NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Ciena 8700 Packetwave Platform

Certificate Date:  2017.07.14

Validation Report Number:  CCEVS-VR-VID10729-2017

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 1.0

CC Testing Lab:  Booz Allen Hamilton Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Ciena 8700 Packetwave Platform (also known as the Ciena 8700) is a multi-terabit programmable Ethernet-over-dense wavelength division multiplexing (DWDM) packet switch. The TOE is a network device that is capable of performing Layer 2 switching and forwarding of high volumes of network traffic. The Ciena 8700 runs version 8.5 of the Ciena Service Aware Operating System (SAOS).

Evaluated Configuration

The TOE is the Ciena 8700 Packetwave Platform device that runs the Ciena Service Aware Operating System (SAOS) 8.5. SAOS is itself an extension of Linux kernel version 3.10. The TOE exists in both 4-slot and 10-slot models. There is no security functionality differences between the two devices as the software build and underlying processor families are identical for each device; the primary functional difference between the two models is in the number and type of data plane interfaces and the total network traffic bandwidth that is available.

The TOE requires the ‘advanced security’ license in its evaluated configuration, to allow the TOE to operate as an SSH server for secure remote administration.

The following table lists components and applications in the environment that the TOE relies upon in order to function properly:

  • Management Workstation: Any general-purpose computer that is used by an administrator to manage the TOE. The TOE can be managed remotely, in which case the management workstation requires an SSH client, or locally, in which case the management workstation must be physically connected to the TOE using either the serial port or dedicated management Ethernet port, and must use a terminal emulator that is compatible with serial communications.
  • OCSP Server: A server used to determine revocation status for X.509 certificates.
  • SFTP server: A file server used to receive security, event, and command log file data via SSH. Software updates are also delivered to the TOE using SFTP. However, the specific servers used to receive audit log data and to transmit software updates may be two different systems.
  • Syslog Server: A server used to receive remote audit data via syslog. In the evaluated configuration this connection is secured using TLS.
  • RADIUS Server (optional): A server used to perform user authentication on behalf of the TOE. In the evaluated configuration, this connection is secured using TLS. Note that the TOE also has the ability to define credentials locally so a RADIUS server does not need to be used.

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Ciena 8700 was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the Ciena 8700 Packetwave Platform with SAOS 8.5 Security Target Version 1.0. The evaluation underwent CCEVS Validator review. The evaluation was completed in July 2017. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID10729-2017, dated July 14, 2017 prepared by CCEVS.

Environmental Strengths

Security Audit

The TOE contains mechanisms to generate audit data to record predefined events on the TOE. The TOE transmits syslog audit data securely to a remote syslog server using TLS. The TOE also maintains security, event, and command logs internally. The contents of these logs can be configured to be transferred automatically to a remote SFTP server. Each audit record contains the subject information, time stamp, message briefly describing what actions were performed, outcome of the event, and severity. All audit record information is associated with the user of the TOE that caused the event where applicable. Locally-stored audit data can be deleted by a user with the Super role but it is read-only for all other roles. Local audit data is overwritten when the local storage space is full. 

Cryptographic Support

The TOE provides cryptography in support of SSH and TLS trusted communications. Asymmetric keys that are used by the TSF are generated in accordance with FIPS PUB 186-4 and are established in accordance with NIST SP 800-56A and NIST SP 800-56B. The TOE uses NIST-validated cryptographic algorithms (certificates AES Cert. #4470, DRBG Cert. #1454, DSA Cert. #1198, ECDSA Cert. #1092, HMAC Cert. #2967, KAS Cert. #120, RSA Cert. #2445, SHA Cert. #3682) to provide cryptographic services. Ciena’s implementation of these has been validated to ensure that the algorithms are appropriately strong and correctly implemented for use in trusted communications. The TOE collects entropy from software-based sources contained within the device to ensure sufficient randomness for secure key generation. Cryptographic keys are destroyed when no longer needed. 

Identification and Authentication

Users authenticate to the TOE either via the local console or remotely using SSH for management of the TSF. All users must be identified and authenticated to the TOE before being allowed to perform any actions on the TOE other than viewing the pre-authentication warning banner. Users can be authenticated using RADIUS by connecting to a RADIUS server in the Operational Environment over TLS. Depending on the configuration of the TSF and the method used to access the TOE, the user can also authenticate using a locally-defined username/password combination (as opposed to credentials being defined in RADIUS) or through SSH public key-based authentication. The TOE provides complexity rules that ensure that user-defined passwords will meet a minimum security strength. As part of connecting to the TOE locally using the management workstation, password data will be obfuscated as it is being input. The TSF connects to an OCSP server to verify certificate revocation status and includes a mechanism internally to determine the validity of certificates. The TOE provides support for X.509v3 certificates for authentication. 

Security Management

The TOE maintains distinct roles for user accounts: Limited, Admin, and Super. These roles define the management functions for each user on the TOE. A user who is assigned one of these roles is considered to be an administrator of the TOE, but the functions they are authorized to perform will differ based on the assigned role. The three roles are hierarchical, so each role has all of the privileges of the role(s) below it. A Limited user has read-only privileges for certain TOE functions and data whereas a user with the Admin role has read/write permission over most TOE functionality. The Super role is the highest role and can perform read/write operations on all TOE functions and data, including those functions that the Admin role is not authorized to perform. All administration of the TOE can be performed locally using a management workstation with a terminal client, or remotely using an SSH remote terminal application. 

Protection of the TSF

The TOE is able to ensure the security and integrity of all data that is stored locally and accessed remotely. The TOE provides no interface for the disclosure of secret cryptographic data, and administrative passwords themselves are hashed using SHA-512. The TOE maintains system time locally based on an administratively-defined time. TOE software updates are acquired using SFTP and initiated using the CLI. The TOE software version is administratively verifiable and software updates are signed to provide assurance of their integrity. The TSF validates its own correctness through the use of self-tests for both cryptographic functionality and integrity of the system software. 

TOE Access

The TSF can terminate inactive sessions after an administrator-configurable time period. The TOE also allows users to terminate their own interactive session. Once a session has been terminated the TOE requires the user to re-authenticate to establish a new session. The TOE displays a configurable warning banner prior to its administrative use. 

Trusted Path/Channels

The TOE establishes a trusted path to the TOE using SSH for remote administration. The TOE establishes trusted channels using TLS for sending syslog audit data to a remote syslog server and SSH for sending stored security, command, and event log data to a remote SFTP server. In addition, the TOE uses the SFTP interface to download updates. The TOE may also connect to the RADIUS server for user authentication using TLS.

Vendor Information

Ciena Corporation
Kevin Meagher
Site Map              Contact Us              Home