The L3Harris Common Data Loader Version 02.01 (CDL) is a full-disk encryption solution composed of the Common Data Loader Operational Flight Platform (CDL OFP) software and the Ground Stations Software (CDL GSS).
\r\nThe CDL Operational Flight Platform is an embedded avionics module for onboard non-volatile, network-attached storage. The TOE provides a layer of software encryption on top of embedded removable memory modules (RMM) inserted into the CDL OFP, which themselves are intended to be external self-encrypting drives (separately evaluated by another vendor). The CDL OFP software is designed to operate on a physical hardware device featuring up to three RMMs, two independent ethernet ports, two RS-232 serial interfaces (one for maintenance and one for debugging), and six discrete inputs including one for zeroization.
\r\nThe TOE also includes the CDL Ground Station Software, a full, stand-alone software suite capable of provisioning and managing the RMMs used with the CDL OFP. The CDL Ground Station Software includes both the Provisioning Tool used to initialize the Data at Rest solution and the Mission Planning Software used to load encrypted data for a given deployment of the RMMs for use in the CDL OFP. The CDL GSS Provisioning Tool and the CDL GSS Mission Planning Software are designed to run on separate machines as they require different OS support.
\r\nThe TOE in total consists of three distinct software parts. The three parts in aggregate provide the security functionality laid forth in the Security Target and are evaluated as one solution as the combined TOE solution covers all of the required functionality. The CDL GSS is used to initially provision the FDE solution, configuring any necessary keys and authentication factors, while the CDL OFP and CDL GSS Mission Planning Software are both used to load and retrieve encrypted data on to the protected drives, either from the ground or vehicle deployment respectfully.
\r\nThe TOE is distributed as a software package designed to work on a specific set of hardware. The TOE has the following hardware/software requirements:
\r\nBecause the CDL GSS software (both the Provisioning Tool Mission Planning Software) do not rely on any hardware acceleration and the OS provides a hardware abstraction layer, the CDL GSS software executes identically irrespective of the underlying CPU. Additionally, the tested configuration utilized the separately evaluated Novachips Co., Ltd. Scalar and Express P-series SSD, version NV.R1900 RMM units to provide the second layer of hardware full-disk encryption.
\r\nThe TOE features several network protocols such as Network File System (NFS), Real Time Protocol (RTP) and Real time Streaming Protocol (RTSP) which are not tested as a part of this evaluation. The FDEEEcPP20E and FDEAAcPP20E Protection Profiles did not consider nor include networking protocols as part of the security functional requirements, and thus did not include any such protocol requirements. Therefore, these protocols have not been examined as part of the required assurance activities and consequently the evaluation can make no claims about the TOE’s networking protocols.
\r\n","evaluation_configuration":"
The Target of Evaluation (TOE) is L3Harris Common Data Loader Version 02.01
","security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the L3Harris Administrative Guide: Common Data Loader (CDL) Data-At-Rest (DAR) Operational Flight Platform (OFP) and Ground Support Software (GSS), Version 1.0, October 7, 2024 document, satisfies all of the security functional requirements stated in the L3Harris Common Data Loader Version 02.01 Security Target, Version 0.4, December 12, 2024. The project underwent CCEVS Validator review. The evaluation was completed in December 2024. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11503-2024) prepared by CCEVS
","environmental_strengths":"The logical boundaries of the Common Data Loader are realized in the security functions that it implements. Each of these security functions is summarized below.
\r\n\r\n
Cryptographic support:
\r\nThe TOE includes cryptographic functionality for key management, user authentication, and block-based encryption including: symmetric key generation, encryption/decryption, cryptographic hashing, keyed-hash message authentication, and password-based key derivation. These functions are supported with suitable random bit generation, key derivation, salt generation, initialization vector generation, secure key storage, and key destruction. These primitive cryptographic functions are used to encrypt Data at Rest (including the generation and protection of keys and key encryption keys) used by the TOE.
\r\nUser data protection:
\r\nThe TOE performs Full Drive Encryption on all partitions on the drive (so that no plaintext exists) and does so without user intervention.
\r\nSecurity management:
\r\nThe TOE provides each of the required management services necessary to manage the full drive encryption using a command line interface.
\r\nProtection of the TSF:
\r\nThe TOE implements a number of features to protect itself to ensure the reliability and integrity of its security features. It protects key and key material, and includes functions to perform self-tests and software/firmware integrity checking so that it might detect when it is failing or may be corrupt. If any of the self-tests fail, the TOE will not go into an operational mode.
","features":[{"id":2681,"feature_name":"Cryptographic Hashing"},{"id":2664,"feature_name":"Cryptographic Signature Verification"},{"id":2607,"feature_name":"DRBG"},{"id":2604,"feature_name":"Full Drive Encryption"},{"id":2606,"feature_name":"Key Destruction"},{"id":2682,"feature_name":"Keyed-hash message authentication"},{"id":2608,"feature_name":"Symmetric Key Generation"}]}