NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Bivio 6310-NC

Certificate Date:  2020.12.07

Validation Report Number:  CCEVS-VR-VID11106-2020

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.2e

CC Testing Lab:  UL Verification Services Inc. (Formerly InfoGard)

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Bivio 6310-NC (Target of Evaluation, or TOE) is a network device providing highly variable network functionality. It achieves this by leveraging RHEL8.2 to provide full hardware access to the networking applications, allowing them to address the high-performance hardware devices directly.

The Bivio 6310-NC device can be used to run a variety of applications for processing network data. There are many such applications, both commercial and open source. It is out of scope for this certification process to include all these applications for evaluation, so a standard application factory-installed to all Bivio 6310-NC devices as part of the base BiviOS will be provided. This application provides the following non-evaluated functionality:

·         Inspects packets and will either drop them or forward them based on configuration.

·         Uses the default mechanisms for packet handling and represents other packet processing applications that a customer may choose to install.

Models of the TOE are identified with a part number in the format:

1.       B6310-NC-C(x,y)M(1,2,3,4,5)D(1,2,3,4,5,6)N(1,2,3,4)

a.        This chassis is the “standard” product chassis.

2.       B6310R-NC-C(x,y)M(1,2,3)D(1,2,3,4,5,6)N(1,2,4) 

a.        This chassis is a shorter, ruggedized chassis

3.       PacStar 451 

a.        This chassis does not have configuration options and will always use the “C04” processor specification (defined below) and no others.

The first digit ‘x’ following ‘C’ is indicative of the processor family (0 – Broadwell, 1 – Skylake, 2 – Cascade Lake), and the second digit ‘y’ (following the digit ‘x’) is selected to match Bivio’s hardware model numbering.

The naming conventions specified above reference the following hardware: 

Table 1: Bivio 6310-NC Naming Convention

Part Number


Options with C11

Dual Intel Xeon Gold 6148, 2.4 GHz w/ 27Mb Cache

Options with C13

Dual Intel Xeon Silver 4110, 2.1 GHz w/ 11Mb Cache

Options with C15

Dual Intel Xeon Gold 6138, 2.0 GHz w/27Mb Cache

Options with C21

Dual Intel Xeon Silver 4215, 2.5Ghz with 11Mb cache

Options with C22

Dual Intel Xeon Silver 4214, 2.5Ghz with 11Mb cache

Options with C23

Dual Intel Xeon Silver 4208, 2.1Ghz with 11Mb cache

Options with C24

Dual Intel Xeon Gold 5222, 3.8Ghz with 16.5 Mb cache

Options with C25

Dual Intel Xeon Gold 6242, 2.8Ghz with 22Mb cache

Options with C26

Dual Intel Xeon Gold 6252, 2.5Ghz with 35.75Mb cache

Options with C04

Intel Xeon D 1541, 2.1Ghz with 12MB cache

Part Number

Installed RAM

Options with M1

256GB DDR4-2666 memory

Options with M2

512GB DDR4-2666 memory

Options with M3

384GB DDR4-2666 memory

Options with M4

768GB DDR4-2666 memory

Options with M5

1536GB DDR4-2666 memory

Part Number

Installed Storage

Options with D1

2x 1TB SSD storage

Options with D2

2x 2TB SSD storage

Options with D3

4x 2TB SSD storage

Options with D4

8x 2TB SSD storage

Options with D5

4x 3.8TB SSD storage

Options with D6

8x 3.8TB SSD storage

Part Number

Installed NIC Interfaces

Options with N1

2x 10GbE Fiber interfaces and 4x 1GbE Copper interfaces

Options with N2

4x 10GbE Fiber interfaces and 4x 1GbE Copper interfaces

Options with N3

6x 10GbE Fiber interfaces and 2x 1GbE Copper interfaces

Options with N4

4x 10GbE Fiber interfaces and 2x 1GbE Copper interfaces

All “M”, “D”, and “N” options are configuration options which do not affect validation, but are part of the model number.

Running the following software:

BiviOS 8.5.1 V: Version 8.5.1 (Build 202006181129) V: Version 8.5.1-104-bv (Patch 202009191230) V: Version 8.5.1-103-rh (Patch 202008311617)

The guidance documentation is also part of the TOE. A list of the guidance documents can be found in Table 12 of the [ST].

The TOE’s Operational Environment must provide the following services to support the secure operation of the TOE:

·         Local Console

·         Syslog Server

·         An SSHv2 Client

·         A TLSv1.2 client

Evaluated Configuration

The TOE was configured for evaluation per the provided Administrative Guidance, using all claimed TOE functionality, specifically management through SSH, Local console and TLS-enabled telnet and time synchronization using NTP, and remote syslog server as a remote audit storage.

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Bivio 6310-NC was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5. The TOE, when installed and configured per the instructions provided in the preparative and administrative guidance, satisfies all the security functional requirements stated in the Bivio 6310-NC Security Target. The evaluation underwent CCEVS Validator review. The evaluation was completed in December 2020.

