CC Certificate 

Security Target 

Validation Report 

Assurance Activity 

Administrative Guide: Common Criteria Operational Guidance 

Administrative Guide: NIAP Configuration Parameters 

The Architecture Technology Corporation Machete Router is a ruggedized, compact, secure and high-performance router that also provides VPN gateway functionality. The functions of Machete are implemented in a software suite called ATCorp Routing and Encryption Suite (ARES).

The evaluated configuration consists of the following hardware running ARES v2.0:

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance.  The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target.  The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.  The product, when delivered and configured as identified in the Machete Router Common Criteria Operational Guidance, Version 1.6, December 14, 2023, satisfies all of the security functional requirements stated in the Architecture Technology Corporation Machete Router Security Target, Version 0.6, November 29, 2023.  The project underwent CCEVS Validator review.  The evaluation was completed in January 2024.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11414-2023) prepared by CCEVS.

The logical boundaries of the Architecture Technology Corporation Machete Router are realized in the security functions that it implements. Each of these security functions is summarized below.

Security audit:

The TOE is capable of auditing all required events and information. Each audit record includes the identity of the user that caused the event (if applicable), date and time of the event, type of event, and the outcome of the event.

The TOE protects storage of audit information from modification or deletion. The TOE can transmit audit records to a remote syslog server using either SSH or IPsec.

Cryptographic support:

The TOE contains CAVP-tested cryptographic support that provides key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher-level cryptographic protocols including IPsec and SSH.

Identification and authentication:

The TOE supports passwords consisting of alphanumeric and special characters. The TSF also allows administrators to set a minimum password length of 6 to 100 characters.

The TOE requires all administrative users to authenticate before allowing the user to perform any actions other than:

·        Viewing the warning banner.

After an administrator-specified number of failed attempts, the user account is locked out. The TOE also protects, stores and allows authorized administrators to load X.509.v3 certificates for use to support authentication for IPsec connections.

Security management:

The TOE provides a custom CLI that allows users with the Security Administrator role to administer the TOE locally and remotely. This interface allows the Security Administrator to initiate manual updates, manage cryptographic keys, manage the TOE configuration, and configure audit data transmission.

Packet filtering:

The TOE provides extensive packet filtering capabilities for IPv4, IPv6, TCP, and UDP.  The authorized administrator can define packet filtering rules that apply to most every field within the identified packet types. The authorized administrator can define each rule to permit, deny, and log each decision.

Protection of the TSF:

The TOE prevents the reading of secret keys, private keys, and passwords.

The TOE maintains a local real-time clock to provide accurate timestamps. This clock can be periodically updated by synchronizing with an NTP server and/or manually set by a Security Administrator.

The TOE performs a suite of power-up self-tests that verify the correct operation of the entropy source, RAM, and cryptographic algorithms as well as the integrity of the firmware.

The TOE verifies the authenticity and integrity of all firmware updates using ECDSA signature verification. The TOE shuts down if any of these tests fail.

TOE access:

Before establishing an administrative session, the TOE displays an administrator configurable warning banner. The TOE locks inactive local administrative sessions and terminates inactive remote administrative sessions.

The TOE allows the administrator to configure restrictions on the establishment of client IPsec tunnels based on the client IP address, time of day, date, day of week, or day of month. The TOE assigns a private IP address (internal to the trusted network for which the TOE is the headend) to a VPN client upon successful establishment of a session.

Trusted path/channels:

The TOE supports either SSH or IPsec to provide a trusted communication channel between itself and all authorized IT entities that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from disclosure and detection of modification of the channel data. The TOE uses SSH or IPsec to provide the trusted path with remote administrative users as well.

Vendor Information