NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Galleon Embedded Computing XSR and G1 Software Encryption Layer

Certificate Date:  2022.07.28

Validation Report Number:  CCEVS-VR-VID11273-2022

Product Type:    Encrypted Storage

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Full Drive Encryption - Authorization Acquisition Version 2.0 + Errata 20190201
  collaborative Protection Profile for Full Drive Encryption - Encryption Engine Version 2.0 + Errata 20190201

CC Testing Lab:  Gossamer Security Solutions


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]


Product Description

The XSR and G1 (hereafter referred to as the Products) can act in multiple different capacities (Network Attached Storage [NAS], data recorder, general server, etc.) and allow for encryption of the Removable Data Module (RDM) attached to the system.  The XSR model supports encryption of one RDM (at a time), up to 4 internal SSDs, and its internal, non-removable mSATA SSD.  The G1 model also supports encryption of one RDM (at a time) and up to 2 internal SSDs.  Both securely encrypt all user data stored within either model.

The Products run the Red Hat Enterprise Linux (RHEL) Release 8.4 operating system.  The Products provide a software-based Full Disk Encryption (FDE) of the removable drive within each RDM.  In addition to the software-based FDE layer, the TOE also provides a hardware-based Full Drive Encryption (FDE) layer to encrypt the drive within each RDM.  The hardware-based FDE layer is addressed in a separate evaluation.

The TOE, whether operating as a NAS or a more general server, supports encrypting the data of additional software running on the TOE’s operating system.  The TOE might include software to support protocols including CIFS and NFS or might include the vendor’s data recording software or even include customer provided software applications.  The RHEL administrator can enable, disable, or install additional (accessing the system directly) desired protocols and software applications to support their use-case and application.


Evaluated Configuration


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance.  The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.  The product, when delivered and configured as identified in the Galleon SW Encryption Layer Certifiable Encryption, Version 1.0.7, July 14, 2022 document, satisfies all of the security functional requirements stated in the Galleon Embedded Computing XSR and G1 Software Encryption Layer Security Target, Version 1.5, July 14, 2022.  The project underwent CCEVS Validator review.  The evaluation was completed in July 2022.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11273-2022) prepared by CCEVS.


Environmental Strengths

The logical boundaries of the Embedded Computing XSR and G1 Software Encryption Layer are realized in the security functions that it implements. Each of these security functions is summarized below.

Cryptographic support:

The TOE includes cryptographic functionality for key management, user authentication, and block-based encryption including: symmetric key generation, encryption/decryption, cryptographic hashing, keyed-hash message authentication, and password-based key derivation. These functions are supported with suitable random bit generation, key derivation, salt generation, initialization vector generation, secure key storage, and key destruction. These primitive cryptographic functions are used to encrypt Data-At-Rest (including the generation and protection of keys and key encryption keys) used by the TOE.

User data protection:

The TOE performs Full Drive Encryption on all partitions on the drive (so that no plaintext exists) and does so without user intervention.

Security management:

The TOE provides each of the required management services to manage the full drive encryption using a command line interface.

Protection of the TSF:

The TOE implements a number of features to protect itself to ensure the reliability and integrity of its security features. It protects key and key material and includes functions to perform self-tests and software/firmware integrity checking so that it might detect when it is failing or may be corrupt.  If any of the self-tests fail, the TOE will not go into an operational mode.


Vendor Information


Galleon Embedded Computing
Hugh Tarver
44 7501 378664
htarver@galleonec.com

www.galleonec.com
Site Map              Contact Us              Home