NIAP: Compliant Product
NIAP/CCEVS
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Ciena SAOS 10.7.1 on 3926, 3928, 3948, 5144, 5162, 5164, 5170, 5171, Large NFV Compute Server, and 8180 Service Aggregation Platforms

Certificate Date:  2024.03.12

Validation Report Number:  CCEVS-VR-VID11400-2024

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.2e

CC Testing Lab:  Acumen Security


CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide: CC Guidance Supplement [PDF]

Administrative Guide: 3948/513x/5144/516x/5170/811x Routers and Platforms Security SAOS 10.7.1 [PDF]

Administrative Guide: D-NFVI Installation [PDF]

Administrative Guide: 5162 Router Installation [PDF]


Product Description

The TOE is the Ciena SAOS 10.7.1 on 3926, 3928, 3948, 5144, 5162, 5164, 5170, 5171, Large NFV Compute Server, and 8180 Service Aggregation Platforms. It is a non-distributed, non-virtual network device which implements routing and switching functionalities for enterprise, mobility, and converged network architectures. In these architectures, the TOE can be deployed in the access, aggregation, or core of the network. The TOE uses a Linux based container architecture for its SAOS Network Operating System and includes the Ciena SAOS 10.7.1 operating system executed on the Ciena 3926, 3928, 3948, 5144, 5162, 5164, 5170, 5171, Large NFV Compute Server, and 8180 Service Aggregation Platforms.

The TOE implements the general functionality of a router/switch consistent with the collaborative Protection Profile for Network Devices v2.2E. The TOE implements controlled connectivity between two subnetworks and a management interface. All network traffic between the connected subnetworks is controlled by the TOE and the authorized administrators may manage the TOE using the management interface.

The variants of the TOE implement a different number of network ports for the interconnection of different subnetworks. The network ports are physically separate from the management ports and administrative access may not take place from the network interconnection ports.

The TOE does not protect the data flowing through itself. The TOE is only to be deployed in a secure data center and to only be physically accessible by trusted administrators. Administrators are trusted to operate the TOE in accordance with the security guidance at all times and not attempt to circumvent or suppress the security functions and mechanisms of the TOE.


Evaluated Configuration

The TOE is the Ciena SAOS 10.7.1software executed on the Ciena 3926, 3928, 3948, 5144, 5162, 5164, 5170, 5171, Large NFV Compute Server, and 8180 Service Aggregation Platforms summarized in Table 1.

                                                Table 1: TOE Hardware Platforms

Models/Platform

1G/10G SFP+

Processors

100G

Power Options

3926

6

4x1.5GHz ARM Cortex A53

--

AC, DC

3928

4

4x1.5 GHz ARM Cortex A53

--

AC, DC

3948

4

4x1.5 GHz ARM Cortex A53

--

AC, DC

5144

8

4x2GHz ARM Cortex A72

--

AC, DC

5164

32x[1G/10G/25G]

4x2GHz ARM Cortex A72

4x [100G/ 200G]

AC, DC

5162 

40

Intel XEON D1527, 4CORE

2

AC, DC

5170

4x 25G/10G/1G

and 36x 10G/1G

Intel XEON D1527, 4CORE

4xQSFP28

AC, DC

8180

--

Intel XEON D1527, 4CORE

32xQSFP28

FRU module options: 1xWLAi FRU and 4x100G CFP2-DCO

AC, DC

5171

4x 25G/10G/1G

and 36x 10G/1G

Intel XEON D1539, 8CORE

FRU module options:

2x QSFP28,

1x QSFP28 + 1x 100G CFP2-DCO,

2x 100G CFP2-DCO,

1x200G CFP2-DCO

AC, DC

Large NFV compute server (FRU)

--

Intel XEON D1548, 8CORE

--

--

 

The TOE is deployed in an environment that includes the IT components illustrated in the following figure. The Security Target should be reviewed for additional information on the environmental components.  The TOE itself is delivered as an appliance or an FRU with the software installed.

                                    Figure 1: TOE Boundary and Operational Environment


Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which the TOE was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5, April 2017.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5, April 2017.  The product, when delivered configured as identified in the Ciena SAOS 10.7.1 on 3926, 3928, 3948, 5144, 5162, 5164, 5170, 5171, Large NFV Compute Server, and 8180 Service Aggregation Platforms CC Guidance Supplement, v1.3, 11 March 2024, satisfies all of the security functional requirements stated in the Ciena 10.7.1 on 3926, 3928, 3948, 5144, 5162, 5164, 5170, 5171, Large NFV Compute Server, and 8180 Service Aggregation Platforms Security Target, v1.3, 11 March 2024. The project underwent CCEVS Validator review.  The evaluation was completed in March 2024.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11400-2024) prepared by CCEVS.


Environmental Strengths

Security Functions

The security functions constitute the logical scope of the TOE as summarized in this section.

