NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Fidelis Network v9.0.3

Certificate Date:  2018.08.27

Validation Report Number:  CCEVS-VR-VID10884-2018

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.0 + Errata 20180314

CC Testing Lab:  Leidos Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

Fidelis Network monitors network traffic for malicious content coming into the network (intrusion) and for sensitive and secure data leaving the network (extrusion). It operates continuously, observing network traffic as it is perceived on the attached networks. Traffic observed by a Fidelis Network sensor is reassembled into sessions, protocols and applications are identified, and contents are analyzed in order to determine if they contain inappropriate data, based on configured policy rules. When inappropriate content is identified, the sensor takes action as defined by the rule that was triggered, such as alert, prevent, throttle, quarantine, reroute, or whitelist. A rule may invoke several actions for a single violation.

The focus of the evaluation was on functionality meeting the requirements specified in collaborative Protection Profile for Network Devices, Version 2.0+Errata 20180314, including: protection of communications between TOE components and between the TOE and trusted external IT entities; identification and authentication of administrators; auditing of security-relevant events; verification of the source and integrity of updates to the TOE; and use of approved cryptographic mechanisms.

Evaluated Configuration

The Fidelis Network Target of Evaluation (TOE) is a combination of the following Fidelis Network components in a distributed deployment:

·         Fidelis Network v9.0.3 K2 management console component

·         Fidelis Network v9.0.3 Collector component

·         Fidelis Network v9.0.3 Sensor component

·         Fidelis Network v9.0.3 Sandbox component.

The K2, Collector and Sensor components are available in various form factors, as outlined in the following table:


Appliance Models

Virtual Models


K2 appliance



Collector SA2

Collector XA2

Collector XA4

Collector Controller 2

Collector Controller 10G

Collector SA VM


Direct 50

Direct 100

Direct 250

Direct 500

Direct 1000

Direct 2500

Direct 5000

Direct 10G

Direct VM


Internal 1000

Internal 2500

Internal 5000

Internal 10G

Internal VM



Web VM


Mail 250

Mail 500

Mail 1000

Mail VM 250

Mail VM 500

Mail VM 1000

The Sandbox component is available in a single appliance form factor.

Two further form factors combine three virtual models in a single hardware appliance:

  • Fidelis XPS Scout+ AP v9.0.3 (includes a K2 VM, a Direct 1000 VM, and a Collector SA VM in one box)
  • Fidelis XPS Scout+ IR v9.0.3 (includes a K2 VM, a Direct 1000 VM, and a Collector SA VM in one box).

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the TOE was judged are described in Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4. The evaluation methodology used by the evaluation team to conduct the evaluation is Common Methodology for Information Technology Security Evaluation, Version 3.1 revision 4. The product, when delivered and configured as described in the guidance documentation, satisfies all of the security functional requirements stated in the Fidelis Network v9.0.3 Security Target. The project underwent CCEVS validation team review. The evaluation was completed in August 2018. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

Security Audit

The TOE generates audit records of security relevant events. Generated audit records include the date and time of the event, the event type, the subject identity and the outcome of the event. For audit events resulting from the actions of identified users, the identity of the user is recorded in the generated audit record. The TOE can be configured to store audit records locally on the K2 appliance so they can be accessed by an administrator and can also be configured to export the audit records to an external audit server.

Cryptographic Support

The TOE implements NIST-validated cryptographic algorithms that provide key management, random bit generation, encryption/decryption, digital signature and cryptographic hashing and keyed-hash message authentication features in support of higher level cryptographic protocols, including TLS and HTTPS.


The TOE is deployed as a distributed configuration. Initial configuration for each of the appliances is performed by directly attaching a keyboard and monitor to the appliance. The System Setup is used to set network parameters and certificate files. After initial configuration and connection of each appliance to the network, the administrator adds each appliance to K2 to register them. After registration, K2 communicates to each newly registered appliance at its configured IP address using TLS.

Identification and Authentication

The TOE requires all users (i.e., administrators) to be successfully identified and authenticated in order to access the TOE via its user interfaces. Users can be defined locally within the TOE with a user identity, password, and user role. Alternatively, users can be defined in an external LDAP directory configured to be used by the TOE. Locally defined users are authenticated directly by the TOE, while remotely defined users are authenticated by the external LDAP server and the result is enforced by the TOE.

The TOE can detect when a configurable number of failed remote authentication attempts has been made. When the configured number of unsuccessful authentication attempts has been reached, the remote administrator is locked out until a local administrator resets the password. If all remote administrators are locked out, administrator access is still available via the local console, thus preventing any condition where no administrator access is available.

The TOE supports the local (i.e., on device) definition of administrators with usernames and passwords. Passwords can be composed of any combination of upper and lower case letters, numbers, and the following special characters: “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, “)”, blank space, “~”, “`”, “_”, “+”, “-“, “=”, “{“, “}”, “|”, “[“, “]”, “:”, “;”, “<”, “>”, and “/”. The administrator can configure a minimum password length, which can be set to 15 or higher (the TOE supports passwords of lengths from 1 to 999 characters).

Security Management

Administrators manage the TOE remotely using the K2 web-based GUI accessed via HTTPS or locally through the Command Line Interface using a directly connected console. The evaluation covered the following specific management functions:

·         Configuring the TOE access banner

·         Configuring cryptographic functionality

·         Setting the date and time

·         Configuring the reference identifier for an external peer

·         Verifying the integrity of a TOE update using the hash comparison capability prior to installing the update

·         Updating the TOE

·         Configuring authentication failure management

·         Configuring session inactivity time-out before session termination

·         Re-enabling a disabled administrator account.

Protection of the TSF

In the distributed deployment, the TOE protects communication between its components using mutually authenticated TLS.

The TOE protects sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. The TOE includes a hardware-based real-time clock that in conjunction with an NTP server in the operational environment ensures that reliable time information is available (e.g., for log accountability).

The TOE includes a suite of power on self-tests that confirm the integrity of the TOE software and demonstrate correct operation of the TOE at start up.

The TOE verifies the integrity of updates to the TOE’s software and firmware prior to installation by calculating a cryptographic hash of the update and allowing the administrator to confirm its correctness against a hash value published by Fidelis.

TOE Access

The TOE can be configured to display an administrator-defined advisory banner before establishing an administrative user session and to terminate both local and remote interactive sessions after a configurable period of inactivity. It also provides users the capability to terminate their own interactive sessions.

Trusted Path/Channels

The TOE protects interactive communication with remote administrators using HTTPS.

The TOE uses TLS v1.2 to protect communications with the following external IT entities: audit server; authentication server; Fidelis Insight Server.

Vendor Information

Fidelis Cybersecurity
Gerald Mancini
Site Map              Contact Us              Home