Compliant Product - Junos OS 18.3R1-S1 for MX240, MX480, MX960, MX2010, MX2020, EX9204, EX9208 and EX9214 with MPC7E-10G/Ex9200-40XS
Certificate Date: 2019.10.01CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID10988-2019
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.1
Extended Package for MACsec Ethernet Encryption Version 1.2
CC Testing Lab: Acumen Security
The Target of Evaluation (TOE) is Juniper Networks, Inc. Junos OS 18.3R1-S1 executing on MX-Series 3D Universal Edge Routers and EX9200-Series Ethernet Switch with MACsec Line Cards. The supported chassis are:
The supported next generation Routing Engines employed by the MX-Series Router and EX9200-Series Ethernet Switch are:
· RE-S-X6-64G and RE-S-X6-128G for MX240, MX480 andMX960
· EX9200-RE2 for EX9204, EX9208 and EX9214
· REMX2K-X8-64G and REMX2K-X8-128G for MX2010 and MX2020
The line cards containing the MACsec module, which are required for deployment in the TOE, are:
· MPC7E-10G in the MX-Series Router
· EX9200-40XS in the EX-Series Router
Each of the MX-Series/EX9200-Series appliances is a secure network device that protects itself largely by offering only a minimal logical interface to the network and attached nodes. All MX-Series/EX9200-Series platforms are powered by the Junos OS firmware, Junos OS 18.3R1-S1, which is a special purpose OS that provides no general purpose computing capability. Junos OS provides both management and control functions as well as all IP routing.
The MX-Series/EX9200-Series appliances primarily support the definition of, and enforce, information flow policies among network nodes. All information flow from one network node to another passes through an instance of the TOE. Information flow is controlled on the basis of network node addresses and protocol. In support of the information flow security functions, the TOE ensures that security-relevant activity is audited, and provides the security tools to manage all of the security functions.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Junos OS 18.3R1-S1 for MX240, MX480, MX960, MX2010, MX2020, EX9204, EX9208 and EX9214 with MPC7E-10G/Ex9200-40XS is evaluated as described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. Acumen Security determined that the evaluation is a collaborative Protection Profile for Network Devices (NDcPP) Version 2.1 and Network Device collaborative Protection Profile (NDcPP) Extended Package MACsec Ethernet Encryption (MACSECEP) Version 1.2. The product, when delivered configured as identified in the Operational User Guidance and Preparative Procedures, satisfies all of the security functional requirements stated in the Security Target. The project underwent CCEVS Validator review. The evaluation was completed in September 2019. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The logical boundary of the TOE includes those security functions implemented exclusively by the TOE.
Juniper Networks, Inc.