NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Fortress Mesh Point ES210, ES520, ES820, ES2440 version 5.4.5

Certificate Date:  2016.05.31

Validation Report Number:  CCEVS-VR-VID10711-2016

Product Type:    Wireless LAN

Conformance Claim:  Protection Profile Compliant

PP Identifier:    Protection Profile for Wireless Local Area Network (WLAN) Access Systems Version 1.0

CC Testing Lab:  UL Verification Services Inc. (Formerly InfoGard)

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The TOE is classified as a Wireless LAN Access System which also provides VPN Gateway functionality. The TOE employs Mesh networking, which allows multiple TOEs to network within the operational environment. Only WLAN functionality is evaluated in the Security Target (ST). All VPN functionality was evaluated in a separate Security Target.

The TOE brings secure wireless communications to environmentally challenging situations, including, outdoor locations, and across long distances through a self-forming, self-healing mesh network. Delivered in a form factor that is rugged, weatherized, and easy to set-up and operate, the TOE functions as both a wireless access point and bridge, and VPN gateway, with up to four powerful radios for maximum range and performance.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target, based on the Security Functional Requirements of the Wireless LAN Access System Protection Profile, Version 1.0, December 2011. This evaluation reused testing evidence from VID 10667, Fortress Mesh Point ES210, ES520, ES820, ES2440. That validation covered the same product, but was evaluated against the Network Device Protection Profile with the VPN EP. Testing evidence was reused for those SFRs where the requirement and the assurance activity was the same. The two validations shared configuration guidance, ensuring the products were in the same configuration. The original VID10667 validation was against a slightly earlier version of the firmware. The CCTL submitted a maintenance action against VID10667 to bring it to the same firmware as this validation. The ACMR, indicating that the change was minor and providing details on the regression testing performed, is being issued concurrent with this VR. This is acceptable because the evaluations covered the same products, which use the same firmware, and were in the same configuration.  

The criteria for which the TOE was evaluated against are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1. The methodology used by the evaluation team to conduct the evaluation is contained in the Common Methodology for Information Technology Security Evaluation, Version 3.1.

InfoGard Laboratories, Inc. determined that the TOE, configured as specified in the operational guidance, satisfies all of the security functional requirements stated in the Security Target.

Environmental Strengths

The evaluation of the TOE provides assurance that the Security Functional Requirements (SFR) of the Wireless LAN Access System Protection Profile, Version 1.0 have been met.

The TOE consists of the following Security Functions:

·         Security Audit (FAU)

·         Cryptographic Support (FCS)

·         User Data Protection (FDP)

·         Identification and Authentication (FIA)

·         Security Management (FMT)

·         Protection of the TSF (FPT)

·         TOE Access (FTA)

·         Trusted Path/Channels (FTP)


The TOE has the ability to audit events based on a specified criteria. To protect the TSF from audit log overflow, the TOE uploads audit data to an external syslog server through an IPsec tunnel. The audit record includes: the date and time of the event, the user who triggered the event (if event was user based and user is known), and event specific information. The TOE also protects all locally stored audit data from un-authorized modification and deletion.

Cryptographic Operations

The TOE provides cryptographic functions to protect information, including mechanisms to encrypt, decrypt, hash, digitally sign, and perform cryptographic key agreement. The evaluated configuration uses a subset of the cryptographic implementations listed in Section 9 of the ST for all cryptographic purposes. The FIPS-Approved cryptographic algorithms used by the TOE, and specified by the SFRs, are listed in Table 15 of the ST. The following protocols are implemented by the TOE and use FIPS-Approved cryptographic algorithms:

  • WPA2 (802.11i)
  • WPA2 (EAP-TLS)
  • IPsec
  • SSHv2

The TSF zeroizes all plaintext secret and private cryptographic keys and CSPs once they are no longer required.

User Data Protection

The TOE protects user data, (i.e., only that data exchanged with wireless client devices), using the IEEE 801.11i standard wireless security protocol. The TOE mediates the flow of information passing to and from the WAN port and ensures that resources used to pass network packets through the TOE do not contain any residual information.

Identification and Authentication

The TOE requires the system administrators be authenticated before access to the TOE is granted; administrators may login to the TOE by providing a user name and password via a local RJ45 using a serial RS-232 connection, and via SSH, HTTPS, or X.509 for TLS. Administrators may connect to the TOE remotely via the LAN, WAN, or 802.11a/b/g/n interfaces.

The TOE displays a configurable access banner and requires an administrator to authenticate using a username and password. An external RADIUS server can be configured for authentication through an IPsec tunnel. Authentication can take place, by user name and password (and hexadecimal device ID if applicable). For IPsec, the TOE also supports X.509 certificates. EAP-TLS is used for WPA2 wireless authentication via x.509 certificates.

Security Management

The management of the security relevant parameters of the TOE must be performed by the authorized administrator; the TOE provides the following management interfaces:

  • Command Line Interface (CLI) via
    • local RJ45 or serial connection,
    • Remote SSH interface via the LAN, WAN ports, and 802.11 wireless interface
  • Remote HTTPS Web UI via the LAN, WAN ports, and 802.11 wireless interface

Protection of the TSF

The TOE identification and authentication security functions allow only authenticated administrative users direct access to the TOE. If a wireless user does not authenticate as an administrative user then that user is a wireless client and can only pass traffic through the TOE and cannot execute commands on the TOE.

Administrative users are allowed to login via the CLI and Web UI to access all management functions. The management interfaces do not allow administrative users access to the underlying operating system and there are no general-purpose computing or storage repository capabilities (e.g., compilers, editors, or user applications) available on the TOE. Any access to a management interface (CLI or GUI) is protected by a secure channel except via RS-232; as this is considered local administration.

The TOE has the capability to obtain reliable time from a remote Network Time Protocol (NTP) Server to provide reliable time stamps for audit services. Additionally, the system administrator can manually set the time (maintained locally in the hardware Real Time Clock (RTC)) on the TOE using the Web UI or CLI management interfaces.

The TOE runs a set of self-tests on power-on to verify the correct operation of the TOE’s underlying hardware, TOE software and cryptographic modules. Additional cryptographic tests are performed during normal operation. The security of network data is maintained by ensuring no residual information is included in network packets.

TOE Access

The TOE displays the access banner before establishing an administrative session. The TOE terminates an interactive session after an Authorized Administrator-configurable time interval of session inactivity. A wireless client session is defined as being allowed access to a particular port on the application layer. The TOE is able to deny establishment of a wireless client session based mac address.   

Trusted Path/Channels

The TOE uses 802.11-2007 and IPsec to provide a trusted communication channel between itself and any authorized IT entities. In addition to IPsec, EAP-TLS is used for RADIUS.

The TSF initiates communication via the trusted channel for RADIUS, NTP and Syslog. The TOE uses SSH and TLS/HTTPS to provide a trusted communication path between itself and remote administrators.

Vendor Information

General Dynamics Mission Systems
David Aylesworth
Site Map              Contact Us              Home