{"product_id":10581,"v_id":10581,"product_name":"Cisco Email Security Appliance (ESA)","certification_status":"Certified","certification_date":"2014-11-13T00:00:00Z","tech_type":"Network Device","vendor_id":{"name":"Cisco Systems, Inc.","website":"https://www.cisco.com"},"vendor_poc":"Bonnie Zeleny","vendor_phone":"+1 410-309-4862","vendor_email":"certeam@cisco.com","assigned_lab":{"cctl_name":"Booz Allen Hamilton Common Criteria Testing Laboratory"},"product_description":"<p>The Security Target (ST) defines the Information Technology (IT) security requirements for the Cisco Email Security Appliance (ESA). ESA is a scalable hardware and software solution that provides comprehensive email protection services for email.&nbsp; The email protection services were not evaluated under the Network Devices Protection Profile, to which compliance is claimed.</p>","evaluation_configuration":"<p>The TOE is comprised of both software and hardware.&nbsp; The hardware is comprised of the following: C170, C370, C670, X1070, C380, C680, and C000v, C100v, C300v, C600v running on Cisco UCS servers (blade or rack-mounted). The software is comprised of the AsyncOS 8.0.2 version. The TOE is comprised of the following specifications as described in the table below:</p>\r\n<p>&nbsp;</p>\r\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\">\r\n<thead> \r\n<tr>\r\n<td width=\"30\" valign=\"top\">\r\n<p class=\"TableHeaderTextCxSpFirst\">Model</p>\r\n</td>\r\n<td width=\"84\" valign=\"top\">\r\n<p class=\"TableHeaderTextCxSpLast\">X1070</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"Tabletext\"><strong>C680</strong><strong>&nbsp;</strong></p>\r\n<p class=\"TableHeaderText\">&nbsp;</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"Tabletext\"><strong>C670</strong><strong> </strong></p>\r\n<p class=\"TableHeaderTextCxSpFirst\">&nbsp;</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TableHeaderTextCxSpMiddle\">C380</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TableHeaderTextCxSpLast\">C370</p>\r\n</td>\r\n<td width=\"66\" valign=\"top\">\r\n<p class=\"Tabletext\"><strong>C170</strong></p>\r\n<p class=\"TableHeaderTextCxSpFirst\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TableHeaderTextCxSpMiddle\">C000v</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TableHeaderTextCxSpMiddle\">C100v</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TableHeaderTextCxSpMiddle\">C300v</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TableHeaderTextCxSpLast\">C600v</p>\r\n</td>\r\n</tr>\r\n</thead> \r\n<tbody>\r\n<tr>\r\n<td width=\"30\" valign=\"top\">\r\n<p class=\"TabletextCxSpFirst\"><strong>Processor</strong></p>\r\n</td>\r\n<td width=\"84\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">2x4 (2 quad cores)<strong>&nbsp;</strong></p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">2x6 (2 hexa cores)</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">2x4 (2 quad cores)</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">1x6 (1 hexa core)</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpLast\">1x4 (1 quad core)</p>\r\n</td>\r\n<td width=\"66\" valign=\"top\">\r\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\">\r\n<tbody>\r\n<tr>\r\n<td width=\"70\" valign=\"top\">\r\n<p class=\"SP5278566\">1x2 (1 Dual Core)</p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n<p class=\"TabletextCxSpFirst\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpMiddle\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpMiddle\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpMiddle\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpLast\">&nbsp;</p>\r\n</td>\r\n</tr>\r\n<tr>\r\n<td width=\"30\" valign=\"top\">\r\n<p class=\"TabletextCxSpFirst\"><strong>Memory</strong></p>\r\n</td>\r\n<td width=\"84\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">4 GB<strong>&nbsp;</strong></p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">32 GB</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">4 GB</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">16 GB</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">4 GB</p>\r\n</td>\r\n<td width=\"66\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">4 GB</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpMiddle\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpMiddle\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpMiddle\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpLast\">&nbsp;</p>\r\n</td>\r\n</tr>\r\n<tr>\r\n<td width=\"30\" valign=\"top\">\r\n<p class=\"TabletextCxSpFirst\"><strong>Hard disk</strong></p>\r\n</td>\r\n<td width=\"84\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">1.8 TB (300 x 6), RAID 10<strong>&nbsp;</strong></p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">1.8 TB (600 x 3), RAID 10</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">1.2 TB (300 x 4), RAID 10</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">1.2 TB (600 x 2), RAID 10</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpLast\">600 GB (300 x 2), RAID   1</p>\r\n</td>\r\n<td width=\"66\" valign=\"top\">\r\n<table border=\"1\" cellspacing=\"0\" cellpadding=\"0\">\r\n<tbody>\r\n<tr>\r\n<td width=\"70\" valign=\"top\">\r\n<p class=\"SP5278566\">250 GB, RAID 1</p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>\r\n<p class=\"TabletextCxSpFirst\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpMiddle\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpMiddle\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpMiddle\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpLast\">&nbsp;</p>\r\n</td>\r\n</tr>\r\n<tr>\r\n<td width=\"30\" valign=\"top\">\r\n<p class=\"TabletextCxSpFirst\"><strong>Interfaces/UCS Server</strong></p>\r\n</td>\r\n<td width=\"84\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">(1) USB Console Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(1) Serial Console Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(1) Management Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(3)   10/100/1000 Port<strong>&nbsp;</strong></p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">(2) USB Console Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(1) Console Port (RJ-45 connector)</p>\r\n<p class=\"TabletextCxSpMiddle\">(1) Management Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(4)   10/100/1000 Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(2)   Power Supply</p>\r\n<p class=\"TabletextCxSpMiddle\">(1)   Remote Power Management Port</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">(1) USB