NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Bivio 6310-NC

Certificate Date:  2018.04.25

Validation Report Number:  CCEVS-VR-VID10873-2018

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 1.0

CC Testing Lab:  UL Verification Services Inc. (Formerly InfoGard)

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The TOE is classified as a Network Device (a generic infrastructure device that can be connected to a network).

The Bivio 6310-NC device can be used to run a variety of applications for processing network data. There are many such applications, both commercial and open source. It is out of scope for this certification process to include all these applications for evaluation, so a standard application factory-installed to all Bivio 6310-NC devices as part of the base BiviOS will be provided.  This application provides the following non-evaluated functionality:

-          Inspects packets, and will either drop them or forward them based on configuration.

-          Uses the default mechanisms for packet handling, and represents other packet processing applications that a customer may choose to install.

TOE’s are identified with a part number in the format consisting of the following:

  • B6310-NC-C(1,2,3,5,6)M(1,2,3,4,5)D(1,2,3,4,5,6)N(1,2,3,4)
    • This chassis is the “standard” product chassis
  • B6310R-NC-C(5,6)M(1,2,3)D(1,2,3,4,5,6)N(1,2,4) 
    • This chassis is a shorter, ruggedized chassis
  • PacStar 451 
    • This chassis does not have configuration options, and will always use the “C4” processor specification (defined below)

The naming conventions specified above reference the following hardware:

Table 1: Available TOE Hardware Configuration

Part Number


Options with C1

Dual Intel Xeon Gold 6148, 2.4 GHz w/ 27Mb Cache

Options with C2

Dual Intel Xeon Platinum 8180, 2.5 GHz w/ 38Mb Cache

Options with C3

Dual Intel Xeon Silver 4110, 2.1 GHz w/ 11Mb Cache

Options with C4

Intel Xeon E3-1515Mv5, 2.8 GHz w/ 8Mb Cache

Options with C5

Dual Intel Xeon Gold 6138, 2.0 GHz w/27Mb Cache

Options with C6

Dual Intel Xeon Gold 6152, 2.1 GHz w/30Mb Cache

Part Number

Installed RAM

Options with M1

256GB DDR4-2666 memory

Options with M2

512GB DDR4-2666 memory

Options with M3

384GB DDR4-2666 memory

Options with M4

768GB DDR4-2666 memory

Options with M5

1536GB DDR4-2666 memory

Part Number

Installed Storage

Options with D1

2x 1TB SSD storage

Options with D2

2x 2TB SSD storage

Options with D3

4x 2TB SSD storage

Options with D4

8x 2TB SSD storage

Options with D5

4x 3.8TB SSD storage

Options with D6

8x 3.8TB SSD storage

Part Number

Installed NIC Interfaces

Options with N1

2x 10GbE Fiber interfaces and 4x 1GbE Copper interfaces

Options with N2

4x 10GbE Fiber interfaces and 4x 1GbE Copper interfaces

Options with N3

6x 10GbE Fiber interfaces and 2x 1GbE Copper interfaces

Note: All CPUs utilized in the platforms of the TOE are ‘Intel Xeon Skylake’ processors


Running the following software:

·         BiviOS 8.3.1 (Build 201704241036)


The guidance documentation is also part of the TOE. A list of the guidance documents can be found in Table 12 of the Security Target.


The TOE’s operational environment must provide the following services to support the secure operation of the TOE:

·         Local Console

·         Syslog Server

·         An SSHv2 Client

·         A TLSv1.2 client

Evaluated Configuration

Functional testing of the TOE was performed on the 6310-NC-C1M3D2N2 platform with BiviOS Version 8.3.1 (Build 201704241036) installed and configured as per the CC Preparative and Administrative Guidance documentation provided as part of the TOE. Platform equivalency claims provided by Bivio were evaluated by the CCTL and included in the Test Report. The evaluated TOE consists of the platforms listed in Table 1 above, running BiviOS Version 8.3.1 (Build 201704241036) software.

The Operational Environment included the following components to support the secure operation of the TOE:

·         Local Console

·         Syslog Server

·         An SSHv2 Client

·         A TLSv1.2 Client

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Bivio 6310-NC was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The TOE, when installed and configured per the instructions provided in the preparative and administrative guidance, satisfies all the security functional requirements stated in the Bivio 6310-NC Security Target. The evaluation underwent CCEVS Validator review. The evaluation was completed in April of 2018.

