{"product_id":6016,"v_id":6016,"product_name":"Cisco ASA 5510, 5520, and 5540 Adaptive Security Appliances and Cisco PIX 515, 515E, 525, 535 Security Appliances, Version 7.0(6)","certification_status":"Not Certified","certification_date":"2007-03-09T00:03:00Z","tech_type":"Firewall","vendor_id":{"name":"Cisco Systems, Inc.","website":"https://www.cisco.com"},"vendor_poc":null,"vendor_phone":"+1 410 309 4862","vendor_email":"certteam@cisco.com","assigned_lab":{"cctl_name":"Arca CCTL"},"product_description":"
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances offer a range of security and networking services, including application-layer firewall services as well as stateful packet filtering firewall services. The Cisco ASA 5500 Series models included within the scope of this evaluation are the 5510, 5520 and 5540. The Cisco PIX models included within the scope of this evaluation are 515, 515E, 525 and 535. From hereon these platforms will be referred to as the Target of Evaluation (TOE).
\r\n
 
\r\n
The TOE provides a single point of defense as well as controlled and audited access to services between networks by permitting or denying the flow of information traversing the contexts on the appliance. Inspection engines provide application-layer firewall services for:
\r\n\r\n
 
\r\n
The TOE supports multiple contexts (or virtual firewalls) executing simultaneously on the appliance. Each security context (virtual firewall) is treated as a separate independent device with its own security policy, network interfaces, administrators and configuration file.
\r\n
 
\r\n
The TOE executes in one of two firewall modes, routed or transparent. Either of these two modes can be used in single context or multiple context environments. In routed mode the TOE is a router hop in the network. It can mediate network access, perform NAT, and use OSPF between external and internal networks. Routed mode supports many interfaces, and each interface is on a different subnet. Interfaces can also be shared between contexts. In transparent mode, the TOE provides layer 2 transparent bridging. The TOE connects the same network on its inside and outside interfaces. No dynamic routing protocols or NAT are used. However, like routed mode, transparent mode also requires access lists to allow any traffic through the context, and application-layer inspection engines can also be applied to this traffic. Transparent mode only supports two interfaces, an inside interface and an outside interface, in addition to a dedicated management interface.
\r\n
 
\r\n
The TOE can be managed by SSH for secure remote management or via a physically secure local console connection.
","evaluation_configuration":null,"security_evaluation_summary":"
\r\n

The evaluation was carried out in accordance with the Arca Common Criteria Test Laboratory processes and procedures that are compliant with the Common Criteria Evaluation and Validation Scheme (CCEVS). The evaluation demonstrated that the Packet Filtering, Configuration and Management, Audit, Management and Resources, Protection of TSC, and Remote Management functions of the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances met the security requirements contained in the Security Target. The criteria against which the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances were judged are described in the Common Criteria for Information Technology Security Evaluation, Version 2.2 Part II and Part III. The evaluation team conducted the evaluation using the Common Methodology for Information Technology Security Evaluation, Version 2.2.

\r\n
\r\n
Arca determined the product to be CC version 2.2 Part 2 and Part 3 conformant, including all Information Technology Security Evaluation Final Interpretations from January 2004 through September 30, 2004, and concluded that the Common Criteria requirements for Evaluation Assurance Level (EAL) 4 have been met with the addition of ALC_FLR.1. In addition, the evaluation team confirmed that the TOE uses CCEVS precedent PD-0113, to satisfy SFR FAU_STG.1. The product, configured as outlined in the Secure Installation Guidance, satisfies all of the security functional requirements stated in the Security Target and all of the requirements in the [FWPP] with the exception of AVA_VLA.3. A validator, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by Arca. The evaluation was completed in March 2007. Results of the evaluation can be found in the Validation Report prepared by the National Information Assurance Partnership (NIAP) CCEVS.
","environmental_strengths":"
Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances are deployed at the edges of untrusted networks (such as the Internet), in order to provide controlled communications between two networks that are physically separated. The Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances evaluation at EAL4 augmented by ALC_FLR.1 indicates that the product is suitable to ensure a moderate level of security for protecting information in DoD Mission-Critical Categories. The TOE claims a minimum strength of function of SOF-medium for the TOE security functional requirements and the TOE as a whole. Appropriate physical protection of the Cisco PIX and ASA appliances and the external audit server is required.
\r\n
 
","features":[]}