endpoints, protects the channel data from disclosure, and detects modification of the channel data.  This trusted channel is provided via IPsec, and protects RADIUS, syslog, and NTP. The TOE permits remote administrators to initiate communication via the trusted path. The TOE requires the use of the trusted path for initial administrator authentication and all remote administration actions.

Packet Filtering

The TOE performs Packet Filtering on network packets processed by the TOE. When the TOE starts-up, it takes the actions listed in the “Protection of the TSF (FPT)” paragraph listed above (self-tests). Those actions include tests at firmware boot time and tests at software boot time. No packets flow during firmware or software boot until all of the software known answers and entropy tests have passed.

Vendor Information

General Dynamics Mission Systems
David Aylesworth
Site Map              Contact Us              Home