The TOE is a digital video and audio distribution network device that switches 4K video sources and displays at 60 frames per second (fps) with full 4:4:4 color sampling, High Dynamic Range (HDR) video support, standard 1-Gigabit Ethernet infrastructure, and Pixel Perfect Processing technology to provide video transport in all applications. The digital video and audio transport and encoding/decoding are not evaluated.
\r\nFor the purpose of this evaluation, the TOE is treated as a network device offering NIST validated cryptographic functions, security auditing, secure administration, trusted updates, self-tests, and secure connections to other servers (e.g., to export audit records), protected using HTTPS/TLS and SSH.
\r\nCryptographic functionality is performed by the TOE’s ‘Crestron Crypto Kernel for Open SSL’ software module that includes third-party SafeLogic OpenSSL in support of higher level protocols (TLS, SSH). The module’s FIPS-Approved cryptographic algorithms have obtained CAVP certificates.
\r\nThe TOE audits security relevant events, stores audit records locally, and can be configured to forward its audit records to an external syslog server in the network environment. An administrator can configure the TOE to solicit time from an NTP server, and alternatively the administrator can manually set the TOE’s time.
\r\nThe TOE uses TLS to protect communications with an external syslog server, offers a management GUI protected by TLS/HTTPS, and provides a management Command Line Interface (CLI) protected by SSH.
\r\nAdministrators are able to query the current version of the product firmware and manage the security functions of the TOE, including performing updates on the product. Public/private keys are used to provide digital signatures for protection of the update files.
\r\nThe TOE provides self-tests to ensure the integrity and correct operation of the TOE.
","evaluation_configuration":"The TOE includes the following appliance models, each with firmware version 7.1.5259.00081:
\r\nEach appliance contains an Intel Arria 10 SX SoC FPGA that includes an ARM Cortex-A9 MPCore processor implementing the ARMv7-A microarchitecture. “C” indicates that the model is a form factor with a chassis card.
","security_evaluation_summary":"The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is Common Methodology for Information Technology Security Evaluation, Version 3.1 revision 5. The product, when delivered and configured as identified in the DigitalMedia NVX® AV-over-IP v7.1 Common Criteria Evaluated Configuration Guide (CCECG), Version 1.0, October 4, 2024, satisfies all the security functional requirements stated in the Crestron DigitalMedia NVX® AV-over-IP v7.1 Security Target, Version 1.0, October 3, 2024. The project underwent CCEVS Validator review. The evaluation was completed in October 2024. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11471-2024) prepared by CCEVS.
","environmental_strengths":"Security Audit
\r\nThe TOE generates audit events associated with identification and authentication, management, updates, and user sessions. The TOE can store the events in a local log and export them to a syslog server using a TLS protected channel.
\r\nCryptographic Support
\r\nThe TOE provides CAVP certified cryptography in support of its SSH, TLS, and NTP implementations and for verifying TOE update package signatures. Cryptographic services include key management, random bit generation, symmetric encryption and decryption, digital signature, and secure hashing.
\r\nIdentification and Authentication
\r\nThe TOE requires users to be identified and authenticated before they can use functions mediated by the TOE, with the exception of reading the login banner. The TOE authenticates a user’s credentials (password, key) using a local mechanism provided by the TOE. The TOE also provides X.509 certificate checking for its TLS connections.
\r\nSecurity Management
\r\nThe TOE provides CLI and web-based management interfaces that an administrator can access remotely via a network port. The CLI can also be accessed locally by directly connecting to a network port and using SSH. Remote connections to the management interface are protected with SSH for the CLI and HTTPS for the GUI. The management interface is limited to the authorized administrator.
\r\nProtection of the TSF
\r\nThe TOE implements various self-protection mechanisms. The TOE performs self-tests that cover the correct operation of the TOE. It provides functions necessary to securely update the TOE. It relies upon either manually provided time or an NTP server in its environment to ensure reliable timestamps. It protects sensitive data such as passwords and cryptographic keys stored on the TOE’s internal Flash so that they are not accessible even by an authorized administrator.
\r\nTOE Access
\r\nThe TOE will terminate local and remote interactive sessions after a configurable period of inactivity. The TOE additionally provides the capability for administrators to terminate their own interactive sessions. The TOE can be configured to display an advisory and consent warning message before establishing a user session.
\r\nTrusted Path/Channels
\r\nThe TOE provides local administration which is subject to physical protection. To access the TOE locally, an administrator must directly connect their workstation to a network port and use SSH and successfully login. When accessed remotely, the CLI and GUI management interfaces are protected by SSH and TLS respectively, thus ensuring protection against modification and disclosure.
\r\nThe TOE protects communications with the external syslog servers from modification and disclosure by using TLS.
","features":[{"id":2744,"feature_name":"Asymmetric Key Generation"},{"id":2740,"feature_name":"Auditing"},{"id":2760,"feature_name":"Certificate Authentication"},{"id":2750,"feature_name":"Certificate Validation"},{"id":2747,"feature_name":"Cryptographic Hashing"},{"id":2745,"feature_name":"Cryptographic Key Establishment"},{"id":2746,"feature_name":"Cryptographic Signature Verification"},{"id":2742,"feature_name":"DRBG"},{"id":2758,"feature_name":"HTTPS Client"},{"id":2759,"feature_name":"HTTPS Server without Mutual Authentication"},{"id":2741,"feature_name":"Key Destruction"},{"id":2748,"feature_name":"Keyed-hash message authentication"},{"id":2757,"feature_name":"SSH Server"},{"id":2762,"feature_name":"TLS 1.2"},{"id":2753,"feature_name":"TLS Client"},{"id":2755,"feature_name":"TLS Server without Mutual Authentication"},{"id":2743,"feature_name":"Virtual Network Device"}]}