NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Avaya VSP 4000, VSP 7000 and VSP 8000

Certificate Date:  2017.03.10

Validation Report Number:  CCEVS-VR-VID10755-2017

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 1.0

CC Testing Lab:  Acumen Security

Maintenance Release:
CC Certificate [PDF] Security Target [PDF] * Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

* This is the Security Target (ST) associated with the latest Maintenance Release.  To view previous STs for this TOE, click here.

Product Description

The TOE consists of a family of Ethernet switches that can be deployed in different environments to suit the needs of varying networks. They can be deployed individually or in combination with other solutions. The TOE also provides network protection through the use of industry standard security functions.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the Avaya Virtual Services Platform (VSP 4000, VSP 7000, VSP 8000) was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4. Acumen Security determined that the product is conformant to requirements in the Collaborative Protection Profile for Network Devices, Version 1.0, dated 27 February 2015. The product, when delivered configured as identified in the Common Criteria Avaya VSP Series Addendum, version 1.5, dated 3 March 2017, satisfies all of the security functional requirements stated in the Avaya VSP Security Target. Three validators, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by Acumen Security. The evaluation was completed 10 March 2017. Results of the evaluation can be found in the Common Criteria NDcPP Assurance Activity Report for Avaya Virtual Services Platforms version 1.7 prepared by Acumen Security.

Environmental Strengths

The Avaya Virtual Service Platform (VSP 4000, VSP 7000, VSP 8000) TOE implements the following security functions:

Cryptographic Support - The TOE provides cryptographic support to protect communication with the management web browser, the management SSH client, the audit server, and the AAA server. It also provides secure software update.

Identification and Authentication - The TOE provides authentication services for administrative users to connect to the TOEs administrator interfaces (local CLI, remote CLI, and remote GUI).  The TOE requires Authorized Administrators to authenticate prior to being granted access to any of the management functionality.  In the Common Criteria evaluated configuration, the TOE is configured to require a minimum password length of 15 characters.  The TOE provides administrator authentication against a local user database.  Password-based authentication can be performed on any TOE administrative interface either locally or via an AAA server.

Security Management - The TOE provides secure administrative services for management of general TOE configuration and the security functionality provided by the TOE. Management can take place over a variety of interfaces including: Local console command line administration at each of the appliances; Remote command line administration via SSHv2 at each appliance; and Remote GUI administration via HTTPS/TLS. The TOE supports the configuration of login banners to be displayed at time of login and inactivity timeouts to terminate administrative sessions after a set period of inactivity.

Protection of the TSF - The TOE protects against interference and tampering by untrusted subjects by implementing identification, authentication, and access controls to limit configuration to Administrators.  The TOE prevents reading of cryptographic keys and passwords. The TOE internally maintains the date and time.  This date and time is used as the timestamp that is applied to audit records generated by the TOE.  Administrators can update the TOE’s clock manually, or can configure the TOE to use NTP to synchronize the TOE’s clock with an external time source.  Finally, the TOE performs testing to verify correct operation of the security appliances themselves. The TOE verifies all software updates via digital signature (2048-bit RSA/SHA-256) and requires administrative intervention prior to the software updates being installed on the TOE to avoid the installation of unauthorized software.

TOE Access - The TOE can terminate inactive sessions after an Authorized Administrator configurable time period. Once a session has been terminated the TOE requires the user to re-authenticate to establish a new session. The TOE can also display an Authorized Administrator specified banner on both the CLI and GUI management interfaces prior to allowing any administrative access to the TOE.

Trusted Path/Channels - The TOE supports several types of secure communications, including, Trusted paths with remote administrators over SSH, Trusted paths with remote administrators over TLS/HTTPS, and Trusted channels with remote IT environment audit servers over SSH. Trusted channels with remote IT environment AAA servers over IPsec.

Vendor Information

Avaya, Inc.
Mark Hankel
Site Map              Contact Us              Home