{"product_id":11319,"v_id":11319,"product_name":"Infinera Corporation Transcend Network Management System Server 18.10.3","certification_status":"Certified","certification_date":"2022-12-12T00:00:00Z","tech_type":"Application Software","vendor_id":{"name":"Infinera Corporation","website":"https://infinera.com"},"vendor_poc":"Filipe Caetano","vendor_phone":"4085725200","vendor_email":"fcaetano@infinera.com","assigned_lab":{"cctl_name":"Gossamer Security Solutions"},"product_description":"<p class=\"MsoNormal\" style=\"text-align: justify;\">The Transcend Network Management System (TNMS) is designed to provide end-to-end network and service management across multiple technologies and equipment vendors.<span style=\"mso-spacerun: yes;\">&nbsp; </span>For purposes of this evaluation, the TNMS Server is a software application that accepts management instructions via secure communication with a TNMS Client and then securely transfers management instructions to configured network entities.</p>","evaluation_configuration":"<p class=\"Body\">The Target of Evaluation (TOE) is Transcend Network Management System (TNMS) Server version 18.10.3. The TNMS Server is a pair of Java applications designed to run in the following operational environment:</p>\r\n<p class=\"Body\" style=\"margin-left: .5in; text-indent: -.25in; mso-list: l0 level1 lfo1;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Red Hat Enterprise Linux (RHEL) 7.9 (64 bit) / CentOS 7.9 (64 bit) on a 64-bit Intel Xeon processor</p>\r\n<p class=\"Body\" style=\"margin-left: .5in; text-indent: -.25in; mso-list: l0 level1 lfo1;\"><!-- [if !supportLists]--><span style=\"font-family: Symbol; mso-fareast-font-family: Symbol; mso-bidi-font-family: Symbol;\"><span style=\"mso-list: Ignore;\">&middot;<span style=\"font: 7.0pt 'Times New Roman';\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span></span></span><!--[endif]-->Amazon Corretto (OpenJDK) JDK/JRE 11.0.6</p>","security_evaluation_summary":"<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\">The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The evaluation demonstrated that <span style=\"mso-bidi-font-style: italic;\">the TOE </span>meets the security requirements contained in the Security Target.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The product, when delivered and configured as identified in the <a name=\"_Hlk119048204\"></a><span style=\"mso-no-proof: yes;\">Infinera Transcend Network Management System Server 18.10.3 Administrative Guidance for Common Criteria</span>, Version <span style=\"mso-no-proof: yes;\">1.1</span>, <span style=\"mso-no-proof: yes;\">December 6, 2022</span> document, satisfies all of the security functional requirements stated in the <span style=\"mso-no-proof: yes;\">Infinera Corporation Transcend Network Management System Server 18.10.3 Security Target</span>, Version <span style=\"mso-no-proof: yes;\">1.5</span>, <span style=\"mso-no-proof: yes;\">December 9, 2022</span>.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The project underwent CCEVS Validator review.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The evaluation was completed in <span style=\"mso-no-proof: yes;\">December 2022</span>.<span style=\"mso-spacerun: yes;\">&nbsp; </span>Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID<span style=\"mso-no-proof: yes;\">11319-2022</span>) prepared by CCEVS.</p>","environmental_strengths":"<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\">The logical boundaries of the <span style=\"mso-no-proof: yes;\">Transcend Network Management System Server</span> are realized in the security functions that it implements. Each of these security functions is summarized below.</p>\r\n<p class=\"MsoNormal\">&nbsp;</p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Cryptographic support:</strong></p>\r\n<p class=\"Body\"><span style=\"font-family: 'Times New Roman',serif;\">The TOE uses Automated Cryptographic Validation Test System (ACVTS)-validated cryptographic algorithm implementations, provided by the Bouncy Castle cryptographic module installed with the TOE, to support asymmetric key generation, encryption/decryption, signature generation and verification and establishment of trusted channels to protect data in transit. The TOE implements a TLS server to securely communicate with a TNMS Client, implements a SSH client to securely communicate with managed network entities, and implements functionality to securely store key data related to secure communications. The TOE also relies on the underlying Java platform to generate entropy that is used as input data for the TOE&rsquo;s deterministic random bit generator (DRBG).</span></p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>User data protection:</strong></p>\r\n<p class=\"Body\"><span style=\"font-family: 'Times New Roman',serif;\">The TOE does not access any hardware resources or sensitive information repositories other than network access. No sensitive data outside of secure credentials is stored in non-volatile memory.<span style=\"mso-spacerun: yes;\">&nbsp; </span>Inbound and outbound network communications are restricted to those that are TOE-initiated to configured network elements, responding to incoming TNMS Clients TLS connections for remote management, and checking for updates.</span></p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Security management:</strong></p>\r\n<p class=\"Body\"><span style=\"font-family: 'Times New Roman',serif;\">After installation, an administrator manages the TOE through a TNMS client, and the TOE stores administrator configurations in its database stored in the platform file system.</span></p>\r\n<p class=\"Body\"><span style=\"font-family: 'Times New Roman',serif;\">When configured with default credentials or no credentials, the TOE restricts its functionality and only allows the ability to set new credentials.<span style=\"mso-spacerun: yes;\">&nbsp; </span>By default, the TOE is configured with file permissions to protect itself and its data from unauthorized access.</span></p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Privacy:</strong></p>\r\n<p class=\"Body\"><span style=\"font-family: 'Times New Roman',serif;\">The TOE does not transmit personally identifiable information (PII) over any network interfaces.</span></p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Protection of the TSF:</strong></p>\r\n<p class=\"Body\"><span style=\"font-family: 'Times New Roman',serif;\">The TOE protects itself against exploitation by implementing address space layout randomization (ASLR) and by not allocating any memory region for both write and execute permission. <span style=\"mso-spacerun: yes;\">&nbsp;</span>The TOE uses standard platform APIs and includes a number of third party libraries used to perform its functions.</span></p>\r\n<p class=\"Body\"><span style=\"font-family: 'Times New Roman',serif;\">The TOE includes mechanisms to check for updates and to query the current version of the application software. TOE software is digitally signed and distributed using the platform-supported package manager.<span style=\"mso-spacerun: yes;\">&nbsp; </span>The TOE does not update its own binary code in any way and when removed, all traces of the TOE application software are deleted.</span></p>\r\n<p class=\"MsoNormal\" style=\"text-align: justify; mso-outline-level: 1;\"><strong>Trusted path/channels:</strong></p>\r\n<p class=\"Body\"><span style=\"font-family: 'Times New Roman',serif;\">The TOE protects communications between itself and managed network entities using SSH and between itself and the TNMS Client using TLS.</span></p>","features":[]}