Security Audit

The TOE implements extensive auditing capabilities to allow legitimate administrators to examine the events that have occurred. Audit records are generated for all auditable events, including the starting and stopping of the audit service and each auditable event stated in ST. The TOE stores audit records locally and may be configured to export them to an external audit server using syslog over TLS. Each audit record contains the date and time of event, type of event, subject identity, and any other event-related relevant data.

Cryptographic Support

The TOE includes the OpenSSL v3.0.8 library which implements cryptographic functions and protocols for trusted paths and trusted channels. Specifically, the TOE implements a SSH server and a TLS client for communication with trusted peer entities. Peer entity authentication for TLS is using X.509 public key certificates. Cryptographic algorithms are all Cryptographic Algorithm Validation Program (CAVP) validated. The validation certificate references are given in ST.

TLS v1.2 is used for protecting the transfer of syslog messages to an external Syslog server.

HTTPS over TLS is used for secure transfer of files to an external File Server.

SSH is used to protect the remote management of the TOE. Remote management of the TOE is using CLI over SSH.

Identification and Authentication

The TOE authenticates all users connecting to the management interfaces of the TOE. Authentication may take place over the console for local access or over SSH for remote access. Only upon successful authentication, given that the user is authorized for the role, is a user assigned to the role administrator and granted access to the management functions of the TOE. Local users authenticate to the TOE using a username and password. Remote users may also use SSH public-key authentication. A customizable warning banner is displayed at each authentication window.

The TOE uses X.509v3 certificates for peer entity authentication of TLS peers. The TSF determines the validity of the certificates by confirming the validity of the certificate chain and verifying that the certificate chain ends in a trusted Certificate Authority (CA). The TOE connects to an Online Certificate Status Protocol (OCSP) server using HTTP (unsecure) to confirm the revocation status of the certificates.

Security Management

The TOE allows local and remote management of its security functions. Local management is from a management workstation connected to the console or USB port of the TOE and the remote management is from a workstation connected to the TOE over SSHv2.

All management functions are implemented using the CLI and are only made available to authorized administrators upon successful identification and authentication. There are no other management interfaces than the CLI, i.e., the CLI implements each management function of the TOE.

The management functions the TOE implements include the ability to configure the access banner the TOE displays at each authentication window, the ability to configure the session inactivity timers, the ability to update the TOE software and to verify the authenticity of the updates, the ability to configure the authentication failure parameters, the ability to configure audit behavior, the ability to modify the behavior of the transmission of audit data to an external syslog server, the ability to manage the cryptographic keys, the ability to configure thresholds for SSH rekeying, the ability to set the time which is used for time-stamps, the ability to configure Network Time Protocol (NTP), the ability to manage the TOE's trust store and designate X509.v3 certificates as trust anchors, and the ability to import X.509v3 certificates to the TOE's trust store.

Protection of the TSF

The TOE protects all passwords, pre-shared keys, symmetric keys, and private keys from unauthorized disclosure. Pre-shared keys, symmetric keys, and private keys are stored encrypted. An exception is the SSH host keys which are required by the SSH Daemon when the SSH starts. The SSH Daemon is executed at the root privileges and the SSH host keys are only accessible with root privileges. No user of the TOE is granted root privileges. Passwords are stored as non-reversible hash values computed using SHA-512 using the Linux Pluggable Authentication Module (PAM) functions. The TOE maintains system time via its local hardware clock which is manually set by an administrator. The administrator may also configure the TOE to connect to an NTP server for time synchronization.

The TOE executes self-tests during initial start-up to ensure correct operation and enforcement of its security functions. An administrator can install software updates to the TOE and verify the authenticity of all updates prior to the installation.

Access to the TOE functions is only using the CLI from the management ports. The CLI cannot be invoked from the ports used for connecting the subnetworks across the TOE. Access to the CLI is only granted to authorized administrators upon successful authentication.

TOE Access

Prior to establishing an administration session with the TOE, an access banner is displayed to the user. The banner messaging is customizable but is typically used to warn the users of the consequences of attempted unauthorized access. The TOE will terminate an interactive session after a configurable time of session inactivity. A user may terminate his/her local and remote administrative sessions on will. Users may change their own passwords, but the TOE enforces minimum quality criteria for the passwords. The TOE also maintains a counter for consecutive failed authentication attempts for each user. If the counter value reaches an administrator-defined threshold, the TOE triggers protective measures to prevent password guessing attacks.

Trusted Path/Channels

The TOE implements trusted paths and trusted channels. The trusted path is a SSH connection between the TOE and the remote management workstation. The SSH client of the remote management workstation connects to the SSH Server implemented by the TOE. Upon successful connection establishment and authentication of the user, the remote administrator uses the CLI over SSH to manage the TOE.

For trusted channels, the TOE implements a TLS client used by the TOE to connect to the peer entities. The peer entities are a remote File server and the syslog server. Both systems are mandatory in the Operational Environment. The TOE also implements HTTPS over TLS for connecting to a remote file server. The TLS Client is only used for TLSv1.2 connections.


Vendor Information


Ciena Corporation
Kevin Meagher
410-865-8936
kmeagher@ciena.com

ciena.com
Site Map              Contact Us              Home