Environmental Strengths


·         The TOE will audit all events and information defined in Table 7: Auditable Events of the Security Target.

·         The TOE will also include the identity of the user that caused the event (if applicable), date and time of the event, type of event, and the outcome of the event.

·         The TOE protects storage of audit information from unauthorized deletion.

·         The TOE prevents unauthorized modifications to the stored audit records.

·         The TOE can transmit audit data to an external IT entity using SSH protocol.

Cryptographic Operations

The TSF performs the following cryptographic operations:

For TLS:

·         AES-128 in CBC mode for data ciphering, using SHA-1 hashing and RSA key exchange.

·         AES-256 in GCM mode for data ciphering, using SHA-384 hashing and ECDHE key exchange.

For SSH:

·         AES-128 or AES-256 in CBC mode, HMAC-SHA2-256 or HMAC-SHA2-512 hashing and DH key exchange.

·         Public key authentication via SSH-RSA, using HMAC-SHA1 hashing.

The TSF zeroes all plaintext secret and private cryptographic keys and CSPs once they are no longer required.

Identification and Authentication

·         The TSF supports passwords consisting of alphanumeric and special characters. The TSF also allows administrators to set a minimum password length and support passwords with 15 characters or more.

·         The TSF requires all administrative-users to authenticate before allowing the user to perform any actions other than:

o    Viewing the warning banner

o    Responding to ICMP echo requests

o    Responding to ARP requests with ARP replies

o    Responding to DNS requests

Security Management

·         The TSF stores and protects the following data:

o    Syslog data, user account data, and local authentication data (such as administrator passwords).

o    Cryptographic keys including pre-shared keys, symmetric keys, and private keys.

·         There are two classes of users on the TOE:

o    First, the Admin user. The Admin user has full control over the TOE and can create other users (for instance, multiple administrative users) and control their level of access to the TOE.

o    Second, any administrator-created non-administrative user accounts. This would be a highly unusual configuration, as in most cases there is no reason to create a non-administrator account for the TOE. The TOE does not offer any functionality that requires users to authenticate other than to perform administration of the TOE.

·         Management of the TSF:

o    The administrator can perform manual updates, determine the behavior of or modify the behavior of the handling of audit data, modify the behavior of the TSF, enable or disable services offered by the TOE, determine the behavior of or modify the behavior of audit functionality when local audit storage is full, manage TSF data, modify or delete or generate or import cryptographic keys, configure the access banner, and configure the session inactivity timeout period.

o    The administrator may perform these functions locally or remotely using the trusted path provided by SSH and defined in FTP_TRP.1.

Protection of the TSF

·         The TSF protects TSF data from disclosure when the data is transmitted between different parts of the TOE.

·         The TSF prevents the reading of secret and private keys.

·         The TOE provides reliable time stamps for itself.

·         The TOE runs a suite of self-tests during the initial start-up (upon power on) to demonstrate the correction operation of the TSF.

·         The TOE provides a means to verify firmware/software updates to the TOE using a published hash prior to installing those updates.

TOE Access

·         The TOE, for local interactive sessions, will terminate the session after an Authorized Administrator-specified period of session inactivity.

·         The TOE terminates a remote interactive session after an Authorized Administrator-configurable period of session inactivity.

·         The TOE allows Administrator-initiated termination of the Administrator’s own interactive session.

·         Before establishing an administrative user session, the TOE is capable of displaying an Authorized Administrator-specified advisory notice and consent warning message regarding unauthorized use of the TOE.

Trusted Path/Channels

·         The TOE uses SSH to provide a trusted communication channel between itself and all authorized IT entities that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data.

·         The TOE permits the TSF, or the authorized IT entities, to initiate communication via the trusted channel.

·         The TOE uses SSH or TLS to provide a trusted communication path between itself and authorized administrative users that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data.

·         The TOE permits remote administrators to initiate communication via the trusted path.

·         The TOE requires the use of the trusted path for initial administrator authentication and all remote administration actions.

Vendor Information

Bivio Networks, Inc.
Greg Kopchinski
Site Map              Contact Us              Home