NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Hewlett Packard Enterprise MSR 1000 Series, 2000 Series, 3000 Series, and 4000 Series Routers with Comware V7.1

Certificate Date:  2016.03.04

Validation Report Number:  CCEVS-VR-VID10670-2016

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Network Devices Version 1.1

CC Testing Lab:  Leidos Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Target of Evaluation (TOE) is the Hewlett Packard Enterprise MSR 1000, 2000, 3000, and 4000 Series Routers with Comware V7.1.059, Release 0305. 
The MSR 1000 Series router in the evaluated configuration comprises the following specific devices.
·    HP MSR1002-4 AC Router ((JG875A)
·    HP MSR1003-8S AC Router (JH060A)
The MSR 2000 Series router in the evaluated configuration comprises the following specific devices:
·    HP MSR2003 AC Router (JG411A)
·    HP MSR2004-24 AC Router (JG734A)
·    HP MSR2004-48 Router (JG735A)
The MSR 3000 Series in the evaluated configuration comprises the following specific devices:
HP MSR3012 AC Router (JG409A)
HP MSR3012 DC Router (JG410A)
HP MSR3024 AC Router ((JG406A)
HP MSR3024 DC Router (JG407A)
HP MSR3024 PoE Router (JG408A)
HP MSR3044 Router (JG405A)
HP MSR3064 Router (JG404A)
The MSR 4000 Series in the evaluated configuration comprises the following specific devices:
·    HP MSR 4060 Router Chassis with HP MSR4000 MPU-100 Main Processing Unit (JG403A)
·    HP MSR 4080 Router Chassis with HP MSR4000 MPU-100 Main Processing Unit (JG402A)
Note: Each MSR4000 product series must also have one of the following Service Processing Units :
·    HP MSR4000 SPU-100 Service Processing Unit (JG413A);
·    HP MSR4000 SPU-200 Service Processing Unit (JG414A); or
·    HP MSR4000 SPU-300 Service Processing Unit (JG670A).
Each of the Series Router products is a stand-alone Gigabit Ethernet router appliance designed to implement a range of network layers 2 and 3 switching, service and routing operations.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the HPE MSR Routers were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.   The product, when delivered and configured as identified in the Preparative Procedures for CC NDPP Evaluated Hewlett Packard Enterprise MSR1000, MSR2000, MSR3000 and MSR4000 router series based on Comware V7.1, version 1.01, February 16, 2016 document, satisfies all of the security functional requirements stated in the Hewlett Packard Enterprise MSR Routers 1k-4k Security Target Version 1.0 February 16, 2016.  The project underwent CCEVS Validator review.  The evaluation was completed in February 2016.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

Security Audit

The TOE is able to generate logs for a wide range of security relevant events including the events specified in NDPP. The TOE can be configured to store the logs locally so they can be accessed by an administrator or alternately to send the logs to a designated external log server.

Cryptographic Support

The TOE includes NIST-validated cryptographic mechanisms that provide key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level cryptographic protocols, including IPsec and SSHv2.  Note that in the evaluated configuration, the TOE must be configured in FIPS mode, which ensures the TOE’s configuration is consistent with the FIPS 140-2 standard.

User Data Protection

The TOE performs network switching and routing functions, passing network traffic among its various physical and logical network connections. While implementing applicable network protocols associated with network traffic forwarding, the TOE employs mechanisms to ensure that it does not inadvertently reuse data found in network traffic.

Identification and Authentication

The TOE requires administrators to be successfully identified and authenticated before they can access any security management functions available in the TOE. The TOE offers both a locally connected console and a network accessible interface (SSHv2) for interactive administrator sessions.

The TOE supports on device definition of administrators with usernames and passwords. Additionally, the TOE can be configured to utilize the services of trusted RADIUS and TACACS+ servers in the operational environment to support, for example, centralized user administration. The TOE supports the use of text-based pre-shared keys for IKE peer authentication.

Security Management

The TOE provides Command Line (CLI) commands to access a range of security management functions. Security management commands are limited to administrators and are available only after they have provided acceptable identification and authentication data to the TOE.

Protection of the TSF

The TOE implements a number of features to ensure the reliability and integrity of its security features.
It protects data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (for example, for log accountability).

The TOE uses cryptographic means to protect communication with remote administrators. When the TOE is configured to use the services of a Syslog server or authentication servers in the operational environment, the communication between the TOE and the operational environment component is protected using encryption.

The TOE includes functions to perform self-tests so that it might detect when it is failing. It also includes mechanisms to ensure updates to the TOE will not introduce malicious or other unexpected changes in the TOE.

TOE Access

The TOE can be configured to display an informative banner that will appear prior to authentication when accessing the TOE via the console or SSH interfaces. The TOE subsequently will enforce an administrator-defined inactivity timeout value which, when exceeded, will terminate the inactive session.

Trusted Path/Channels

The TOE protects interactive communication with administrators using SSHv2 for CLI access. Using SSHv2, both integrity and disclosure protection are ensured.
The TOE protects communication with network peers, such as audit and authentication servers, using IPsec connections to prevent unintended disclosure or modification of logs.

Vendor Information

Hewlett Packard Enterprise Company
Bob Pittman
Site Map              Contact Us              Home