NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - FireEye NX Series Appliances v9.0

Certificate Date:  2021.05.27

Validation Report Number:  CCEVS-VR-VID11130-2021

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.2e

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The TOE is comprised of twelve models of the FireEye NX Series Appliances as shown below.

 

NX1500

NX2500

NX2550

Network Monitoring Ports

4x 10/100/1000 BASE-T Ports

4x 1GigE Bypass

4x 10GigE SFP+

4x 1GigE Bypass

Management Ports

2x 10/100/1000 BASE- T Ports

2x 10/100/1000 BASE-T Ports

2x 1GigE

Storage

500 GB disk

1 TB disk

2x 4TB disk / 4TB virtual disk RAID 1

Enclosure

Desktop

1 Rack Unit

1 Rack Unit

Processor

Intel Atom C2558 (Slivermont)

Intel Xeon D-1531 (Broadwell)

Intel Xeon E3-1240 v6 (Kaby Lake)

TOE Type

Stand-alone physical network device

Stand-alone physical network device

Stand-alone physical network device

Table 2 NX HW Series Appliances (1)

 

NX3500

NX4500

NX5500

NX6500

Network Monitoring Ports

4x 10GigE SFP+

4x 1GigE Bypass

8x 10GigE SFP+

4x 1GigE Bypass

8x 10GigE SFP+

4x 1GigE Bypass

8x 10GigE SFP+

2x 40GigE QSFP+

Management Ports

2x 1GigE

2x 1GigE

2x 1GigE

2x 1GigE

Storage

2x 4TB disk / 4TB virtual disk RAID 1

2x 4TB disk / 4TB virtual disk RAID 1

2x 4TB disk / 4TB virtual disk RAID 1

2 10 TB disk / 10 TB virtual disk RAID 1

Enclosure

2 Rack Units

2 Rack Units

2 Rack Units

2 Rack Units

Processor

Intel Xeon E5-2620 v4 (Broadwell)

Intel Xeon E5-2620 v4 (Broadwell)

Intel Xeon E5-2683 v4 (Broadwell)

Intel Xeon Platinum 8168 (Skylake)

TOE Type

Stand-alone physical network device

Stand-alone physical network device

Stand-alone physical network device

Stand-alone physical network device

Table 3 NX HW Series Appliances (2)

 

NX1500V

NX2500V

NX2550V

Network Monitoring Ports

8x 1GigE interfaces

8x 1GigE interfaces

8x 1GigE interfaces

Management Ports

2x 1GigE interfaces

2x 1GigE interfaces

2x 1GigE interfaces

CPU Cores

3

6

8

Memory

10 GB

16 GB

16 GB

Storage

384 GB disk

384 GB disk

384 GB disk

Processor

Intel Xeon E5-4620 v4 (Broadwell)

Intel Xeon E5-4620 v4 (Broadwell)

Intel Xeon E5-4620 v4 (Broadwell)

Environment

VMware vSphere ESXi 6.7

VMware vSphere ESXi 6.7

VMware vSphere ESXi 6.7

TOE Type

Stand-alone virtual network device

Stand-alone virtual network device

Stand-alone virtual network device

Table 4 NX Virtual Series Appliances (1)

 

NX4500V

NX6500V

Network Monitoring Ports

8x 1GigE interfaces

8x 1GigE interfaces

Management Ports

2x 1GigE interfaces

2x 1GigE interfaces

CPU Cores

8

16

Memory

32 GB

64 GB

Storage

512 GB disk

512 GB disk

Processor

Intel Xeon E5-4620 v4 (Broadwell)

Intel Xeon E5-4620 v4 (Broadwell)

Environment

VMware vSphere ESXi 6.7

VMware vSphere ESXi 6.7

TOE Type

Stand-alone virtual network device

Stand-alone virtual network device

Table 5 NX Virtual Series Appliances (2)

The TOE is a hardware and software solution that is comprised of the security appliance models described in the above tables. The TOE guidance documentation that is considered to be part of the TOE is the FireEye NX Series Appliances v9.0 Common Criteria Guidance Addendum document and is downloadable from the FireEye website.

The network on which the TOE resides is considered part of the environment. The software is pre-installed and is comprised of only the software versions identified above. Software updates are downloadable from the FireEye website. A login ID and password are required to download a software update.


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the FireEye NX Series Appliances v9.0 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  The product, when delivered configured as identified in the FireEye NX Series Appliances v9.0 Common Criteria Guidance Addendum, satisfies all of the security functional requirements stated in the FireEye NX Series Appliances v9.0 Common Criteria Security Target. The project underwent CCEVS Validator review. The evaluation was completed in May 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.


Environmental Strengths

  • Protected Communications. The TOE protects the integrity and confidentiality of communications as follows:

o   TLS connectivity with the following entities:

§  Audit Server

§  Management Web Browser

o   SSH connectivity with the following entities:

§  Management SSH Client

  • Secure Administration. The TOE enables secure local and remote management of its security functions, including:

o   Local console CLI administration

o   Remote CLI administration via SSHv2

o   Remote GUI administration via HTTPS/TLS

o   Administrator authentication using a local database

o   Timed user lockout after multiple failed authentication attempts

o   Password complexity enforcement

o   Role Based Access Control - the TOE supports several types of administrative user roles. Collectively these sub-roles comprise the “Security Administrator”

o   Configurable banners to be displayed at login

o   Timeouts to terminate administrative sessions after a set period of inactivity

o   Protection of secret keys and passwords

  • Trusted Update. The TOE ensures the authenticity and integrity of software updates through digital signatures and requires administrative intervention prior to the software updates being installed.
  • Security Audit. The TOE keeps local and remote audit records of security relevant events. The TOE internally maintains the date and time which can be set manually or using authenticated NTP.
  • Self-Test. The TOE performs a suite of self-tests to ensure the correct operation and enforcement of its security functions.
  • Cryptographic Operations. The TOE provides cryptographic support for the services described in the ST. The related CAVP validation details are provided in the ST.

Vendor Information


FireEye, Inc.
Steve Lanser
408-321-6300
certifications@fireeye.com

www.fireeye.com
Site Map              Contact Us              Home