The Target of Evaluation (TOE) includes the NIKSUN NetOmni, and NetDetector/NetVCR/LogWave appliances, running the software Everest version 6.0.1.0. NIKSUN NetOmni, and NetDetector/NetVCR/LogWave independently represents a TOE. Each of the appliances are running the exact same Everest software and the functionality is distinguished based on the licenses that are activated on the appliance. NetOmni’s primary functionality is to provide an overview of critical operations of the monitored network. The overview includes monitoring business service disruptions, performance issues, and security incidents.
","evaluation_configuration":"The TOE consists of the following hardware models:
Appliance | Model # | Processor | CPU Microarchitecture |
NetOmni | B1000 | AMD EPYC 7252 | AMD Zen-2 |
NetDetector/NetVCR/LogWave | C3010 | Intel Xeon Gold 6238 | Intel Cascade Lake |
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. NIKSUN NetOmni, and NetDetector/NetVCR/LogWave appliances, running the software Everest version 6.0.1.was evaluated against the criteria contained in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 5, April 2017. The TOE, when installed and configured per the instructions provided in the preparative and administrative guidance, satisfies all the security functional requirements stated in the NIKSUN NetOmni, and NetDetector/NetVCR/LogWave appliances, running the software Everest version 6.0.1 Security Target. The evaluation underwent CCEVS Validator review. The evaluation was completed in May 2025. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11524-2025) prepared by CCEVS.
","environmental_strengths":"The logical scope of the TOE includes those security functions implemented exclusively by the TOE. Each security function is summarized below.
The TOE provides extensive auditing capabilities. The TOE can audit events related to cryptographic functionality, identification and authentication, and administrative actions. The TOE generates an audit record for each auditable event. The TOE keeps local and remote audit records of security relevant events. The TOE internally maintains the date and time, which can be set manually. Each security relevant audit event includes the date, timestamp, event description, and subject identity. The TOE provides the administrator with a circular audit trail. The TOE can be configured to transmit its audit messages to an external syslog server over an encrypted channel using TLS.
The TOE relies on its NIKOS FIPS Object Module and NIKOS Java Object Module to implement cryptographic methods and trusted channels. The TOE uses non-mutually authenticated TLS to secure the automatic transfer of syslog audit files and VAR logs to the Syslog Server. The TOE uses TLS to secure the connection to the LDAP/AD Server for remote authentication. When a user utilizes the “Forgot Username/Password” feature on the login screen, the TOE will send an email to the SMTPS Server over a protected TLS channel. TOE communicates with another NIKSUN appliance over TLS. X.509v3 certificates are used to support authentication mechanisms. SSH is used to secure the remote CLI interface for remote management of the TOE. SSH is also used to secure communications with the SCP Server when the TOE receives software image updates. TLS/HTTPS is used to secure the connection for remote management of the TOE via the web GUI as well as connections to other devices. The TOE will deny any connections for disallowed protocols and invalid X.509v3 certificates.
Appliance cryptographic providers
Cryptographic Provider | Protocol | Usage |
Bouncy Castle v1.0.2.5 | HTTPS (TLS 1.2) | NIKSUN appliance and SMTPS Servers |
OpenSSL v3.0.15 | TLS 1.2 SSHv2 | Syslog, HTTPS Server, and LDAP SSH Server, SCP Server |
The TOE verifies the identity of users connecting to the TOE. All users must be identified and authenticated before being allowed to perform actions on the TOE. This is true of users accessing the TOE via the local console, or through protected paths using the remote CLI via SSH or the web GUI via TLS 1.2. Users can authenticate to the TOE using a username and password. In addition, when authenticating by the remote CLI, users can instead use SSH public-key authentication. LDAP can be configured to provide external authentication. Passwords can consist of upper-case letters, lower-case letters, numbers, and a set of selected special characters. Password information is never revealed during the authentication process, including during login failures. Before a user authenticates to the device, a customizable warning banner can be configured to be displayed. In addition, via the web GUI only, the user has the option to use a “Forgot Username/Password” feature prior to authenticating.
