The TOE is the Extreme Networks Fabric Engine Switches v9.1.100. The TOE is a standalone network device that facilitates Data Link Layer data transfer between network nodes connected to its physical ports. TOE consists of a hardware appliance with embedded firmware. The TOE evaluated configuration is one instance of one of those listed models running Fabric Engine 9.1.100.
\r\nAll TOE appliances are shipped ready for immediate access through a Command Line Interface [CLI], with some basic features enabled by default. However, to ensure secure use, the product must be configured prior to being put into a production environment as specified in the user guidance. The CLI is a text based interface which is accessible from a directly connected terminal or via a remote terminal using SSH. All of the remote management interfaces are protected using encryption.
","evaluation_configuration":"The TOE consists of the hardware models shown in the table below:
\r\n| \r\n Platform \r\n | \r\n\r\n Series \r\n | \r\n\r\n Processor \r\n | \r\n
| \r\n Fabric Engine 9.1.100 \r\n | \r\n\r\n U5320 \r\n | \r\n\r\n BCM56175, BCM56274 \r\n | \r\n
| \r\n U5420 \r\n | \r\n\r\n BCM56274, BCM56275 \r\n | \r\n|
| \r\n U5520 \r\n | \r\n\r\n BCM56375 \r\n | \r\n|
| \r\n U5720 \r\n | \r\n\r\n Intel Atom C3338, C3538 \r\n | \r\n|
| \r\n U7520 \r\n | \r\n\r\n Intel Atom C3758 \r\n | \r\n|
| \r\n U7720 \r\n | \r\n\r\n Intel Atom C3758 \r\n | \r\n
Extreme networking appliances – hardware
\r\nThe TOE links the Mocana v6.5.2f 32-bit libraries for cryptographic operations using non-PAA operations only with the Mocana GCM 64k feature enabled. Each model includes an out of band management port that is Intel-based and a set of in band network interfaces that are all Broadcom-based. Therefore, all models have equivalent network interfaces.
","security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017. The product, when delivered and configured as identified in the Extreme Fabric Engine Common Criteria Configuration Guide 9.1.100, May 2026 document, satisfies all of the security functional requirements stated in the Extreme Networks Fabric Engine Switches v9.1.100 Security Target, Version 0.5, May 28, 2026. The project underwent CCEVS Validator review. The evaluation was completed in June 2026. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11656-2026) prepared by CCEVS.
","environmental_strengths":"The logical boundaries of the Fabric Engine Switches v9.1.100 are realized in the security functions that it implements. Each of these security functions is summarized below.
\r\n\r\n
Security audit:
\r\nThe Network Appliances provide extensive auditing capabilities. The TOE generates a comprehensive set of audit logs that identify specific TOE operations. For each event, the TOE records the date and time of each event, the type of event, the subject identity, and the outcome of the event. Auditable events include: failure on invoking cryptographic functionality such as establishment, termination and failure of a TLS session; establishment, termination and failure of an SSH session; all use of the user identification mechanisms; any use of the authentication mechanism; any change in the configuration of the TOE, changes to time, initiation of TOE update, indication of completion of TSF self-test, termination of a remote session; and initiation and termination of a trusted channel.
\r\nThe TOE is configured to transmit its audit messages to an external syslog server. Communication with the syslog server is protected using TLS. The logs for all appliances can be viewed the CLI. The records include the date/time the event occurred, the event/type of event, the user ID associated with the event, and additional information of the event and its success and/or failure.
\r\nCryptographic support:
\r\nThe TOE utilizes CAVP-tested cryptographic implementations to provide key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level cryptographic protocols. This cryptography is used to support the following features:
\r\nIdentification and authentication:
\r\nThe TOE provides authentication services for administrative users to connect to the TOEs administrator interfaces (local CLI, and remote CLI). The TOE requires Security Administrators to authenticate prior to being granted access to any of the management functionality. In the Common Criteria evaluated configuration, the TOE requires a minimum password length be configured between 8 and 32 characters, as well as a minimum RSA key length of 2048 bits. The TOE provides administrator authentication against a local user database.
\r\nSecurity management:
\r\nThe TOE provides secure administrative services for management of general TOE configuration and the security functionality provided by the TOE. Management can take place over a variety of interfaces including:
\r\nThe TOE provides multiple interfaces to perform administration. While in the CLI command mode, the administrator has access to six distinct modes, or privileges, that provide access to a specific set of commands. Depending on RBAC configuration, not every administrative account would have access to all modes. The CLI modes are as follows:
\r\nThe system allows Security Administrators to view audit records in EXEC mode.
\r\nAll administrative functionality is accessed via the CLI. The TOE audits all administrative access. The TOE displays login banners and inactivity timeouts to terminate idle administrative sessions after a set period of inactivity.
\r\nProtection of the TSF:
\r\nThe TOE protects against interference and tampering by untrusted subjects by implementing identification, authentication, and access controls restrictions to management and configuration functionality to Security Administrators. The TOE prevents reading of private keys and plaintext passwords by any user. The TOE internally maintains the date and time. This date and time are used as a timestamp that is part of each audit record generated by the TOE. Security Administrators can update the TOE’s clock manually or can configure the TOE to synchronize with an external time source. The TOE performs testing to verify correct operation of the security appliances themselves. The TOE verifies all software updates via digital signature (2048-bit RSA/SHA-256) and requires administrative intervention prior to the software updates being installed on the TOE to avoid the installation of unauthorized firmware.
\r\nTOE access:
\r\nThe TOE can terminate inactive sessions after a configurable period. Once a session has been terminated the TOE requires the user to re-authenticate to establish a new session. The TOE can also display specified banner on the local and remote CLI interfaces prior to allowing any administrative access to the TOE. The TOE allows users to manually terminate an established management session with the TOE.
\r\nTrusted path/channels:
\r\nThe TOE supports several types of secure communications:
\r\n