NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Juniper Junos OS 18.1R2 for QFX10002, QFX10008 and QFX10016

Certificate Date:  2019.01.28

Validation Report Number:  CCEVS-VR-VID10930-2019

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.0 + Errata 20180314

CC Testing Lab:  Acumen Security

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Target of Evaluation (TOE) is Juniper Networks, Inc. Junos OS 18.1R2 executing on QFX10K-Series Ethernet Switches.  The supported QFX10K-Series chassis are:

  • QFX10002
  • QFX10008
  • QFX10016 

Each of the Ethernet Switches is a secure network device that protects itself largely by offering only a minimal logical interface to the network and attached nodes. All switching platforms are powered by the Junos OS firmware, Junos OS 18.1R2, which is a special purpose OS that provides no general-purpose computing capability. Junos OS provides both management and control functions as well as IP switching. 

The Ethernet Switches primarily support the definition of, and enforce, information flow policies among network nodes.  All information flow from one network node to another passes through an instance of the TOE. Information flow is controlled based on network node addresses and protocol. In support of the information flow security functions, the TOE ensures that security relevant activity is audited, and provides the security tools to manage the security functions.

Evaluated Configuration

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Junos OS 18.1R2 for QFX10002, QFX10008 and QFX100016 was evaluated is described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4.  Acumen Security determined that the evaluation is a Collaborative Protection Profile for Network Devices, Version 2.0 + Errata 20180314 (NDcPPv2.0e).  The product, when delivered configured as identified in the Operational User Guidance and Preparative Procedures, satisfies all the security functional requirements stated in the Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in January 2019.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

The logical boundary of the TOE includes those security functions implemented exclusively by the TOE.

Protected Communications

The TOE provides an SSH server to support protected communications for administrators to establish secure sessions connections from external syslog servers. The TOE requires that applications exchanging information with it are successfully authenticated prior to any exchange (i.e. applications connecting over SSH). The TOE includes cryptographic modules that provide the underlying cryptographic services, including key management and protection of stored keys, algorithms, random bit generation and crypto-administration.  The cryptographic modules provide confidentiality and integrity services for authentication and for protecting communications with connecting applications.

Administrator Authentication

Administrative users must provide unique identification and authentication data before any administrative access to the system is granted. Authentication data entered and stored on the TOE is protected. The TOE can be configured to terminate interactive user sessions and to present an access banner with warning messages prior to authentication.

Correct Operation

The TOE provides for both cryptographic and non-cryptographic self-tests, and is capable of automated recovery from failure states. 

Trusted Update

The administrator can initiate update of the TOE firmware.  The integrity of any firmware updates is verified prior to installation of the updated firmware.


Junos auditable events are stored in the syslog files on the appliance, and can be transferred to an external log server (via Netconf over SSH). Auditable events include start-up and shutdown of the audit functions, authentication events, as well as the events listed in Table 4. Audit records include the date and time, event category, event type, username, and the outcome of the event (success or failure). Local syslog storage limits are configurable and are monitored. In the event of storage limits being reached the oldest logs will be overwritten.


The TOE provides a Security Administrator role that is responsible for:

  • the configuration and maintenance of cryptolographic elements related to the establishment of secure connections to and from the evaluated product;
  • the regular review of all audit data;
  • initiation of trusted update function;
  • all administrative tasks (e.g., creating the security policy).

The devices are managed through a Command Line Interface (CLI). The CLI is accessible through local (serial) console connection or remote administrative (SSH) session.

Vendor Information

Juniper Networks, Inc.
Tracy Pham
Site Map              Contact Us              Home