NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Brocade Communication Systems, Inc. Directors and Switches operating with Fabric OS version 8.1.0

Certificate Date:  2017.06.30

Validation Report Number:  CCEVS-VR-VID10797-2017

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 1.0

CC Testing Lab:  Gossamer Security Solutions

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Target of Evaluation (TOE) is the Brocade Directors and Switches running Fabric OS v8.1.0.  The various models of the TOE identified below differ in performance, form factor and number of ports, but all run the same Fabric OS version 8.1.0 software. The TOE is available in two form factors: 

1.       a rack-mount Director chassis with a variable number of replaceable modules or ‘blades’, and

2.       a self-contained network switching appliance device

Brocade Directors and Switches are hardware appliances that create a “SAN”. SANs enable connectivity between machines in the environment containing a type of network card called a Fibre Channel Host Bus Adapter (HBA) that are located in the environment and storage devices such as disk storage systems and tape libraries that are also located in the environment. The network connection between the storage devices in the environment, the TOE, and HBAs in the environment use high-speed network hardware. SANs are optimized to transfer large blocks of data between HBAs and storage devices.  SANs can be used to replace or supplement server-attached storage solutions, for example.

HBAs communicate with the TOE using FC or FC over IP (FCIP) protocols. Storage devices in turn are physically connected to the TOE using cabling connected to FC/FCIP interfaces. When more than one instance of the TOE is interconnected (i.e. installed and configured to work together), they are referred to collectively as a “SAN fabric”. A zone is a specified group of fabric-connected devices (called zone members) that have access to one another.

Evaluated Configuration

The evaluated configuration consists of the following devices:

·         Gen 5 Directors and Switches

·         Director Blade[1] Models: FC16-32, FC16-48, FC16-64, CP8, CR16-4, CR16-8, FX8-24,

·         Director Models: DCX 8510-4 and DCX 8510-8

·         Switch Appliance Models: 6510, 6520 and 7840

·         Gen 6 Directors and Switches

·         Director Blade Models: FC32-48, CPX6, CR32-4, CR32-8 and SX6

·         Director Models: X6-4 and X6-8

·         Switch Appliance Model: G620


[1]  A blade refers to a purpose-built component that is installed in a Brocade director.

Security Evaluation Summary

The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 4, July 2012.  Gossamer Security Solutions determined that the evaluation assurance level (EAL) for the TOE is EAL 1.  The product, when delivered and configured as identified in the Brocade Configuration Guide Fabric OS Common Criteria Supporting Fabric OS 8.1.0b, March 31, 2017 document, satisfies all of the security functional requirements stated in the Brocade Communications Systems, Inc. Directors and Switches 8.1.0 using Fabric OS v8.1 (NDcPP10) Security Target, Version 0.3, June 1, 2017.  The project underwent CCEVS Validator review.  The evaluation was completed in June 2017.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10797-2017) prepared by CCEVS.

Environmental Strengths

The logical boundaries of the Brocade Directors and Switches are realized in the security functions that it implements. Each of these security functions is summarized below.

Security Audit:

The TOE generates audit events for numerous activities including policy enforcement, system management and authentication. A syslog server in the environment is relied on to store audit records generated by the TOE.  The TOE generates a complete audit record including the IP address of the TOE, the event details, and the time the event occurred.  The time stamp is provided by the TOE appliance hardware. When the syslog server writes the audit record to the audit trail, it applies its own time stamp, placing the entire TOE-generated syslog protocol message contents into an encapsulating syslog record.

Cryptographic support:

The TOE contains FIPS-certified cryptographic implementations that provide key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level cryptographic protocols including SSH and TLS.

User data protection:

While implementing SAN and HBA protocols, the TOE is carefully designed to ensure that it doesn’t inadvertently release or leak residual data. When the TOE allocates a new buffer for either an incoming or outgoing network packet, the new packet data will be used to overwrite any previous data in the buffer. If an allocated buffer exceeds the size of the packet, and additional space will be overwritten (padded) with zeros before the packet is forwarded (either to an external network of HBA or written to a storage device) on both Ethernet and FC connections.

Identification and authentication:

The TOE authenticates administrative users. In order for an administrative user to access the TOE, a user account including a user name and password must be created for the user, and an administrative role must be assigned. The TOE performs the validation of the login credentials and the TOE enforces the decision. 

Security management:

The TOE provides serial terminal (command line) and Ethernet network-based (command-line and web) management interfaces. Each of the three types of interfaces provides equivalent management functionality. The TOE provides administrative interfaces to configure hard zoning, as well as to set and reset administrator passwords. By default, HBAs do not have access to storage devices.

Protection of the TSF:

The TOE implements a number of features designed to protect itself to ensure the reliability and integrity of its security features.

It protects particularly sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for log accountability).

Note that the TOE is a single appliance, and as such, no intra-TOE communication is subject to any risks that may require special protection (e.g., cryptographic mechanisms).

The TOE includes functions to perform self-tests so that it might detect when it is failing. It also includes mechanisms (i.e., verification of the digital signature of each new image) so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE.

TOE access:

The TOE can be configured to display a message of the day banner when an administrator establishes an interactive session and subsequently will enforce an administrator-defined inactivity timeout value after which the inactive session (local or remote) will be terminated. 

Trusted path/channels:

The TOE enforces a trusted path between the TOE administrators and the TOE using SSH and TLS/HTTPS connections for Ethernet connections from the Administrator terminal to the TOE. The TOE encrypts commands sent from terminal applications by administrators using SSH for the command line interface and TLS/HTTPS for the Advanced Web Tools GUI interface.

Vendor Information

Brocade Communication Systems, Inc.
Hamid Sobouti
Site Map              Contact Us              Home