Console Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(1) Serial Console Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(1) Management Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(3)   10/100/1000 Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(2)   Power Supply</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">(2) USB Console Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(1) Console Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(1) Management Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(4)   10/100/1000 Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(2)   Power Supply</p>\r\n<p class=\"TabletextCxSpMiddle\">(1)   Remote Power Management Port</p>\r\n<p class=\"TabletextCxSpMiddle\">&nbsp;</p>\r\n</td>\r\n<td width=\"61\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">(1) USB Console Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(1) Serial Console Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(1) Management Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(4)   10/100/1000 Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(2)   Power Supply</p>\r\n</td>\r\n<td width=\"66\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">(2) USB Console Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(1) Console Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(1) Management Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(2)   10/100/1000 Port</p>\r\n<p class=\"TabletextCxSpMiddle\">(1)   Power Supply</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or UCS   C-Series running ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpMiddle\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpMiddle\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpMiddle\">&nbsp;</p>\r\n</td>\r\n<td width=\"53\" valign=\"top\">\r\n<p class=\"TabletextCxSpMiddle\">UCS   B-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">or</p>\r\n<p class=\"TabletextCxSpMiddle\">UCS   C-Series</p>\r\n<p class=\"TabletextCxSpMiddle\">running   ESXi 5.1 or 5.5</p>\r\n<p class=\"TabletextCxSpLast\">&nbsp;</p>\r\n</td>\r\n</tr>\r\n</tbody>\r\n</table>","security_evaluation_summary":"<p>The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Cisco Email Security Appliance (ESA) with the AsyncOS 8.0.2 software version was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. Booz Allen Hamilton determined that the evaluation assurance level (EAL) for the product is EAL 1. The product, when delivered configured as identified in the <em>Cisco IronPort Email Security Appliance CC Configuration Guide version 1.0</em> document, satisfies all of the security functional requirements stated in the <em>Cisco Email Security Appliance Security Target, Version 1.0</em>. The evaluation underwent CCEVS Validator review. The evaluation was completed in October 2014. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-VID10581-2014, dated November 13, 2014) prepared by CCEVS.</p>","environmental_strengths":"<p><strong><em>Security Audit</em></strong></p>\r\n<p>The TOE can audit events related to cryptographic functionality, identification and authentication, and administrative actions. The administrator configures auditable events, performs back-up operations and manages audit data storage. The TOE provides the administrator with a circular audit trail or a configurable audit trail threshold to track the storage capacity of the audit trail. Audit logs are sent via an encrypted SSHv2 channel to an external audit server.</p>\r\n<p><strong><em>Cryptographic Support</em></strong></p>\r\n<p>The TOE provides cryptography in support of secure trusted path and channel connections with administrators and other IT entities via TLS 1.0, HTTPS, and SSHv2.</p>\r\n<p><strong><em>User Data Protection</em></strong></p>\r\n<p>The TOE ensures that all information flows from the TOE do not contain residual information from previous traffic. Packets are padded with zeros. Residual data is never transmitted from the TOE. <strong><em></em></strong></p>\r\n<p><strong><em>Identification and Authentication</em></strong></p>\r\n<p>The TOE provides authentication services for administrative users attempting to connect to the TOE&rsquo;s local console, secure remote CLI and secure remote GUI administrative interfaces. Password-based authentication can be performed on all interfaces and public key authentication is available via the secure remote CLI only. The TOE provides administrator authentication against a local user database.</p>\r\n<p><strong><em>Security Management</em></strong></p>\r\n<p>The TOE provides the ability to securely manage all TOE administrative users; all identification and authentication; all audit functionality of the TOE; all TOE cryptographic functionality; the timestamps maintained by the TOE; updates to the TOE; and TOE configuration file storage and retrieval. The TOE supports multiple administrative roles that restrict access to TOE functions depending on the admin role assigned to a user. The management interfaces are the TLS/HTTPS protected GUI, the SSHv2 remote CLI, and the local console.</p>\r\n<p><strong><em>Protection of the TSF</em></strong></p>\r\n<p>The TOE provides protection of TSF data (authentication data and cryptographic keys). In addition, the TOE internally maintains the date and time. This date and time is used as the time stamp that is applied to TOE generated audit records. This time can be set manually, or an NTP server (or servers) can be used to synchronize the date-timestamp. The TOE is also capable of verifying software updates prior to the software updates being installed. Finally, the TOE performs testing to verify correct operation of the appliance itself and the cryptographic module.</p>\r\n<p><strong><em>TOE Access</em></strong></p>\r\n<p>The TOE can terminate inactive sessions after an Authorized Administrator configurable time-period. The TOE also allows users to terminate their own interactive session. Once a session has been terminated the TOE requires the user to re-authenticate to establish a new session. The TOE can also display a Authorized Administrator specified banner on the local console, CLI and the GUI prior to allowing any administrative access to the TOE.</p>\r\n<p><strong><em>Trusted Path/Channels</em></strong></p>\r\n<p>The TOE establishes a trusted path between the TOE and the administrative web-based GUI using TLS/HTTPS, and between the ESA and the remote CLI using SSHv2.&nbsp; The TOE also establishes a secure connection for sending audit data to an external syslog server using SCP over SSHv2.</p>","features":[]}