The Security Target (ST) defines the Information Technology (IT) security requirements for the Cisco Aggregation Services Router (ASR) 1000 Series. The Cisco ASR 1000 Series delivers embedded hardware acceleration for multiple Cisco IOS® XE Software services. In addition, the Cisco ASR 1000 Series Router features redundant Route and Embedded Services Processors, as well as software-based redundancy. In support of the routing capabilities, the Cisco ASR 1000 Series provides IPSec connection capabilities to facilitate secure communications with external entities, as required.
","evaluation_configuration":"The TOE is a hardware and software solution that makes up the router models as follows: Chassis: ASR1001X, ASR 1002X, ASR 1006, ASR 1013; Embedded Services Processors (ESP): ESP100, ESP200; Route Processor (RP): RP2. The network, on which they reside, is considered part of the environment. The software is pre-installed and is comprised of the Cisco IOS-XE software image Release 3.13. In addition, the software image is also downloadable from the Cisco web site. A login id and password is required to download the software image. The TOE is comprised of the following physical specifications as described in the table below:
\r\n| \r\n Hardware Model \r\n | \r\n\r\n ASR 1001-X \r\n | \r\n\r\n ASR 1002-X \r\n | \r\n\r\n ASR 1006 \r\n | \r\n\r\n ASR 1013 \r\n | \r\n
| \r\n Size \r\n | \r\n\r\n 1-Rack Unit \r\n | \r\n\r\n 2-Rack Units \r\n | \r\n\r\n 6-Rack Units \r\n | \r\n\r\n 13-Rack Units \r\n | \r\n
| \r\n Power \r\n | \r\n\r\n DC power: 500W \r\nAC Power: 471W \r\n | \r\n\r\n DC power: 590W \r\nAC Power: 560W \r\n | \r\n\r\n DC power: 1700W \r\nAC Power: 1600W \r\n | \r\n\r\n DC power: 4000W \r\nAC Power: 3760W \r\n | \r\n
| \r\n Supported ESPs \r\n | \r\n\r\n Integrated ESP \r\n | \r\n\r\n Integrated ESP \r\n | \r\n\r\n Dual ESP100 \r\n\r\n | \r\n\r\n Dual ESP100 \r\nESP200 \r\n | \r\n
| \r\n Supported RPs \r\n | \r\n\r\n Integrated RP \r\n | \r\n\r\n Integrated RP \r\n | \r\n\r\n Dual RP2 \r\n\r\n | \r\n\r\n Dual RP2 \r\n | \r\n
| \r\n SPA Slots \r\n | \r\n\r\n 1 SPA slot \r\n | \r\n\r\n 1 SPA slot \r\n | \r\n\r\n 12 SPA slots \r\n | \r\n\r\n 24 SPA slots \r\n | \r\n
| \r\n Interfaces \r\n | \r\n\r\n
| \r\n\r\n
| \r\n\r\n
| \r\n\r\n
| \r\n
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Cisco Aggregation Services Router (ASR) 1000 Series with the IOS XE 3.13 software version was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 4. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 4. The product, when configured as identified in the Cisco Aggregation Services Router (ASR) 1000 Series Common Criteria Operational User Guidance and Preparative Procedures version 0.4 document, satisfies all of the security functional requirements stated in the Cisco Aggregation Services Router (ASR) 1000 Series Security Target, Version 0.4. The evaluation underwent CCEVS Validation review. The evaluation was completed in June 2015. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, (report number CCEVS-VR-VID10609-2015, dated June 11, 2015) prepared by CCEVS.
","environmental_strengths":"Security Audit
\r\nThe TOE can audit events related to cryptographic functionality, identification and authentication, and administrative actions. The Cisco ASR 1000 Series generates an audit record for each auditable event. The administrator configures auditable events, performs back-up operations and manages audit data storage. The TOE provides the administrator with a circular audit trail or a configurable audit trail threshold to track the storage capacity of the audit trail. Audit logs are backed up over an encrypted channel to an external audit server.
\r\nCryptographic Support
\r\nThe TOE provides cryptography in support of secure trusted path and channel connections with administrators and other IT entities via IPsec and SSHv2.
\r\nUser Data Protection
\r\nThe TOE ensures that all information flows from the TOE do not contain residual information from previous traffic. Packets are padded with zeros. Residual data is never transmitted from the TOE.
\r\nIdentification and Authentication
\r\nThe TOE performs two types of authentication: device-level authentication of the remote device (VPN peers) and user authentication for the Authorized Administrator of the TOE. Device-level authentication allows the TOE to establish a secure channel with a trusted peer. Device-level authentication is performed via IKE/IPsec mutual authentication. The TOE supports use of IKEv1 (ISAKMP) and IKEv2 pre-shared keys for authentication of IPsec tunnels.
\r\nThe TOE provides authentication services for administrative users attempting to connect to the TOE’s local console and secure remote CLI administrative interfaces. Password-based authentication can be performed on all interfaces and public key authentication is available via the secure remote CLI only. The TOE provides administrator authentication against a local user database or a RADIUS AAA server.
\r\nSecurity Management
\r\nThe TOE provides the ability to securely manage all TOE administrative users; all identification and authentication; all audit functionality of the TOE; all TOE cryptographic functionality; the timestamps maintained by the TOE; updates to the TOE; configuration of IPsec functionality; and TOE configuration file storage and retrieval. The TOE supports multiple administrative roles that restrict access to TOE functions depending on the admin role assigned to a user. The management interfaces are the remote CLI via SSHv2 or IPsec and the local console.
\r\nPacket Filtering
\r\nThe TOE provides packet filtering and secure IPsec tunneling. The tunnels can be established between two trusted VPN peers as well as between remote VPN clients and the TOE. More accurately, these tunnels are sets of security associations (SAs). The SAs define the protocols and algorithms to be applied to sensitive packets and specify the keying material to be used. SAs are unidirectional and are established per the ESP security protocol. An authorized administrator can define the traffic that needs to be protected via IPsec by configuring access lists (permit, deny, log) and applying these access lists to interfaces using crypto map sets.
\r\nProtection of the TSF
\r\nThe TOE provides protection of TSF data (authentication data and cryptographic keys). In addition, the TOE internally maintains the date and time. This date and time is used as the time stamp that is applied to TOE generated audit records. This time can be set manually, or an NTP server (or servers) can be used to synchronize the date-timestamp. The TOE is also capable of verifying software updates prior to the software updates being installed. Finally, the TOE performs testing to verify correct operation of the appliance itself and the cryptographic module.
\r\nTOE Access
\r\nThe TOE can terminate inactive sessions after an Authorized Administrator configurable time-period. The TOE also allows users to terminate their own interactive session. Once a session has been terminated the TOE requires the user to re-authenticate to establish a new session. The TOE can also display an Authorized Administrator specified banner on the local console and remote CLI prior to allowing any administrative access to the TOE.
\r\nTrusted Path/Channels
\r\nThe TOE establishes a trusted path between the TOE and the remote CLI using SSHv2 or IPsec. The TOE establishes a secure IPsec connection to an external syslog server to send audit data, to a CA server to validate certificates, and to an external authentication server to authenticate users. The TOE can also establish trusted paths of peer-to-peer IPsec sessions.
","features":[]}