NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Alcatel-Lucent Enterprise OmniSwitch series 6465, 6560, 6860, 6865, 6900, 9900 with AOS 8.6.R11

Certificate Date:  2021.04.30

Validation Report Number:  CCEVS-VR-VID11069-2021

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.1

CC Testing Lab:  atsec information security corporation


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The Target of Evaluation (TOE) is Alcatel-Lucent Enterprise OmniSwitch series 6465, 6560, 6860, 6865, 6900, 9900 with AOS 8.6.R11.

The TOE is a network switch comprised of hardware and firmware. The firmware is Alcatel-Lucent Operating System (AOS) with the single purpose operating system that operates the management functions of all the Alcatel-Lucent Enterprise OmniSwitch switches.

The TOE provides Layer-2 switching, Layer-3 routing, and traffic filtering. Layer-2 switching analyzes incoming frames and makes forwarding decisions based on information contained in the frames. Layer-3 routing determines the next network point to which a packet should be forwarded toward its destination. Filtering controls network traffic by controlling whether packets are forwarded or blocked at the TOE’s interfaces.


Evaluated Configuration

The TOE hardware and firmware consists of the following families/series.

TOE Hardware Configurations Covered by the Evaluation

Family / Series

AOS Version

Main Processor

OmniSwitch6465 (OS6465)

AOS 8.6.9.R11

 

ARM Cortex-A9

 

OmniSwitch 6560 (OS6560

AOS 8.6.9.R11

ARM Cortex-A9

 

OmniSwitch 6860 (OS6860)

AOS 8.6.9.R11

ARM Cortex-A9

 

OmniSwitch 6865 (OS6865

AOS 8.6.9.R11

ARM Cortex-A9

 

OmniSwitch 6900 (OS6900)

AOS 8.6.9.R11

 

NXP MPC8572

NXP QorIQ P2040

Intel Atom C2538

OmniSwitch9900 (OS9900)

 

AOS 8.6.9.R11

 

Intel Atom C2518

 


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 R5. The evaluation methodology used by the evaluation team to conduct the evaluation was the Common Methodology for Information Technology Security Evaluation, Version 3.1, R5. The product, when delivered and configured as identified in the Preparation and Operations of Common Criteria Evaluated OmniSwitch Products (NDcPP), meets the requirements of the collaborative Protection Profile for Network Devices Version 2.1.

Alcatel-Lucent Enterprise OmniSwitch series 6465, 6560, 6860, 6865, 6900, 9900 with AOS 8.6.R11

Preparation and Operations of Common Criteria Evaluated OmniSwitch Products (NDcPP) document satisfies all of the security functional requirements stated in the Alcatel-Lucent Enterprise OmniSwitch series 6465, 6560, 6860, 6865, 6900, 9900 with AOS 8.6.R11 Security Target, version 3.1. The evaluation was subject to CCEVS Validator review. The evaluation was completed in April 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report number CCEVS-VR-VID11069-2021, prepared by CCEVS.


Environmental Strengths

Audit

The TOE generates audit records for events required by NDcPP. The audit records can be displayed on the serial console. The TOE writes audit records to a set of circular files stored in the systems flash memory. The TOE also provides the ability to send the audit records to an external syslog server using a secure channel.

Identification and Authentication

The TOE performs identification and authentication of TOE administrators as follows:

·         TOE administrators accessing (either locally or remotely) the CLI via a serial console or an SSH session.

·         TOE administrators accessing TOE storage using SFTP via an SSH session.

·         A SNMP Management Station accessing the TOE through the SNMP management interface.

The TOE provides the ability to lock out the administrators after a configurable number of unsuccessful attempts and terminate the logon session after a configurable period of inactivity.

The TOE supports the following identification and authentication mechanisms:

·         Identification and authentication performed by the TOE using credentials stored in the local file system.

·         Identification and authentication performed by the TOE using credentials stored in an LDAP server.

·         Identification and authentication performed by the external authentication server RADIUS.

Security Management

The security functions listed in the Security Target can be managed by authorized administrators through the management interfaces serial console, CLI, and SNMPv3.

TOE Security Functionality (TSF) Protection

The TOE protects itself by requiring administrators to identify and authenticate themselves prior to performing any actions and by defining the access allowed by each administrator.

The TOE uses the filesystem access control to protect access to sensitive data like cryptographic keys and credentials.

The TOE ensures that the TOE firmware updates are trusted by verifying the integrity of the updates.

The TOE implements self-tests to ensure the correct operation of cryptographic services.

The TOE provides a reliable date and time that is used for audit record timestamps, certificate verification and session timing.

Cryptographic Support

The TOE provides cryptographic services for secure communication channels, encryption of stored passwords, and verification of the integrity of the TOE firmware.

The TOE implements several cryptographic protocols that can be used to establish trusted channels to other IT entities.

The TOE provides cryptographic services via the following cryptographic modules.

·         OpenSSL

·         OpenSSH

TOE Access

      The TOE displays an administrator-configurable banner before the administrator successfully logs onto the TOE (either serial console, SSH, or SFTP).

Trusted Path/Channels

The TOE supports the use of the following cryptographic protocols that define a trusted channel between itself and external IT entities.

·         TLS (v1.1 and v1.2)

·         SSHv2


Vendor Information


ALE USA Inc.
Eric Tolliver
(818) 878-4816
eric.tolliver@al-enterprise.com

https://www.al-enterprise.com/
Site Map              Contact Us              Home