Compliant Product - Crestron DigitalMedia NVX® AV-over-IP v5.2
Certificate Date: 2022.02.16CC Certificate Security Target * Validation Report
Validation Report Number: CCEVS-VR-VID11215-2022
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: Leidos Common Criteria Testing Laboratory
* This is the Security Target (ST) associated with the latest Maintenance Release. To view previous STs for this TOE, click here.
The TOE is Crestron DM NVX® AV-over-IP v5.2, a series of audio & video (AV) over IP network devices that encrypt, decrypt and transmit HDMI video, USB and analog audio data over customer networks. These communication streams use an AES-based HDCP standard that is not specified in collaborative Protection Profile for Network Devices and therefore is not evaluated.
The focus of the evaluation was on functionality meeting the requirements specified in collaborative Protection Profile for Network Devices, including: protection of communications between the TOE and external IT entities; identification and authentication of administrators; auditing of security-relevant events; ability to verify the source and integrity of updates to the TOE; and use of NIST-validated cryptographic mechanisms.
The TOE includes each of the following appliance models, each with firmware version 5.2.4651.00030:
Each appliance contains an Intel Arria 10 SX SoC FPGA that includes an ARM Cortex-A9 MPCore processor implementing the ARMv7-A microarchitecture. “C” indicates that the model is a form factor with a chassis card.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the TOE was judged are described in Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is Common Methodology for Information Technology Security Evaluation, Version 3.1 revision 5. The product, when delivered and configured as described in the guidance documentation, satisfies all of the security functional requirements stated in the Crestron DM NVX® AV-over-IP v5.2 Security Target. The project underwent CCEVS validation team review. The evaluation was completed in December 2021. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The TOE generates audit events associated with identification and authentication, management, updates, and user sessions. The TOE can store the events in a local log and export them to a syslog server using a TLS protected channel.
The TOE provides CAVP certified cryptography in support of its SSH, TLS, and NTP implementations and for verifying TOE update package signatures. Cryptographic services include key management, random bit generation, symmetric encryption and decryption, digital signature, and secure hashing.
Identification and Authentication
The TOE requires users to be identified and authenticated before they can use functions mediated by the TOE, with the exception of reading the login banner. The TOE authenticates a user’s credentials (password, key) using a local mechanism provided by the TOE. The TOE also provides X.509 certificate checking for its TLS connections.
The TOE provides CLI and web-based management interfaces that an administrator can access remotely via a network port. The CLI can also be accessed locally by directly connecting to the local console via either standard RS232 or USB serial port. Remote connections to the management interface are protected with SSH for the CLI and HTTPS for the GUI. The management interface is limited to the authorized administrator.
Protection of the TSF
The TOE implements various self-protection mechanisms. The TOE performs self-tests that cover the correct operation of the TOE. It provides functions necessary to securely update the TOE. It relies upon either manually provided time or an NTP server in its environment to ensure reliable timestamps. It protects sensitive data such as passwords and cryptographic keys stored on the TOE’s internal Flash so that they are not accessible even by an authorized administrator.
The TOE will terminate local and remote interactive sessions after a configurable period of inactivity. The TOE additionally provides the capability for administrators to terminate their own interactive sessions. The TOE can be configured to display an advisory and consent warning message before establishing a user session.
The TOE provides local administration which is subject to physical protection. To access the TOE locally, an administrator must directly connect their workstation to the TOE (using a serial or USB cable) and successfully login. When accessed remotely, the CLI and GUI management interfaces are protected by SSH and TLS respectively, thus ensuring protection against modification and disclosure.
The TOE protects communications with the external syslog servers from modification and disclosure by using TLS.
Crestron Electronics, Inc.