NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Fidelis Network and Fidelis Deception v9.3.3

Certificate Date:  2021.04.15

Validation Report Number:  CCEVS-VR-VID11128-2021

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.2e

CC Testing Lab:  Leidos Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

Fidelis Network and Deception monitors network traffic for malicious content coming into the network (intrusion) and for sensitive and secure data leaving the network (extrusion). It operates continuously, observing network traffic as it is perceived on the attached networks. Traffic observed by a Fidelis Network sensor is reassembled into sessions, protocols and applications are identified, and contents are analyzed in order to determine if they contain inappropriate data, based on configured policy rules. When inappropriate content is identified, the sensor takes action as defined by the rule that was triggered, such as alert, prevent, throttle, quarantine, reroute, or whitelist. A rule may invoke several actions for a single violation.

The focus of the evaluation was on functionality meeting the requirements specified in collaborative Protection Profile for Network Devices, Version 2.2e, including: protection of communications between TOE components and between the TOE and trusted external IT entities; identification and authentication of administrators; auditing of security-relevant events; verification of the source and integrity of updates to the TOE; and use of approved cryptographic mechanisms.

Evaluated Configuration

The Fidelis Network and Deception Target of Evaluation (TOE) is a combination of the following Fidelis components in a distributed deployment:

·         Fidelis Network v9.3.3 CommandPost management console

·         Fidelis Network Collector v9.3.3

·         Fidelis Network Sensor component v9.3.3

·         Fidelis Sandbox appliance v9.3.3

·         Decoy Server appliance v9.3.3.

The CommandPost, Collector, Sensor, and Decoy Server components are outlined in the following table:


Appliance Models (Revision J)

Virtual Models


CommandPost appliance

CommandPost VM


Collector SA2

Collector XA2

Collector XA4

Collector Controller 2

Collector Controller 10G

Collector SA VM


Direct 50

Direct 100

Direct 250

Direct 500

Direct 1000

Direct 2500

Direct 5000

Direct 10G

Direct VM


Internal 1000

Internal 2500

Internal 5000

Internal 10G

Internal VM



Web VM


Mail 250

Mail 500

Mail 1000

Mail 5000

Mail VM 250

Mail VM 500

Mail VM 1000

Mail VM 5000

Decoy Server

Decoy Server



Decoy Server VM

The Sandbox component is available in a single appliance form factor.

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the TOE was judged are described in Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is Common Methodology for Information Technology Security Evaluation, Version 3.1 revision 5. The product, when delivered and configured as described in the guidance documentation, satisfies all of the security functional requirements stated in the Fidelis Network v9.3.3 Security Target. The project underwent CCEVS validation team review. The evaluation was completed in March 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

Security Audit

The TOE generates audit records of security relevant events. Generated audit records include the date and time of the event, the event type, the subject identity and the outcome of the event. For audit events resulting from the actions of identified users, the identity of the user is recorded in the generated audit record. The TOE can be configured to store audit records locally on the CommandPost appliance so they can be accessed by an administrator and can also be configured to export the audit records to an external audit server.

Cryptographic Support

The TOE is operated in FIPS mode and includes an OpenSSL cryptographic module with CAVP approved algorithms. The module provides key management, random bit generation, encryption/decryption, digital signature and cryptographic hashing and keyed-hash message authentication features in support of higher level cryptographic protocols, including TLS and HTTPs.


The TOE is deployed as a distributed configuration. Initial configuration for each of the appliances is performed by directly attaching a keyboard and monitor to the appliance. The System Setup is used to set network parameters and certificate files. After initial configuration and connection of each appliance to the network, the administrator adds each appliance to CommandPost to register them. After registration, CommandPost communicates to each newly registered appliance at its configured IP address using TLS.

Identification and Authentication

The TOE requires users (i.e., administrators) to be successfully identified and authenticated before they can access any security management functions available in the TOE. Administrators manage the TOE remotely using the CommandPost web-based GUI accessed via HTTPS or locally using the CLI by a directly connected USB keyboard and a monitor to the appliance VGA connector. The TOE supports the local (i.e., on device) definition of administrators with usernames and passwords on all of the TOE components. Additionally, the TOE can be configured to authenticate remote administrators to use the services of trusted LDAP servers in the operational environment..

The TOE can detect when a configurable number of failed remote authentication attempts has been made. When the configured number of unsuccessful authentication attempts has been reached, the remote administrator is locked out until a local administrator resets the password. If all remote administrators are locked out, the CommandPost can be accessed by the default admin account, thus preventing any condition where no administrator access is available.

The TOE supports the local (i.e., on device) definition of administrators with usernames and passwords. Passwords can be composed of any combination of upper and lower case letters, numbers, and the following special characters: “!”, “@”, “#”, “$”, “%”, “^”, “&”, “*”, “(“, “)”, blank space, “~”, “`”, “_”, “+”, “-“, “=”, “{“, “}”, “|”, “[“, “]”, “:”, “;”, “<”, “>”, and “/”. The administrator can configure a minimum password length, which can be set to any length from 1 to 999 characters including 15.

Security Management

Administrators manage the TOE remotely using the CommandPost web-based GUI accessed via HTTPS or locally through the Command Line Interface using a keyboard and a monitor directly connected  to the appliance’s VGA connector.

The TOE also provides the ability to manage the TOE locally using the CLI by directly attaching a keyboard and monitor to the appliance. However, the TOE is designed to be managed using the CommandPost GUI from a remote HTTPS/TLS client. Following the initial configuration, all changes should be performed by an authorized user from CommandPost. The TOE provides the System Administrator role which corresponds to the [CPP_ND_V2.2E] Security Administrator.

Protection of the TSF

In the distributed deployment, the TOE protects communication between its components using HTTPS/TLS.

The TOE protects sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. The TOE includes a hardware-based real-time clock that in conjunction with an NTP server in the operational environment ensures that reliable time information is available (e.g., for log accountability).

The TOE includes a suite of power on self-tests that confirm the integrity of the TOE software and demonstrate correct operation of the TOE at start up.

The TOE verifies the integrity of updates to the TOE’s software and firmware prior to installation by calculating a cryptographic hash of the update and allowing the administrator to confirm its correctness against a hash value published by Fidelis.

TOE Access

The TOE can be configured to display an administrator-defined advisory banner before establishing an administrative user session and to terminate both local and remote interactive sessions after a configurable period of inactivity. It also provides users the capability to terminate their own interactive sessions.

Trusted Path/Channels

The TOE protects interactive communication with remote administrators using HTTPS.

The TOE uses TLS v1.2 to protect communications with the following external IT entities: audit server; authentication server; Fidelis Insight Server.

Vendor Information

Fidelis Cybersecurity Inc.
Anubhav Arora
Site Map              Contact Us              Home