Compliant Product - DataSoft RAP-117
Certificate Date: 2023.07.26CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11377-2023
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
PP-Module for Virtual Private Network (VPN) Gateways Version 1.2
PP-Module for Wireless Local Area Network (WLAN) Access System Version 1.0
CC Testing Lab: Gossamer Security Solutions
The Datasoft RAP-117 provides a small form factor Radio Access Point (RAP), which allows mobile and dismounted operators to perform Command and Control (or “C2”) related computing functions securely across existing tactical communications networks. With the ability to process the data communications for a variety of C2-related applications, the TOE is a subsystem that provides lightweight wireless connectivity (with support for multicast traffic) between commercial mobile computing platforms (i.e., smartphone, tablet, etc.) and the secure military radios at the tactical edge.
The evaluated configuration consists of the DataSoft RAP-117 (HW version 2.0 and FW version 2.2.0).
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the DataSoft RAP-117 WLAN Access System and IPsec VPN Gateway CC Configuration Guide, Version 1.2, July 25, 2023 document, satisfies all of the security functional requirements stated in the DataSoft RAP-117 Security Target, Version 1.4, July 25, 2023. The project underwent CCEVS Validator review. The evaluation was completed in July 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11377-2023) prepared by CCEVS.
The logical boundaries of the DataSoft RAP-117 are realized in the security functions that it implements. Each of these security functions is summarized below.
The TOE provides auditing capabilities to provide a secure and reliable way to trace all changes to the system. Any administrative configuration changes during provisioning and other auditable events are audited internally and then transmitted externally over a secure communication channel to an audit server. All audited events have the necessary details like timestamp, event log, event code, and identity of the party involved to provide a comprehensive audit trail.
The TOE provides cryptographic functions for secure administration access via SSH; for communications with VPN clients via IPsec; for wireless communication via WPA2/WPA3 and for communication to external systems such as audit log servers and RADIUS via IPsec. Functions include Key generation, key establishment, key distribution, key destruction, and cryptographic operations.
Identification and authentication:
The TOE provides secure connectivity between wireless clients via 802.1X authentication. The TOE supports certificate based authentication via external RADIUS server and supports SAE authentication via a local authentication mechanism. The TOE provides secure password-based and public key based authentication for remote administrators. The TOE also provides strong password requirements that the administrator can configure, including length, session timeout and password complexity. Consecutive unsuccessful attempts beyond a certain limit will result in locking of the user for a specified duration of time or until user unlock by another administrator.
TOE administrators manage the security functions of the TOE through a SSH CLI. Administration cannot be performed from a wireless client. The TOE also provides the ability to configure the session activity timeout of an administrator and to configure the TOE’s access banner.
The TOE provides packet filtering and secure IPsec tunneling. The tunnels can be established with trusted VPN peers and VPN Clients. More accurately, these tunnels are sets of security associations (SAs). The SAs define the protocols and algorithms to be applied to sensitive packets and specify the keying material to be used. SAs are unidirectional and are established per the ESP security protocol. An authorized administrator can define the traffic that needs to be protected via IPsec by configuring access lists (permit, deny, log) and applying these access lists to interfaces using crypto map sets.
Protection of the TSF:
The TOE provides image integrity verification to validate the authenticity of the images before loading them. Upon every boot up, power on self-tests are conducted to validate the integrity of the software components. If power-up self-tests fail, the TOE halts boot. The TOE also allows manual configuration of the TOE’s real time clock (RTC) by administrators. The TOE protects cryptographic keys and passwords from unauthorized access.
The TOE offers a login banner which provides the administrator to ability to display a custom warning/access policy message as per the organization needs. The TOE is capable of restricting wireless access based on time and day. The TOE provides the ability to configure an inactivity timeout which terminates the session beyond the inactivity period configured. An administrator can also terminate their own session.
The TOE communicates to external components in a secure manner using WPA2/WPA3 for wireless clients and using IPsec for VPN Clients, a RADIUS server, and a syslog server. The TOE also employs SSH to secure remote administrative sessions.