NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Adtran’s FSP 3000R7 Network Element r22.2.2

Certificate Date:  2024.03.28

Validation Report Number:  CCEVS-VR-VID11418-2024

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.2e

CC Testing Lab:  Booz Allen Hamilton Common Criteria Testing Laboratory

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Supplemental Administrative Guidance for Common Criteria [PDF]

Secure System Configuration Guide Fiber Service Platform 3000R7 [PDF]

Network Element Director Quick Start Guide, Fiber Service Platform 3000R7 [PDF]

Installation and Commissioning Manual Fiber Service Platform 3000R7 [PDF]

Product Description

The TOE is Adtran’s FSP 3000R7 Network Element operating with software release 22.2.2. The TOE is an optical network management tool. The product is a scalable optical transport solution that is meant to adapt to the bandwidth demands of the network it is deployed in and ensure secure transfer of data across the network.

Evaluated Configuration

The Adtran’s FSP 3000R7 Network Element includes the following appliance models:

Each of these devices runs software release 22.2.2 and provides identical NDcPP defined security functionality to one another.

The following lists components and applications in the environment that the TOE relies upon in order to function properly:

  • Certification Authority: used for certificate verification.
  • Management Workstation/terminal: used by an administrator to manage the TOE. For the TOE to be managed remotely the management workstation is required to have a supported browser to access the TOE’s Web GUI, SSHv2 client installed to access the TOE’s CLI.
  • Audit Server: used for remote audit record storage.
  • NTP Server: used to maintain accurate timestamps.

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which Adtran’s FSP 3000R7 Network Element operating with software release 22.2.2 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.The product, when configured as identified in Adtran’s FSP 3000R7 Network Element r22.2.2 Supplemental Administrative Guidance for Common Criteria, Version 1.0, January 12, 2024, satisfies all of the security functional requirements stated in the Adtran’s FSP 3000R7 Network Element operating with software release 22.2.2 Security Target, Version 1.0, January 10, 2024. The project underwent CCEVS Validator review. The evaluation was completed in March 2024. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11418-2024) prepared by CCEVS.

Environmental Strengths

The TOE provides the following security functions:

Security Audit

The TOE contains mechanisms to generate audit data to record predefined events on the TOE. The TOE stores audit logs locally and will free up audit storage space by deleting archived files in a First in First out (FIFO) fashion. The Security Administrator can configure the forwarding of events to an external Audit Server. In the evaluated configuration, the audit data is securely transmitted to the Audit Server using a TLS v1.2 communication channel.

Cryptographic Support

The TOE provides cryptography in support of SSH and TLS (v1.2) trusted communications. OpenSSL is used for all TLS and SSH communications. The TOE immediately destroys keys when no longer used. The following table identifies the cryptographic services:

Identification and Authentication

The TOE enforces the use of X.509 certificates to support authentication for all TLS connections. The TOE provides a password-based authentication mechanism for users to access the local CLI, remote CLI and Web GUI. The TSF will lock a user’s account from remote access after a configurable number of failed login attempts has been reached. Feedback from password entry is always obscured during local authentication. The only function available to an unauthenticated user is the ability to acknowledge a warning banner.

Security Management

The TOE uses role-based access control to prevent unauthorized management of and access to TSF data. The TOE maintains the role of Security Administrator which can administer the TOE locally and remotely.

Protection of the TSF

The TOE ensures the security and integrity of all data that is stored locally and accessed remotely. Passwords are not stored in plaintext. A Security Administrator can query the currently executing version of the TOE software and is required to manually initiate the update process. Prior to installation, the TOE automatically verifies the X.509 certificate used to sign the software update. In the evaluation configuration, if the certificate is found to be invalid for any reason or is missing, the update is not installed. The TOE implements a self-testing mechanism that is automatically executed during the initial start-up to verify the correct operation of the TOE and cryptographic functions. The TOE provides its own time either via its administratively configurable internal clock or via a connection to an NTP Server.

TOE Access

The TOE displays a configurable warning banner prior to user authentication. Users can terminate their own interactive session. Local and remote sessions are automatically terminated after the administrator configured inactivity time limit is reached.

Trusted Path/Channels

Users can access the CLI for administration functions locally via a physical connection to the TOE or remotely via a SSH connection where the TOE acts as a SSH Server. Users can also access the Web GUI for remote administrative functionality via a HTTPS connection where the TOE acts as a HTTPS/TLS server.

The TOE acts as a TLS client to initiate the secure channel to an external Audit Server.

Vendor Information

Adtran Networks North America, Inc
David Graves
678 728-8841
Site Map              Contact Us              Home