Compliant Product - Adtran’s FSP 3000R7 Network Element r22.2.2
Certificate Date:
2024.03.28
CC Certificate Validation Report Number: CCEVS-VR-VID11418-2024 Product Type: Network Device Conformance Claim: Protection Profile Compliant PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e CC Testing Lab: Booz Allen Hamilton Common Criteria Testing Laboratory ![[PDF]](/assets/images/icon_pdf.gif){kind=icon}
Security Target
Validation Report
Assurance Activity
Supplemental Administrative Guidance for Common Criteria
Secure System Configuration Guide Fiber Service Platform 3000R7
Network Element Director Quick Start Guide, Fiber Service Platform 3000R7
Installation and Commissioning Manual Fiber Service Platform 3000R7
Product Description
The TOE is Adtran’s FSP 3000R7 Network Element operating with software release 22.2.2. The TOE is an optical network management tool. The product is a scalable optical transport solution that is meant to adapt to the bandwidth demands of the network it is deployed in and ensure secure transfer of data across the network.
Evaluated Configuration
The Adtran’s FSP 3000R7 Network Element includes the following appliance models: Each of these devices runs software release 22.2.2 and provides identical NDcPP defined security functionality to one another. The following lists components and applications in the environment that the TOE relies upon in order to function properly:
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The criteria against which Adtran’s FSP 3000R7 Network Element operating with software release 22.2.2 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.The product, when configured as identified in Adtran’s FSP 3000R7 Network Element r22.2.2 Supplemental Administrative Guidance for Common Criteria, Version 1.0, January 12, 2024, satisfies all of the security functional requirements stated in the Adtran’s FSP 3000R7 Network Element operating with software release 22.2.2 Security Target, Version 1.0, January 10, 2024. The project underwent CCEVS Validator review. The evaluation was completed in March 2024. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11418-2024) prepared by CCEVS.
Environmental Strengths
The TOE provides the following security functions: Security AuditThe TOE contains mechanisms to generate audit data to record predefined events on the TOE. The TOE stores audit logs locally and will free up audit storage space by deleting archived files in a First in First out (FIFO) fashion. The Security Administrator can configure the forwarding of events to an external Audit Server. In the evaluated configuration, the audit data is securely transmitted to the Audit Server using a TLS v1.2 communication channel. Cryptographic SupportThe TOE provides cryptography in support of SSH and TLS (v1.2) trusted communications. OpenSSL is used for all TLS and SSH communications. The TOE immediately destroys keys when no longer used. The following table identifies the cryptographic services:
Identification and AuthenticationThe TOE enforces the use of X.509 certificates to support authentication for all TLS connections. The TOE provides a password-based authentication mechanism for users to access the local CLI, remote CLI and Web GUI. The TSF will lock a user’s account from remote access after a configurable number of failed login attempts has been reached. Feedback from password entry is always obscured during local authentication. The only function available to an unauthenticated user is the ability to acknowledge a warning banner. Security ManagementThe TOE uses role-based access control to prevent unauthorized management of and access to TSF data. The TOE maintains the role of Security Administrator which can administer the TOE locally and remotely. Protection of the TSFThe TOE ensures the security and integrity of all data that is stored locally and accessed remotely. Passwords are not stored in plaintext. A Security Administrator can query the currently executing version of the TOE software and is required to manually initiate the update process. Prior to installation, the TOE automatically verifies the X.509 certificate used to sign the software update. In the evaluation configuration, if the certificate is found to be invalid for any reason or is missing, the update is not installed. The TOE implements a self-testing mechanism that is automatically executed during the initial start-up to verify the correct operation of the TOE and cryptographic functions. The TOE provides its own time either via its administratively configurable internal clock or via a connection to an NTP Server. TOE AccessThe TOE displays a configurable warning banner prior to user authentication. Users can terminate their own interactive session. Local and remote sessions are automatically terminated after the administrator configured inactivity time limit is reached. Trusted Path/ChannelsUsers can access the CLI for administration functions locally via a physical connection to the TOE or remotely via a SSH connection where the TOE acts as a SSH Server. Users can also access the Web GUI for remote administrative functionality via a HTTPS connection where the TOE acts as a HTTPS/TLS server. The TOE acts as a TLS client to initiate the secure channel to an external Audit Server. Vendor InformationAdtran Networks North America, Inc David Graves 678 728-8841 david.graves@adtran.com www.adtran.com/en |
