Compliant Product - Compact Rugged Router, Series 1000 (CRR-1000), v1.0
Certificate Date: 2018.11.23CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID10910-2018
Product Type: Network Device
Virtual Private Network
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.0 + Errata 20180314
Extended Package for VPN Gateways Version 2.1
CC Testing Lab: UL Verification Services Inc. (Formerly InfoGard)
Architecture Technology Corporation (ATCorp) designed a router and VPN gateway for the National Security Agency/Central Security Service (NSA/CSS) Commercial Solutions for Classified (CSfC) Program. This VPN gateway device was built with the ATC Routing & Encryption Suite (ARES), an End User Device (EUD) VPN Client and a Cloud Server. The EUD VPN Client and Cloud Server were not evaluated.
The outer firewall implements a security barrier between the black network and the outer encryptor, which checks all IP packets coming in from the black network interface as well as from the outer encryptor, and accepts/rejects the packets according to the rules specified in a filtering table set up for the outer firewall.
The TOE is the Architecture Technology Corporation (ATCorp) router and VPN gateway. The appliance models are:
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. ATCorp Compact Rugged Router, Series 1000 was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The TOE, when installed and configured per the instructions provided in the preparative and administrative guidance, satisfies all of the security functional requirements stated in the ATCorp Compact Rugged Router, Series 1000 Security Target. The evaluation underwent CCEVS Validator review. The evaluation was completed in September 2018. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (CCEVS-VR-10910-2018, dated November 23, 2018), prepared by CCEVS, and the Assurance Activities Report (AAR) (18-3853-R-0020 V1.1).
The TOE will audit all events and information defined in Table 3 of the Security Target. The TOE will also include the identity of the user that caused the event (if applicable), date and time of the event, type of event, and the outcome of the event. The TOE can transmit audit data to an external IT entity using the Syslog over the IPsec protocol.
The TOE uses cryptographic algorithms and protocols to protect Syslog server communication, remote administrator sessions, test the TOE itself, and verify the integrity of updates to the TOE. The TSF overwrites all plaintext secret and private cryptographic keys and CSPs once they are no longer required.
User Data Protection
The TOE protects user data in transit by using IPsec VPN tunnels between itself and authorized endpoints or remote networks. The TOE permits VPN Mobility clients to connect and pass traffic into protected networks.
The TOE supports passwords consisting of alphanumeric and special characters. The TSF also allows administrators to set a minimum password length and support passwords with 15 characters or more.
The TOE can be administered via a local console port or remotely over IPsec. Both methods of administration present the user with a CLI. Authorized administrators are assigned the Security Administrator role when they login.
The TOE implements IPv4 and IPv6 packet filtering on TCP/UDP port numbers, source and destination IP addresses, time of day, and day of week. The TOE permits the administrator to configure the packet filtering rules to accept, deny, and/or log any packet matching the specified rule.
Protection of the TSF
The TOE protects itself by:
For local console sessions and remote IPsec sessions, the TSF terminates sessions after an administrator configured inactivity period. Before establishing an administrative user session, the TOE is capable of displaying a configurable advisory notice and consent warning message regarding unauthorized use of the TOE.
The TOE uses IPsec to provide a trusted communication channel with the Syslog server. The TOE permits remote administrators to connect using IPsec.
Architecture Technology Corporation