The TOE uses X.509v3 certificates to perform non-mutual authentication for the Syslog Server. The TSF determines the validity of the certificates by confirming the validity of the certificate chain and verifying that the certificate chain ends in a trusted Certificate Authority (CA). The TSF connects with a CRL distribution point through HTTP to confirm certificate validity and to access certificate revocation lists (CRL).
The TOE has a role-based authentication system where roles (permissions) are assigned to groups for the web GUI. Authorized actions for a particular user are dependent on which group they are assigned to. There are 4 initial groups: Administrator, Account Administrator, Advanced Users, and Users. Only users assigned to the Administrator group are capable of performing SFR related management functions via the web GUI and thus, are Security Administrators in the context of the evaluation. The root user is the Security Administrator user for the remote and local CLI and is able to update the TOE’s software and verify it via published hash validation.
The NDcPP’s definition of “role” is synonymous with NIKSUN’s definition of “permissions”. NIKSUN’s terminology fits into the Protection Profiles by using the term “user roles” in place of “user permissions”. For the remainder of this document, “user permissions” is used to match the terminology used by Common Criteria.
The TOE stores passwords in a variety of locations depending on their use and encryption. They cannot be viewed by any user regardless of the user’s role. The vcr and root user passwords are stored in the OS hashed by SHA-512. Web GUI passwords are stored in the PostgreSQL Database hashed with SHA-256. Pre-shared keys, symmetric keys, and private keys cannot be accessed in plaintext form by any user. There is an underlying hardware clock that is used for accurate timekeeping and is set by the Security Administrator. The TOE performs integrity checks during initial start-up (power-on) to ensure the firmware integrity. After successful integrity checks, the TOE then further performs all cryptographic algorithm self-tests for its OpenSSL and Bouncy Castle cryptographic providers. The TOE also performs self-tests on the CPU, RAM, and disk components. The TOE’s DRBGs also perform their own health tests.
The version of the TOE is verified via the CLI or web GUI. The TOE is updated by the root user via the CLI. Updated software images are downloaded to the SCP Server and are transferred to the TOE via the SCP using SSH. The administrator conducts a hash verification on the system image using SHA-256 against the known hash to ensure the integrity of the update.
Before any user authenticates to the TOE, the TOE displays a configurable Security Administrator banner for the web GUI. The local and remote CLI interfaces display the default security banner prior to authentication that is also configurable. The TOE can terminate local CLI, remote CLI, and web GUI sessions after a specified time period of inactivity. Administrative users have the capability to terminate their own sessions.
The TOE connects and sends data to IT entities that reside in the Operational Environment via trusted channels. In the evaluated configuration, the TOE connects to Syslog Server via TLS to send audit data for remote storage. The TLS connection to the Syslog server is over non-mutually authenticated TLS channel. TLS is used to connect to an SMTP email server for secure credentials reset. TLS is also used for the TOE’s connection with the LDAP/AD Server for its remote authentication store. TLS is used for the transfer of data between the NIKSUN appliances. SSH is used for the connection to the SCP Server when the TOE receives software image updates.
TLS/HTTPS and SSH are used for remote administration of the TOE via the web GUI and remote CLI respectively.
","features":[{"id":273,"feature_name":"Asymmetric Key Generation"},{"id":269,"feature_name":"Auditing"},{"id":291,"feature_name":"Certificate Authentication"},{"id":283,"feature_name":"Certificate Validation"},{"id":279,"feature_name":"Cryptographic Hashing"},{"id":276,"feature_name":"Cryptographic Key Establishment"},{"id":278,"feature_name":"Cryptographic Signature Verification"},{"id":271,"feature_name":"DRBG"},{"id":290,"feature_name":"HTTPS Client"},{"id":1545,"feature_name":"HTTPS Server without Mutual Authentication"},{"id":270,"feature_name":"Key Destruction"},{"id":280,"feature_name":"Keyed-hash message authentication"},{"id":287,"feature_name":"SSH Client"},{"id":289,"feature_name":"SSH Server"},{"id":284,"feature_name":"TLS 1.2"},{"id":285,"feature_name":"TLS Client"},{"id":286,"feature_name":"TLS Server without Mutual Authentication"}]}