Environmental Strengths


·         The TOE will audit all events and information defined in Table 4: Auditable Events of the Security Target

·         The TOE will also include the identity of the user that caused the event (if applicable), date and time of the event, type of event, and the outcome of the event.

·         The TOE protects storage of audit information from unauthorized deletion.

·         The TOE prevents unauthorized modifications to the stored audit records.

·         The TOE can transmit audit data to an external IT entity using SSH protocol.

Cryptographic Operations

The TSF performs the following cryptographic operations:

For TLS:

·         AES-128 in CBC mode for data ciphering, using SHA-1 hashing and RSA key exchange.

·         AES-256 in GCM mode for data ciphering, using SHA-384 hashing and ECDHE key exchange.

·         HMAC-SHA2-384 for keyed hash

For SSH:

·         AES-128 or AES-256 in CBC mode, HMAC-SHA2-256 or HMAC-SHA2-512 hashing and DH key exchange.

·         Public key authentication via SSH-RSA, RSA-SHA2-256 and RSA-SHA2-512 using HMAC-SHA1, HMAC-SHA2-256 and HMAC-SHA2-512 hashing algorithms.

·         The TOE supports NTP v4 (RFC 5905). For NTP, the TOE uses the Symmetric key Method to ensure authenticity and integrity; supporting SHA1, SHA 512 and SHA256 MACs.

·         TOE Random bit generation utilizes CTR_DRBG as defined by NIST SP 800-90A. This is not configurable, and there are no other cryptographic engines provided in the TOE.

·         To support SSH for trusted path and trusted channel, the TOE cryptographic module implements RSA key generation with key sizes of 2048-bits and finite-field cryptography with modulus sizes of 2048 bits (Diffie-Hellman Group14).

·         To support TLS, the TOE cryptographic module implements Elliptic-Curve key generation over NIST curve secp256r1 and RSA key generation using 2048-bit keys.

·         The TOE supports Trusted Update by allowing the administrator to download update files from Bivio. Any software installed on the TOE will become active immediately and is authenticated using a published hash. Trusted update uses SHA-256 hash function in its algorithm.

·         The TSF zeroizes all plaintext secret and private cryptographic keys and CSPs once they are no longer required.

Identification and Authentication

·         The TSF supports passwords consisting of alphanumeric and special characters. The TSF also allows administrators to set a minimum password length and support passwords with 9 characters or more.

·         The TSF requires all administrative users to authenticate before allowing the user to perform any actions other than:

o    Display the warning banner in accordance with FTA_TAB.1;

o    Responding to ICMP echo requests

o    Responding to ARP requests with ARP replies

o    Establishing TLS connection on TCP port 27777

o    Automated generation of cryptographic keys

Security Management

·         The TSF stores and protects the following data:

o    Syslog data, user account data, and local authentication data (such as administrator passwords).

o    Cryptographic keys including pre-shared keys, symmetric keys, and private keys.

·         There is one class of user on the TOE: The Admin user

o    The Admin user has full control over the TOE.

·         Management of the TSF:

o    The administrator can perform manual updates, determine the behavior of or modify the behavior of the handling of audit data, modify the behavior of the TSF, enable or disable services offered by the TOE, determine the behavior of or modify the behavior of audit functionality when local audit storage is full, manage TSF data, modify, delete, generate or import cryptographic keys, configure the access banner, and configure the session inactivity timeout period.

o    The administrator may perform these functions locally or remotely using the trusted path provided by SSH and defined in FTP_TRP.1.

Protection of the TSF

·         The TSF protects TSF data from disclosure when the data is transmitted between different parts of the TOE.

·         The TSF prevents the reading of secret and private keys.

·         The TOE provides reliable time stamps for itself.

·         The TOE runs a suite of self-tests during the initial start-up (upon power on) to demonstrate the correct operation of the TSF.

·         The TOE provides a means to verify firmware/software updates to the TOE using a published hash prior to installing those updates.

TOE Access

·         The TOE, for local interactive sessions, will terminate the session after an Authorized Administrator-specified period of session inactivity.

·         The TOE terminates a remote interactive session after an Authorized Administrator-configurable period of session inactivity.

·         The TOE allows Administrator-initiated termination of the Administrator’s own interactive session.

·     Before establishing an administrative user session, the TOE is capable of displaying an Authorized Administrator-specified advisory notice and consent warning message regarding unauthorized use of the TOE.

Trusted Path/Channels

·       The TOE uses SSH to provide a trusted communication channel between itself and all authorized IT entities that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data.

·         The TOE permits the TSF, or the authorized IT entities to initiate communication via the trusted channel.

·         The TOE permits remote administrators to initiate communication via the trusted path.

·         The TOE requires the use of the trusted path for initial administrator authentication and all remote administration actions.

Vendor Information

Bivio Networks, Inc.
Raj Srinivasan
Site Map              Contact Us              Home