Assurance Continuity - Brocade FastIron ICX Series Switch/Router 8.0.70 with IPSEC VPN
Date of Maintenance Completion: 2019.06.19CC Certificate Validation Report Assurance Activity
Product Type: Virtual Private Network
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.0
Extended Package for VPN Gateways Version 2.1
Original Evaluated TOE: 2018.02.13 - Brocade FastIron ICX Series Switch/Router 08.0.70 with IPsec VPN Module
Please note: The above files are for the Original Evaluated TOE. Consequently, they do not refer to this maintained version, although they apply to the maintained version.
Security Target * Assurance Continuity Maintenance Report
Please note: This serves as an addendum to the VR for the Original Evaluated TOE.
* This is the Security Target (ST) associated with this latest Maintenance Release. To view previous STs for this TOE, click here.
Readers are reminded that the certification of this product (TOE) is the result of maintenance, rather than an actual re-evaluation of the product. Maintenance only considers the affect of TOE changes on the assurance baseline (i.e. the original evaluated TOE); maintenance is not intended to provide assurance in regard to the resistance of the TOE to new vulnerabilities or attack methods discovered since the date of the initial certificate. Such assurance can only be gained through re-evaluation.
Using a security impact analysis of the changes made to the TOE, which was provided by the developer, the CCEVS has determined that the impact of changes on the TOE are considered minor and that independent evaluator analysis was not necessary. A summary of the results can be found in the Maintenance Report, which is written in relation to the product's original validation report and Security Target. Readers are therefore reminded to read the Security Target, Validation Report, and the Assurance Maintenance Report to fully understand the meaning of what a maintained certificate represents.
The changes are divided into three categories: New Security Related Features, New Non-Security Related Features and Bug Fixes. The subsections below help to justify that the changes have no security impact on the certified TOE.
The changes to the ST were to update the version of the software to the latest version and update the storage buffer size reference. The Release Notes were updated to include new versioning and features.
New Security Related Features:
The following describes each new security related feature and provides supporting rationale regarding security relevance and the impact, if any, on the evaluated TOE.
New Non-Security Related Features
Features and enhancements have been added to the updated software. See the following table for an analysis.
There are several bugs identified as being part of the security group. See the following table for an analysis of each and why they are not relevant to the evaluation:
Affected Developer Evidence:
Modifications were made to the Security Target to change the software version and to update the size of the local audit buffer. The Release Notes were updated to address version number, new or changed features and bug fixes.
The vendor performed regression testing to ensure correct operation of the updated software as a matter of course for each of the software releases (8.0.80 and 8.0.90).
The updates to software included security relevant fixes for documented CVEs. The CVE databases were searched again on 4.24.2019 to ensure known security vulnerabilities have been corrected.
The evaluator searched the following:
using the following search terms: "Brocade", "FastIron", "ICX", "openssl crypto", “ipsec”
The search resulted in 22 findings, none of which were found to be applicable to the TOE.
Ruckus Wireless, Inc.