The TOE is the Cisco Optical Networking Solution (ONS). The Cisco Optical Networking Solution (ONS) TOE is the Multiservice Transport Platform (MSTP) that provides dense wavelength-division multiplexing (DWDM) and time-division multiplexing (TDM) solutions.
","evaluation_configuration":"A hardware and software solution that makes up the ONS models as follows:
\r\nThe software comes pre-installed and is comprised of the Universal Cisco ONS software image Release 9.8.1.2.
","security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and procedures. The criteria against which the Cisco Optical Networking Solution (ONS) were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 4. Leidos (formerly SAIC) determined that the product, when delivered configured as identified in the Cisco Optical Networking Solution Common Criteria Configuration Guide document, satisfies all of the security functional requirements stated in the Cisco Optical Networking Solution Security Target, 1.0, August 11, 2014. The project underwent CCEVS Validator review. The evaluation was completed in August 2014. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
","environmental_strengths":"Security Audit
\r\nThe TOE can audit events related to cryptographic functionality, identification and authentication, and administrative actions. The Cisco Optical Networking Solution generates an audit record for each auditable event. Each security relevant audit event has the date, timestamp, event description, and subject identity. Auditing is always on to audit all events and therefore the administrator is only coupled with the management of the audit data storage and archive of the log files. The TOE provides the administrator with a circular audit trail or a configurable audit trail threshold to track the storage capacity of the audit trail. Audit logs are manually archived over secure HTTPS/TLS connection to an external audit server.
\r\nCryptographic Support
\r\nONS is a FIPS validated product. The FIPS certificate numbers are provided in the ST.
\r\nThe TOE also provides cryptography in support of other Cisco ONS security functionality. This cryptography has been validated for conformance to the requirements of FIPS 140-2 Level. The TOE provides HTTPS, as specified in RFC 2818, to provide a secure interactive interface for remote administrative functions, and to support secure exchange of user authentication parameters during login. HTTPS uses TLS to securely establish the encrypted remote session. The TOE provides TLS 1.0, conformant to RFC 2246. The TOE only supports standard extensions, methods, and characteristics.
\r\nFull Residual Data Protection
\r\nThe TOE ensures that all information flows from the TOE do not contain residual information from previous traffic. Packets are padded with zeros. Residual data is never transmitted from the TOE.
\r\nIdentification and Authentication
\r\nThe TOE provides authentication services for administrative users to connect to the TOEs GUI administrator interface. The TOE requires Authorized Administrators to be successfully identified and authenticated prior to being granted access to any of the management functionality. The TOE can be configured to require a minimum password length of 15 characters, password expiration as well as mandatory password complexity rules. The TOE provides administrator authentication against a local user database using the GUI interface accessed via secure HTTPS connection.
\r\nSecurity Management
\r\nThe TOE provides secure administrative services for management of general TOE configuration and the security functionality provided by the TOE. All TOE administration occurs through a secure HTTPS session. The TOE provides the ability to securely manage:
\r\n• All TOE administrative users;
\r\n• All identification and authentication;
\r\n• All audit functionality of the TOE;
\r\n• All TOE cryptographic functionality;
\r\n• The timestamps maintained by the TOE; and
\r\n• Updates to the TOE.
\r\nProtection of the TSF
\r\nThe TOE protects against interference and tampering by untrusted subjects by implementing identification, authentication, and access controls to limit configuration to Authorized Administrators. The TOE prevents reading of cryptographic keys and passwords. Additionally Cisco ONS is not a general-purpose operating system and access to Cisco ONS memory space is restricted to only Cisco ONS functions.
\r\nThe TOE internally maintains the date and time. This date and time is used as the timestamp that is applied to audit records generated by the TOE.
\r\nThe TOE performs testing to verify correct operation of the system itself and that of the cryptographic module.
\r\nFinally, the TOE is able to verify any software updates prior to the software updates being installed on the TOE to avoid the installation of unauthorized software.
\r\nTOE Access
\r\nThe TOE can terminate inactive sessions after an Authorized Administrator configurable time-period. Once a session has been terminated the TOE requires the user to re-authenticate to establish a new session. The TOE can also be configured to display an Authorized Administrator specified banner on the GUI management interface prior to accessing the TOE.
\r\nTrusted Path/Channels
\r\nThe TOE allows trusted paths to be established to itself from remote administrators over HTTPS for remote administration and manual archiving of audit messages.
","features":[]}