The RedSeal Platform is a Network Infrastructure Security Management (NISM) platform that continuously identifies critical attack risk and non-compliance in complex enterprise security infrastructure. It provides organizations with an understanding of where security is working, where improvement is needed, and where the greatest cyber-attack risks lie.
\r\nRedSeal creates a model of the network based on information it collects from configuration files from switches, routers, firewalls and load balancers. RedSeal can integrate with public and private cloud managers to include all network environments in the network model. In addition, RedSeal imports host and vulnerability data from vulnerability scanners and other sources.
\r\nFor this evaluation, RedSeal Server is evaluated as a network device. The TOE claims exact conformance to the NDcPP and SSHPKG. As such, the security-relevant functionality of the product is limited to the claimed requirements in this PP and package.
\r\n","evaluation_configuration":"
The TOE consists of a RedSeal G5C Appliance as defined in the following table, running firmware version 10.5.2.
\r\n| \r\n\r\n | \r\n\r\n 1.7 in (43 mm) \r\n | \r\n
| \r\n Width \r\n | \r\n\r\n 17.2 in (437 mm) \r\n | \r\n
| \r\n Depth \r\n | \r\n\r\n 23.5 in (597 mm) \r\n | \r\n
| \r\n Weight \r\n | \r\n\r\n 46 lbs (20 kg) \r\n | \r\n
| \r\n Temperature \r\n | \r\n\r\n 50 – 95 degrees F (10 – 35 degrees C) \r\n | \r\n
| \r\n Humidity (noncondensing) \r\n | \r\n\r\n 8 – 90 % \r\n | \r\n
| \r\n Voltage \r\n | \r\n\r\n 100-240V, 8.5A-3.8A, 50-60 Hz \r\n | \r\n
| \r\n Processor \r\n | \r\n\r\n\r\n | \r\n
| \r\n RAM \r\n | \r\n\r\n 256 GB, 2933 MHz \r\n | \r\n
| \r\n Disk storage \r\n | \r\n\r\n Seagate 2.5”, 1TB, SATA3 6Gb/s, 7.2K RPM, 512N, 128M \r\n | \r\n
| \r\n Power \r\n | \r\n\r\n Dual hot plug redundant (1 + 1) 700W \r\n | \r\n
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme for the collaborative Protection Profile for Network Devices, Version 3.0E with the Functional Package for Secure Shell (SSH), Version 1.0 applied. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 release 5. The product, when delivered and configured as identified in the guidance documentation, satisfies all the security functional requirements stated in the RedSeal Server v10.5 Security Target. The evaluation was completed in October 2025. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
","environmental_strengths":"Security Audit
\r\nThe TOE generates audit records of security relevant events, including the events specified in [NDcPP] and [SSHPKG]. The TOE stores audit records locally and can also be configured to send the audit records to an external syslog server over a protected communication channel.
\r\nThe logs comprising the audit trail are stored in the TOE’s filesystem and protected from unauthorized modification and deletion by file system permissions. The TOE maintains a maximum of five log files—the current log file and four backups or archives. Each file has a default maximum of 50 megabytes (which is configurable by an administrator). When the current log file reaches its configured maximum size, it is closed and rotated to an archive, and a new current log file is created. If the maximum number of archive files already exists, the oldest one is deleted. The TOE will generate a warning message if the storage space for audit records reaches 75% capacity.
\r\nCryptographic Support
\r\nThe TOE implements cryptographic algorithms and mechanisms that provide random bit generation, asymmetric cryptographic key pair generation, key establishment, symmetric data encryption and decryption, digital signature generation and verification, cryptographic hashing, and keyed-hash message authentication services in support of higher level cryptographic protocols, including SSH and TLS.
\r\nIdentification and Authentication
\r\nThe TOE requires all users to be successfully identified and authenticated prior to accessing its security management functions and other capabilities. The TOE offers only remote access (via SSH) to a CLI (no local access); remote access (via HTTPS) to a browser-based administrative Web Beta client; and remote access (protected by TLS) using the Java client (either as a standalone Java application or the web-based Remote client) to support interactive administrator sessions.
\r\nThe TOE provides a local password-based authentication mechanism for all users and enforces a minimum length for passwords. SSH public key authentication is also supported for the CLI. The TOE will deny remote access to a user after a configurable number of consecutive failed password authentication attempts (default is three).
\r\nSecurity Management
\r\nThe TOE provides the security management functions necessary to configure and administer its security capabilities, including: configuring a login access banner; configuring a remote session inactivity time limit before session termination; configuring the parameters (number of consecutive failures, lockout period) for the authentication failure handling mechanism; setting the system date and time and also configuring NTP; performing software updates and verifying updates using a digital signature.
\r\nThe TOE provides a CLI to access its security management functions. Administrators can access the CLI remotely using SSH (no local access provided). Additionally, some security management functions are accessible via the Web Beta client and the Java client. Security management commands are limited to administrators and are available only after they have been successfully identified and authenticated.
\r\nProtection of the TSF
\r\nThe TOE protects sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator.
\r\nThe TOE provides reliable time stamps for its own use and can be configured to synchronize its time via NTP.
\r\nThe TOE provides a trusted means for determining the current running version of its software and to update its software. The integrity of software updates can be verified using a digital signature.
\r\nThe TOE implements various self-tests that execute during the power-on and start up sequence, including firmware/software integrity tests and cryptographic known answer tests that verify the correct operation of the TOE’s cryptographic functions.
\r\nTOE Access
\r\nThe TOE will terminate remote interactive sessions after a configurable period of inactivity. The TOE additionally provides the capability for administrators to terminate their own interactive sessions. The TOE can be configured to display an advisory and consent warning message before establishing a user session.
\r\nTrusted Path/Channels
\r\nThe TOE protects interactive communication with remote administrators using SSH for remote access to the CLI (no local access to CLI provided); TLS using the Java client/Remote client (for remote GUI access to the management interface whether through a standalone thick client or a browser-based Java implementation); and using HTTPS (for accessing the TOE’s administrative Web Beta client).
\r\nThe TOE is able to protect transmission of audit records to an external audit server using TLS.
","features":[{"id":1072,"feature_name":"Asymmetric Key Generation"},{"id":1068,"feature_name":"Auditing"},{"id":1077,"feature_name":"Certificate Validation"},{"id":1075,"feature_name":"Cryptograhic Hashing"},{"id":1073,"feature_name":"Cryptographic Key Establishment"},{"id":1074,"feature_name":"Cryptographic Signature Verification"},{"id":1071,"feature_name":"DRBG"},{"id":1067,"feature_name":"Flaw Remediation"},{"id":1080,"feature_name":"HTTPS Client"},{"id":1081,"feature_name":"HTTPS Server with Mutual Authentication"},{"id":1082,"feature_name":"IPsec"},{"id":1069,"feature_name":"Key Destruction"},{"id":1076,"feature_name":"Keyed-hash message authentication"},{"id":20,"feature_name":"Network Security Monitoring"},{"id":1070,"feature_name":"SSH Server"},{"id":1083,"feature_name":"TLS 1.2"},{"id":1084,"feature_name":"TLS 1.3"},{"id":1078,"feature_name":"TLS Client"},{"id":1079,"feature_name":"TLS Server without Mutual Authentication"}]}