CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

The TOE is comprised of four models of the FireEye EX Series Appliances as shown below.

Table 1 EX Series Appliances

Table 2 EX Series Appliances

The TOE is a hardware and software solution that is comprised of the security appliance models described above. The TOE guidance documentation that is considered to be part of the TOE is the FireEye EX Series Appliances v9.0 Common Criteria Guidance Addendum document and is downloadable from the FireEye website.

The following figure provides a visual depiction of an example of a typical TOE deployment.

The network on which the TOE resides is considered part of the environment. The software is pre-installed and is comprised of only the software versions identified above. In addition, software updates are downloadable from the FireEye website. A login ID and password is required to download the software update.

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the FireEye EX Series Appliances v9.0 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  The product, when delivered configured as identified in the FireEye EX Series Appliances v9.0 Common Criteria Guidance Addendum, satisfies all of the security functional requirements stated in the FireEye EX Series Appliances v9.0 Common Criteria Security Target. The project underwent CCEVS Validator review.  The evaluation was completed in May 2021.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

• Protected Communications. The TOE protects the integrity and confidentiality of communications as follows:

o   TLS connectivity with the following entities:

§  Audit Server

§  Email Server

§  Management Web Browser

o   SSH connectivity with the following entities:

§  Management SSH Client

• Secure Administration. The TOE enables secure local and remote management of its security functions, including:

o   Local console CLI administration

o   Remote CLI administration via SSHv2

o   Remote GUI administration via HTTPS/TLS

o   Administrator authentication using a local database

o   Timed user lockout after multiple failed authentication attempts

o   Password complexity enforcement

o   Role Based Access Control - the TOE supports several types of administrative user roles. Collectively these sub-roles comprise the “Security Administrator”

o   Configurable banners to be displayed at login

o   Timeouts to terminate administrative sessions after a set period of inactivity

o   Protection of secret keys and passwords

• Trusted Update. The TOE ensures the authenticity and integrity of software updates through digital signatures and requires administrative intervention prior to the software updates being installed.
• Security Audit. The TOE keeps local and remote audit records of security relevant events. The TOE internally maintains the date and time which can be set manually or using authenticated NTP.
• Self-Test. The TOE performs a suite of self-tests to ensure the correct operation and enforcement of its security functions.
• Cryptographic Operations. The TOE provides cryptographic support for the services described in the ST.

Vendor Information