{"product_id":11504,"v_id":11504,"product_name":"Gigamon GigaVUE Fabric Manager v6.6","certification_status":"Certified","certification_date":"2025-01-31T00:00:00Z","tech_type":"Network Device","vendor_id":{"name":"Gigamon Inc","website":"https://www.gigamon.com"},"vendor_poc":"Brian O'Neel","vendor_phone":"1 (408) 831-4000","vendor_email":"certifications@gigamon.com","assigned_lab":{"cctl_name":"Booz Allen Hamilton Common Criteria Testing Laboratory"},"product_description":"<p>The Gigamon GigaVUE Fabric Manager's primary functionality is to offer a central location for the configuration, management, and operation of the Gigamon Deep Observability Pipeline which provides network visibility across physical, virtual, and cloud infrastructure. Gigamon-FM allows for the configuring traffic policies, visualizing network topology connectivity, and identifying visibility hot spots within a network.</p>","evaluation_configuration":"<p>The TOE is the Gigamon GigaVUE Fabric Manager v6.6 product, which is a 1RU appliance running software version 6.6.</p>\r\n<p>The following lists components and applications in the environment that the TOE relies upon in order to function properly:</p>\r\n<div>\r\n<ul type=\"disc\">\r\n<li>Certification Authority: A server that acts as a trusted issuer of digital certificates and distributes a CRL that identifies revoked certificates.</li>\r\n<li>Management Workstation: Any general-purpose computer that is used by a Security Administrator to manage the TOE. The TOE can be managed remotely, in which case the management workstation requires an SSH client to access the CLI or a web browser to access the Web GUI. The TOE can also be managed locally, in which case the management workstation must be physically connected to the TOE using the serial port and must use a terminal emulator that is compatible with serial communications.</li>\r\n<li>Audit Server: The audit server connects to the TOE and allows the TOE to send syslog messages to it for remote storage. This is used to send copies of audit data to be stored in a remote location for data redundancy purposes.</li>\r\n<li>Gigamon GigaVUE Appliances: The Gigamon GigaVUE appliances are separately evaluated products (VID11487) that the Gigamon-FM can manage over a secure channel.</li>\r\n</ul>\r\n</div>","security_evaluation_summary":"<p>The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) processes and procedures. Gigamon GigaVUE Fabric Manager v6.6 was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5. The product, when installed and configured per the instructions provided in the preparative guidance, satisfies all of the security functional requirements stated in the&nbsp;<em>Gigamon GigaVUE Fabric Manager v6.6 Target Version 1.0 </em>as scoped by the NDcPP2.2E. The evaluation underwent CCEVS Validator review. The evaluation was completed in January 2025. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report, CCEVS-VR-VID11504-2025 prepared by CCEVS.</p>","environmental_strengths":"<h3>Security Audit</h3>\r\n<p>Audit records are generated for various types of management activities and events. The audit records include the date and time stamp of the event, the event type and subject identity. In the evaluated configuration, the TSF is configured to transmit audit data to a remote audit server using TLS. Audit data is also stored locally to ensure availability of the data if communications with the audit server become unavailable.</p>\r\n<h3>Cryptographic Support</h3>\r\n<p>The TOE uses sufficient security measures to protect its data in transmission by implementing cryptographic methods and trusted channels. The TOE uses:</p>\r\n<ul>\r\n<li>SSH to secure the remote CLI.</li>\r\n<li>HTTPS to secure the connection to the Web GUI and to the GigaVUE appliances.</li>\r\n<li>TLS to secure the connection to the audit server.</li>\r\n</ul>\r\n<p>Cryptographic keys are generated using the Hash_DRBG provided by this module. The TOE destroys plaintext and private keys in both volatile and non-volatile storage.</p>\r\n<h3>Identification and Authentication</h3>\r\n<p>All users must be identified and authenticated to the TOE before being allowed to perform any actions on the TOE, except viewing a warning banner. The TOE provides a local CLI, a remote CLI via SSH, and a Web GUI via HTTPS for administration. Users authenticate to the TOE using one of the following methods:</p>\r\n<ul>\r\n<li>Username/password (all user interfaces)</li>\r\n<li>Username/public key (remote CLI only)</li>\r\n</ul>\r\n<p>The TSF provides a configurable number of maximum consecutive authentication failures that are permitted by a user. Once this number has been met, the account is locked until a manual unlock occurs for Web GUI users or an administratively set time for CLI users. Passwords that are maintained by the TSF can be composed of upper case, lower case, numbers and special characters. The Security Administrator can define the minimum password length between 8 and 64 characters. Password information is never revealed during the authentication process including during login failures.</p>\r\n<p>As part of establishing trusted remote communications, the TOE provides X.509 certificate validation functionality. In addition to verifying the validity of certificates, the TSF can check their revocation status using a certificate revocation list (CRL).</p>\r\n<h3>Security Management</h3>\r\n<p>The TOE has two roles to fulfill the role of Security Administrator: Admin and Super Admin. The Admin is the administrative role for the local CLI and remote CLI. The Super Admin is the administrative role for the Web GUI. Management functions can be performed using the local CLI, remote CLI, and Web GUI. Both Security Administrator roles are able to perform all security-relevant management functionality (such as user management, password policy configuration, application of software updates, and configuration of cryptographic settings) available to their respective interface. All software updates to the TOE can only be performed manually by an Admin role user.</p>\r\n<h3>Protection of the TSF</h3>\r\n<p>The TOE stores the hashed representation of passwords using SHA-512. The TOE has a hardware clock that is used for keeping time. The time can be manually set by the Security Administrator. The TOE executes a suite of self-tests during boot and at the request of a Security Administrator.&nbsp;</p>\r\n<p>The version of the TOE (both the currently executing version and the latest installed/updated version) can be obtained by an Admin role user from the CLI interface. The updated image is verified through manually validating the correct published hash.</p>\r\n<h3>TOE Access</h3>\r\n<p>The TOE can terminate inactive local CLI, remote CLI, or Web GUI sessions after a specified time period. Users can also terminate their own interactive sessions on all interfaces. Once a session has been terminated, the TOE requires the user to re-authenticate to establish a new session. The TOE displays an administratively configured banner on the local CLI, remote CLI, and Web GUI prior to allowing any administrative access to the TOE.</p>\r\n<h3>Trusted Path/Channels</h3>\r\n<p>The TOE connects and sends data to IT entities that reside in the Operational Environment via trusted channels. In the evaluated configuration, the TOE connects to an audit server using TLS to encrypt the audit data that traverses the channel and connects to the GigaVUE appliances using HTTPS. When accessing the TOE remotely, Security Administrators interface with the TSF using the remote CLI via SSH and the Web GUI via HTTPS.</p>","features":[{"id":527,"feature_name":"Asymmetric Key Generation"},{"id":524,"feature_name":"Auditing"},{"id":538,"feature_name":"Certificate Authentication"},{"id":532,"feature_name":"Certificate Validation"},{"id":530,"feature_name":"Cryptographic Hashing"},{"id":528,"feature_name":"Cryptographic Key Establishment"},{"id":529,"feature_name":"Cryptographic Signature Verification"},{"id":526,"feature_name":"DRBG"},{"id":537,"feature_name":"HTTPS Client"},{"id":1549,"feature_name":"HTTPS Server without Mutual Authentication"},{"id":525,"feature_name":"Key Destruction"},{"id":531,"feature_name":"Keyed-hash message authentication"},{"id":536,"feature_name":"SSH Server"},{"id":534,"feature_name":"TLS 1.2"},{"id":533,"feature_name":"TLS Client"},{"id":535,"feature_name":"TLS Server without Mutual Authentication"}]}