Compliant Product - FortiWLM Wireless Manager 8.5
Certificate Date: 2021.11.22CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11179-2021
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: Acumen Security
Fortinet’s FortiWLM Wireless Manager 8.5 offers full management of Fortinet controllers and access points along with an extensive set of troubleshooting and reporting tools, all in a single pane of glass. The Wireless Manager offers the ability to see the status of your entire wireless network in one place, while also getting visibility into Spectrum, Wireless Intrusion, and other key wireless health statistics.
Table 1 TOE Models
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Fortinet FortiWLM Wireless Manager 8.5 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The product, when configured as identified in the Fortinet FortiWLM Wireless Manager 8.5 FIPS 140-2 and Common Criteria Technote, satisfies all of the security functional requirements stated in the Fortinet FortiWLM Wireless Manager 8.5 Security Target, v2.9. The project underwent CCEVS Validator review. The evaluation was completed in November 2021.Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE provides the following security functions:
a) Security Audit. The TOE generates logs of security relevant events. The TOE stores logs locally and is capable of sending log events to a remote audit server.
b) Cryptographic Support. The TOE implements cryptographic libraries and protocols in support of its functions. Relevant Cryptographic Algorithm Validation Program (CAVP) certificates are shown in Table 2.
c) Identification and Authentication. The TOE implements authentication mechanisms, authentication failure handling, password management and X.509 certificate validation services.
d) Security Management. The TOE restricts the ability to manage its functions to Security Administrators.
e) Protection of the TSF. The TOE protects cryptographic keys and administrator passwords, performs a suite of self-tests and ensures the authenticity and integrity of software updates through digital signatures.
f) TOE Access. The TOE implements session locking, session termination and displays access banners.
g) Trusted path/channels. The TOE protects the integrity and confidentiality of communications as noted in the Security Target.