Compliant Product - Sierra Nevada Corporation Binary Armor SCADA Network Guard, with firmware version 2.1
Certificate Date: 2021.07.15CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11176-2021
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: Leidos Common Criteria Testing Laboratory
The Target of Evaluation (TOE) is Binary Armor SCADA Network Guard, with firmware version 2.1 provided by Sierra Nevada Corporation. The TOE is a network device offering CAVP certified cryptographic functions, security auditing, secure administration, trusted updates, self-tests, and secure connections with syslog server, protected using TLS.
The TOE consists of Binary Armor Hardware version 7000-SNC-01 and Binary Armor Firmware version 2.1. It is used to interface with Supervisory Control and Data Acquisition (SCADA) network systems for real-time monitoring purposes.
The TOE is intended for in-line installation between Programmable Logic Controllers (PLCs), remote terminal units, intelligent electronic devices or controllers and the WAN/LAN, to provide bi-directional security across all communication layers. It provides two, separate, physical interfaces: a “high” network interface card (NIC), typically connected to SCADA/ICS equipment; and a “low” NIC, typically connected to external systems such as Human Machine Interface. The TOE supports remote administration over the network (from either the high or low networks) and local administration through a directly networked workstation protected. The TOE’s administrative interface supports secure communication channels using HTTPS.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, September 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the guidance documentation, satisfies all of the security functional requirements stated in the Sierra Nevada Corporation Binary Armor SCADA Network Guard, with firmware version 2.1 Security Target. The evaluation was completed in July 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE generates security relevant audit records, stores them locally, and can be configured to forward them to a syslog server over TLS. The locally stored audit records are protected from unauthorized access.
The TOE includes FIPS-approved cryptographic libraries with CAVP certificates for their cryptographic algorithms. The TOE uses its cryptographic libraries for all HTTPS, TLS and certificate functionality. Cryptographic services include key management, random bit generation, symmetric encryption and decryption, digital signature, and secure hashing.
Identification and Authentication
The TOE requires users to be identified and authenticated before they can use functions mediated by the TOE, with the exception of reading the login banner, obtaining status, and requesting the TOE’s public key certificate. It provides the ability to both assign credentials (user password, enrollment for PKCS#11 token) and to authenticate users against these credentials. The TOE also provides X.509 certificate checking for its TLS connections. The password-based authentication will cause a lockout in the event of an excessive number of consecutive authentication failures.
The TOE provides a management interface that an administrator can access via a network port. To access the TOE locally, an administrator must directly network their workstation to the TOE using a crossover cable or through a network switch to which only the TOE and the workstation are connected. For remote access, the administrator uses the SNC Administration Tool application to access the TOE’s REST API. This API can also be accessed directly over HTTPS. The management interface is protected with TLS and limited to the authorized administrator.
Protection of the TSF
The TOE implements features designed to protect itself to ensure the reliability and integrity of its security features, including protection of sensitive data and provision of timing mechanisms to ensure that reliable time information is available for the TOE’s own use (e.g., for log accountability).
The TOE includes functions to perform self-tests so that it can detect when it is failing and transition to a secure, maintenance state. It also includes a mechanism to verify TOE updates to prevent malicious or other unexpected changes in the TOE.
The TOE displays a Security Administrator-specified advisory notice and consent warning message prior to establishing an administrative user session. The TOE terminates local and remote administrator interactive sessions after a Security Administrator-specified time period of inactivity. The TOE allows administrator-initiated termination of the administrator’s own interactive session.
The TOE provides trusted paths and channels for remote administrators and trusted IT entities. The TOE can be configured to send audit records to external syslog server(s) using TLS in real-time.
Sierra Nevada Corporation