NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Cisco Adaptive Security Appliances and ASA Virtual Version 9.6

Certificate Date:  2017.04.04

Validation Report Number:  CCEVS-VR-VID10759-2017

Product Type:    Firewall
   Virtual Private Network

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Stateful Traffic Filter Firewalls Version 1.0
  collaborative Protection Profile for Network Devices Version 1.0
  Extended Package for VPN Gateways Version 2.0

CC Testing Lab:  Gossamer Security Solutions


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The Cisco Adaptive Security Appliances TOE is a purpose-built, firewall platform with VPN capabilities.  The Cisco Adaptive Security Appliances Virtual running on UCS platform (TOE) is also a firewall platform with VPN capabilities. 


Evaluated Configuration

The Cisco Adaptive Security Appliances TOE is a purpose-built, firewall platform with VPN capabilities.  The Cisco Adaptive Security Appliances Virtual running on UCS platform (TOE) is also a firewall platform with VPN capabilities.

The evaluated configuration consists of the following devices:

·         ASA 5500 Series (5506-X, 5506H-X, 5506W-X, 5508-X, 5516-X) and (5512-X, 5515-X, 5525-X, 5545-X, 5555-X)

·         ASA 5585 Series (5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40, 5585-X SSP-60)

·         ASA Services Module (ASA-SM)[1]

·         ASAv running on ESXi 5.5 or 6.0 on the Unified Computing System (UCS) B22 M3, B200 M3, B200 M4, B230 M2, B260 M4, B420 M3, B420 M4, B440 M2, B460 M4, C22 M3, C24 M3, C220 M3, C220 M4, C240 M3, C240 M4, C260 M2, C420 M3, C460 M2, and C460 M4

·         ASAv running on ESXi 5.5 or 6.0 on the E140S M1, E140S M2, E140D M1, E160D M2, E160D  M1, E180D M2, E140DP M1, E160DP M1 installed on ISR[2]



[1] ASA-SM on Catalyst 6500 Series switches including 6503-E, 6504-E, 6509-E, and 6513-E in the operational environment.

[2] ISR is in the operational environment. Please see table 6 in section 1.3 for UCS-E and ISR compatibility.


Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 4, July 2012.  The product, when delivered and configured as identified in the Cisco Adaptive Security Appliance (ASA) 9.6 Preparative Procedures & Operational User Guide for the Common Criteria Certified configuration, Version 1.0, March 28, 2017 document, satisfies all of the security functional requirements stated in the Cisco Adaptive Security Appliances and ASA Virtual 9.6 Security Target, Version 1.0, March 27, 2017.  The project underwent CCEVS Validator review.  The evaluation was completed in March 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10759-2017) prepared by CCEVS.


Environmental Strengths

The logical boundaries of the Cisco Adaptive Security Appliances and ASA Virtual 9.6 are realized in the security functions that it implements. Each of these security functions is summarized below.

Security Audit

The TOE provides extensive auditing capabilities. The TOE can audit events related to cryptographic functionality, identification and authentication, and administrative actions.  The TOE generates an audit record for each auditable event.  The administrator configures auditable events, performs back-up operations, and manages audit data storage.  The TOE provides the administrator with a circular audit trail or a configurable audit trail threshold to track the storage capacity of the audit trail.  Audit logs are backed up over an encrypted channel to an external audit server.

Cryptographic Support

The TOE provides cryptography in support of other TOE security functionality.  The TOE provides cryptography in support of secure connections using IPsec and TLS, and remote administrative management via SSHv2 over IPsec, and TLS/HTTPS. The cryptographic random bit generators (RBGs) are seeded by an entropy noise source.

Full Residual Information Protection

The TOE ensures that all information flows from the TOE do not contain residual information from previous traffic.  Packets are padded with zeros.  Residual data is never transmitted from the TOE.

Identification and Authentication

The TOE performs two types of authentication: device-level authentication of the remote device (VPN peers) and user authentication for the authorized administrator of the TOE.  Device-level authentication allows the TOE to establish a secure channel with a trusted peer.  The secure channel is established only after each device authenticates the other.  Device-level authentication is performed via IKE/IPsec X509v3 certificate based authentication or pre-shared key methods.

The TOE provides authentication services for administrative users wishing to connect to the TOEs secure CLI and GUI administrator interfaces.  The TOE requires authorized administrators to authenticate prior to being granted access to any of the management functionality.  The TOE can be configured to require a minimum password length of 15 characters as well as mandatory password complexity rules. The TOE also implements a lockout mechanism if the number of configured unsuccessful threshold has been exceeded.  

The TOE provides administrator authentication against a local user database.  Password-based authentication can be performed on the serial console and HTTPS interfaces. The TOE optionally supports use of any RADIUS AAA server (part of the IT Environment) for authentication of administrative users attempting to connect to the TOE.

Security Management

The TOE provides secure administrative services for management of general TOE configuration and the security functionality provided by the TOE.  All TOE administration occurs either through a secure SSHv2 over IPsec or TLS/HTTPS session, or via a local console connection.  The TOE provides the ability to securely manage all TOE administrative users; all identification and authentication; all audit functionality of the TOE; all TOE cryptographic functionality; the timestamps maintained by the TOE; TOE configuration file storage and retrieval, and the information flow control policies enforced by the TOE including encryption/decryption of information flows for VPNs.  The TOE supports an “authorized administrator” role, which equates to any account authenticated to an administrative interface (CLI or GUI, but not VPN), and possessing sufficient privileges to perform security-relevant administrative actions.

When an administrative session is initially established, the TOE displays an administrator- configurable warning banner.  This is used to provide any information deemed necessary by the administrator.  After a configurable period of inactivity, administrative sessions will be terminated, requiring administrators to re-authenticate. 

Protection of the TSF

The TOE protects against interference and tampering by untrusted subjects by implementing identification, authentication, and access controls to limit configuration to authorized administrators.  The TOE prevents reading of cryptographic keys and passwords. 

Additionally TOE is not a general-purpose operating system and access to the TOE memory space is restricted to only TOE functions.

The TOE internally maintains the date and time.  This date and time is used as the timestamp that is applied to audit records generated by the TOE.  Administrators can update the TOE’s clock manually, or can configure the TOE to use NTP to synchronize the TOE’s clock with an external time source.  Additionally, the TOE performs testing to verify correct operation of the appliance itself and that of the cryptographic module. Whenever any system failures occur within the TOE the TOE will cease operation.

TOE Access

When an administrative session is initially established, the TOE displays an administrator- configurable warning banner.  This is used to provide any information deemed necessary by the administrator.  After a configurable period of inactivity, administrator and VPN client sessions will be terminated, requiring re-authentication. The TOE also supports direct connections from VPN clients, and protects against threats related to those client connections. The TOE disconnects sessions that have been idle too long, and can be configured to deny sessions based on IP, time, and day, and to NAT external IPs of connecting VPN clients to internal network addresses.

Trusted Path/Channels

The TOE supports establishing trusted paths between itself and remote administrators using SSHv2 over IPsec for CLI access, and TLS/HTTPS for GUI/ASDM access.  The TOE supports use of TLS and/or IPsec for connections with remote syslog servers.  The TOE can use IPsec to encrypt connections with remote authentication servers (e.g. RADIUS).  The TOE can establish trusted paths of peer-to-peer VPN tunnels using IPsec, and VPN client tunnels using IPsec or TLS. Note that the VPN client is in the operational environment.


Vendor Information

Logo
Cisco Systems, Inc.
Alicia Squires
410-309-4862
N/A
certteam@cisco.com

www.cisco.com
Site Map              Contact Us              Home