CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide 

Administrative Guide 

Administrative Guide 

Administrative Guide 

The TOE supports (sometimes optionally) secure connectivity with several other IT environment devices as described below.

Table 1 IT Environment Components

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Kemp LoadMaster was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the AGD “Configuring LoadMaster for Common Criteria Conformance v0.2”, satisfies all the security functional requirements stated in the Kemp LoadMaster Security v0.8. The project underwent CCEVS Validator review.  The evaluation was completed in January 2023.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

The TOE provides the security functionality required by [NDcPP].

·       Security Audit

·       Cryptographic Support

·       Identification and Authentication

·       Security Management

·       Protection of the TSF

·       TOE Access

·       Trusted Path/Channels

These features are described in more detail in the subsections below. 

1.1.1     Security Audit

The TOE generates audit records for security relevant events. The audit events are associated with the administrator or processes. The audit records are transmitted over TLS to an external audit server.

1.1.2     Cryptographic Support

The TOE provides following cryptographic services described below.

Table 2 Cryptographic Services

Each of these cryptographic algorithms have been validated for conformance to the requirements specified in their respective standards, as identified below.

Table 3 CAVP Algorithm Testing References

1.1.3     Identification and Authentication

The TOE provides password-based and X.509 certificate-based logon mechanisms. This password-based mechanism encores minimum length requirements. The TOE also validates and authenticates X.509 certificates when they are used to identify a remote TLS server or an administrator logging into the TOE.

1.1.4     Security Management

The TOE provides management capabilities via a Web-based GUI, accessed over HTTPS. Management functions allow the administrators to configure the system, install updates, and manage users.

1.1.5     Protection of the TSF

The TOE prevents the reading of plaintext passwords and keys. The TOE provides a reliable timestamp for its own use. The reliable timestamp can be set by a security administrator or authenticated NTP. To protect the integrity of its security functions, the TOE implements a suite of self-tests at startup and halts or disables affected functionality if a self-test fails. The TOE ensures that updates to the TOE are authenticated by verifying a digital signature prior to installing any update.

1.1.6     TOE access

The TOE monitors local and remote administrative sessions for inactivity and either locks or terminates the session when a threshold time period is reached. An advisory notice is displayed at the start of each session.

1.1.7     Trusted Path/Channels

The TOE initiates a TLS trusted channel with a syslog server and LDAP authentication server (as configured).

The TOE is a TLS/HTTPS server that allows remote administrators to establish a trusted path with the TOE.

Vendor Information