{"product_id":10579,"v_id":10579,"product_name":"Brocade VDX 6700 and 8700 Series products with NOS 3.0","certification_status":"Certified","certification_date":"2014-07-11T00:00:00Z","tech_type":"Network Device, Router, Sharing Switch","vendor_id":{"name":"Brocade Communications Systems LLC A Broadcom Inc. Company","website":"www.broadcom.com"},"vendor_poc":"Chris Marks","vendor_phone":"408-333-0480","vendor_email":"marksc@brocade.com","assigned_lab":{"cctl_name":"Leidos Common Criteria Testing Laboratory"},"product_description":"<p class=\"Body\">The Target of Evaluation (TOE) is Brocade Communications Systems, Inc. VDX Product Series.&nbsp; The VDX Product Series comprises the VDX 6710-54, VDX 6720-24, VDX 6720-60, VDX 6730-32, VDX 6730-76, VDX 8770-4 and VDX 8770-8 switch/router devices, each running Brocade&rsquo;s Network Operating System (NOS)&mdash;v3.0.1 in the evaluated configuration.</p>\r\n<p>The VDX switch/routers, in the context of the evaluation, are network devices that provide a secure base (comprising auditing, cryptographic support for network communications and update integrity, user identification and authentication, and secure management) for operational functions related to switching and routing IP network traffic.</p>","evaluation_configuration":"","security_evaluation_summary":"<p>The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Brocade Communications Systems, Inc. VDX Product Series was assessed are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 3. Leidos Inc. determined that the TOE satisfies the requirements specified in <em>Protection Profile for Network Devices</em>, Version 1.1, 8 June 2012.&nbsp; The product, when delivered and configured as identified in the product guidance documentation, satisfies all of the security functional requirements stated in the Brocade Communications Systems, Inc. VDX Product Series Security Target, Version 1.0, 3 April 2014.</p>\r\n<p>A validation team on behalf of the CCEVS Validation Body monitored the evaluation carried out by Leidos. The evaluation was completed in June 2014. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID10579-2014), prepared by CCEVS.</p>","environmental_strengths":"<p>The evaluation of the Brocade Communications Systems, Inc. VDX Product Series TOE provides assurance that the security functions implemented by the TOE satisfy the security functional requirements specified in the Brocade Communications Systems, Inc. VDX Product Series Security Target and that the guidance documentation describes how to use the TOE in a secure fashion. Assurance was achieved by the performance of the assurance activities specified in <em>Protection Profile for Network Devices</em>.</p>\r\n<p>Brocade Communications Systems, Inc. VDX Product Series supports the following security functions:</p>\r\n<ul>\r\n<li><strong>Security Audit</strong>&mdash;the      TOE is designed to be able to generate logs for a wide range of security      relevant events. The TOE can be configured to store the logs locally so      they can be accessed by an authorized TOE User and also to send the logs      to a designated log server using TLS to protect the logs on the network.</li>\r\n<li><strong>Cryptographic Support</strong>&mdash;the      TOE includes a FIPS-certified cryptographic module that provides key      management, random bit generation, encryption/decryption, digital      signature and secure hashing and key-hashing features in support of higher      level cryptographic protocols including SSH and TLS.</li>\r\n<li><strong>User Data Protection</strong>&mdash;the      TOE performs a wide variety of network switching and routing functions,      passing network traffic among its various network connections. While      implementing applicable network protocols associated with network traffic      routing, the TOE is carefully designed to ensure that it does not      inadvertently reuse data found in network traffic. This is accomplished      primarily by controlling the size of all buffers, fully overwriting buffer      contents, and zero-padding of memory structures and buffers when      necessary.</li>\r\n<li><strong>Identification and Authentication</strong>&mdash;the      TOE requires users to be identified and authenticated before they can use      functions mediated by the TOE, with the exception of passing network      traffic in accordance with its configured switching/routing rules.&nbsp; It provides the ability to both assign      attributes (user names, passwords, public keys, and privilege levels) and      to authenticate users against these attributes. The TOE also provides the      authorized administrators with the ability to configure Authentication      Method lists. These lists are used to specify the order in which the      authentication methods are employed whenever there are one or more      authentication methods available.</li>\r\n<li><strong>Security Management</strong>&mdash;the      TOE provides Command Line Interface (CLI) commands to access the wide      range of security management functions to manage its security policies.      Security management commands are limited to authorized users (i.e.,      administrators) and available only after they have provided acceptable      user identification and authentication data to the TOE. The security      management functions are controlled through the use of privileges      associated with roles that can be assigned to TOE users. Among the      available privileges, only the Authorized Administrator role can actually      manage the security policies provided by the TOE and the TOE offers a      complete set of functions to facilitate effective management.</li>\r\n<li><strong>Protection of the TSF</strong>&mdash;the      TOE includes functions to perform self-tests so that it might detect when      it is failing. It also includes mechanisms (i.e., verification of the      digital signature of each new image) so that the TOE itself can be updated      while ensuring that the updates will not introduce malicious or other unexpected      changes in the TOE. It protects particularly sensitive data such as stored      passwords and cryptographic keys so that they are not accessible even by      an administrator. It also provides its own timing mechanism to ensure that      reliable time information is available (e.g., for log accountability).</li>\r\n<li><strong>TOE Access</strong>&mdash;the      TOE can be configured to display an informative banner when an      administrator establishes an interactive session and subsequently will      enforce an administrator-defined inactivity timeout value after which the      inactive session (local or remote) will be terminated.</li>\r\n<li><strong>Trusted Path/Channels</strong>&mdash;the      TOE protects interactive communication with administrators using SSHv2 for      CLI access, ensuring both integrity and disclosure protection.&nbsp; If the negotiation of an encrypted      session fails or if the user does not have authorization for remote      administration, an attempted connection will not be established. The TOE      protects communication with network peers, such as a log server, using TLS      connections to prevent unintended disclosure or modification of logs. SSH      v2 is used to support SCP which the TOE uses for secure download of TOE      updates.</li>\r\n</ul>","features":[]}