NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Bivio 6110-NC and 6120-NC

Certificate Date:  2017.08.28

Validation Report Number:  CCEVS-VR-VID10847-2017

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 1.0

CC Testing Lab:  UL Verification Services Inc. (Formerly InfoGard)

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The TOE is classified as a Network Device (a generic infrastructure device that can be connected to a network).
The Bivio 6110 device can be used to run a variety of applications for processing network data. There are many such applications, both commercial and open source. It is out of scope for this certification process to include all these applications for evaluation, so a standard application factory-installed to all Bivio 6110-NC devices as part of the base BiviOS will be provided.  This application inspects packets and will either drop them or forward them based on configuration. It uses the default mechanisms for packet handling and represents other packet processing applications that a customer may choose to install. It is left to the end customer to decide whether they want to pursue certification for applications other than the default BiviOS functionality.

The TOE consists of the following hardware:
•    B6110-NC-M1D1
•    B6110-NC-M1D2
•    B6110-NC-M1D3
•    B6110-NC-M2D1
•    B6110-NC-M2D2
•    B6110-NC-M2D3
•    B6110-NC-M3D1
•    B6110-NC-M3D2
•    B6110-NC-M3D3
•    B6120-NC-M1D1
•    B6120-NC-M1D2
•    B6120-NC-M1D3
•    B6120-NC-M2D1
•    B6120-NC-M2D2
•    B6120-NC-M2D3
•    B6120-NC-M3D1
•    B6120-NC-M3D2
•    B6120-NC-M3D3

Running the following software:
•    BiviOS 8.0.3

The guidance documentation is also part of the TOE. A list of the guidance documents can be found in Table 12 of the [ST].

The TOE’s operational environment must provide the following services to support the secure operation of the TOE:
•    Local Console
•    Syslog Server
•    An SSHv2 Client
•    A TLSv1.2 Client

Evaluated Configuration

Functional testing of the TOE was performed on the B6110-NC-M1D1 platform with Version 8.0.3 (Build 201704241036) installed and configured as per the CC Preparative and Administrative Guidance documentation provided as part of the TOE. Platform equivalency claims provided by Bivio were evaluated by the CCTL and included in the Test Report. The evaluated TOE consist of the following platforms running Version 8.0.3 (Build 201704241036) software:

•    B6110-NC-M1D1
•    B6110-NC-M1D2
•    B6110-NC-M1D3
•    B6110-NC-M2D1
•    B6110-NC-M2D2
•    B6110-NC-M2D3
•    B6110-NC-M3D1
•    B6110-NC-M3D2
•    B6110-NC-M3D3
•    B6120-NC-M1D1
•    B6120-NC-M1D2
•    B6120-NC-M1D3
•    B6120-NC-M2D1
•    B6120-NC-M2D2
•    B6120-NC-M2D3
•    B6120-NC-M3D1
•    B6120-NC-M3D2
•    B6120-NC-M3D3

The Operational Environment included the following components to support the secure operation of the TOE:
•    Local Console
•    Syslog Server
•    An SSHv2 Client
•    A TLSv1.2 Client

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Bivio 6110-NC and Bivio 6120-NC was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The TOE, when installed and configured per the instructions provided in the preparative and administrative guidance, satisfies all of the security functional requirements stated in the Bivio 6110-NC and 6120-NC Security Target. The evaluation underwent CCEVS Validator review. The evaluation was completed in August of 2017.

Environmental Strengths


•    The TOE will audit all events and information defined in Table 7: Auditable Events of the Security Target.
•    The TOE will also include the identity of the user that caused the event (if applicable), date and time of the event, type of event, and the outcome of the event.
•    The TOE protects storage of audit information from unauthorized deletion.
•    The TOE prevents unauthorized modifications to the stored audit records.
•    The TOE can transmit audit data to an external IT entity using SSH protocol.

Cryptographic Operations

The TSF performs the following cryptographic operations:
For TLS:
•    AES-128 in CBC mode for data ciphering, using SHA-1 hashing and RSA key exchange.
AES-256 in GCM mode for data ciphering, using SHA-384 hashing and ECDHE key exchange.
For SSH:
•    AES-128 or AES-256 in CBC mode, HMAC-SHA2-256 or HMAC-SHA2-512 hashing and DH key exchange.
•    Public key authentication via SSH-RSA, using HMAC-SHA1 hashing.
The TSF zeroizes all plaintext secret and private cryptographic keys and CSPs once they are no longer required.

Identification and Authentication

•    The TSF supports passwords consisting of alphanumeric and special characters. The TSF also allows administrators to set a minimum password length and support passwords with 15 characters or more.
•    The TSF requires all administrative-users to authenticate before allowing the user to perform any actions other than:
    o    Viewing the warning banner
    o    Responding to ICMP echo requests
    o    Responding to ARP requests with ARP replies
    o    Responding to DNS requests

Security Management

•    The TSF stores and protects the following data:
    o    Syslog data, user account data, and local authentication data (such as administrator passwords).
    o    Cryptographic keys including pre-shared keys, symmetric keys, and private keys.
•    There are two classes of users on the TOE:
    o    First, the Admin user. The Admin user has full control over the TOE and can create other users (for instance, multiple administrative users) and control their level of access to the TOE.
    o    Second, any administrator-created non-administrative user accounts. This would be a highly unusual configuration, as in most cases there is no reason to create a non-administrator account for the TOE. The TOE does not offer any functionality that requires users to authenticate other than to perform administration of the TOE.
•    Management of the TSF:
    o    The administrator can perform manual updates, determine the behavior of or modify the behavior of the handling of audit data, modify the behavior of the TSF, enable or disable services offered by the TOE, determine the behavior of or modify the behavior of audit functionality when local audit storage is full, manage TSF data, modify or delete or generate or import cryptographic keys, configure the access banner, and configure the session inactivity timeout period.
    o    The administrator may perform these functions locally or remotely using the trusted path provided by SSH and defined in FTP_TRP.1.

Protection of the TSF

•    The TSF protects TSF data from disclosure when the data is transmitted between different parts of the TOE.
•    The TSF prevents the reading of secret and private keys.
•    The TOE provides reliable time stamps for itself.
•    The TOE runs a suite of self-tests during the initial start-up (upon power on) to demonstrate the correction operation of the TSF.
•    The TOE provides a means to verify firmware/software updates to the TOE using a published hash prior to installing those updates.

TOE Access

•    The TOE, for local interactive sessions, will terminate the session after an Authorized Administrator-specified period of session inactivity.
•    The TOE terminates a remote interactive session after an Authorized Administrator-configurable period of session inactivity.
•    The TOE allows Administrator-initiated termination of the Administrator’s own interactive session.
•    Before establishing an administrative user session, the TOE is capable of displaying an Authorized Administrator-specified advisory notice and consent warning message regarding unauthorized use of the TOE.

Trusted Path/Channels

•    The TOE uses SSH to provide a trusted communication channel between itself and all authorized IT entities that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detect modification of the channel data.
•    The TOE permits the TSF, or the authorized IT entities, to initiate communication via the trusted channel.
•    The TOE uses SSH or TLS to provide a trusted communication path between itself and authorized administrative users that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data.
•    The TOE permits remote administrators to initiate communication via the trusted path.
•    The TOE requires the use of the trusted path for initial administrator authentication and all remote administration actions.

Vendor Information

Bivio Networks, Inc.
Greg Kopchinski
Site Map              Contact Us              Home