Compliant Product - VMware NSX-T Data Center 3.1
CC Certificate
Security Target
Validation Report
Assurance Activity
Administrative Guide
Product Description
The Target of Evaluation (TOE) is VMware NSX-T Data Center 3.1, a VMware network device software product that provides and manages virtual networking components. The TOE is designed as a network virtualization platform, providing the ability to implement and virtualize networks across multiple ESXi nodes and virtual machines (VMs).
For the purpose of testing of the identified TOE, the evaluated TOE configuration is as followings: VMware NSX-T Data Center 3.1 on hypervisor VMware ESXi 6.7 running Ubuntu 18.04 on Dell Power Edge R740 with Intel Xeon Gold 6230R (Cascade Lake).
The TOE provides functionality to enforce and support auditing, cryptographic operations, network separation, encrypted channels, identification/authentication, security management, and protection of the TSF. Administrators can configure virtual network.
In VMware’s network virtualization solution, the following components are the essential building blocks that make up the virtualized computing environment:
· NSX-T Unified Appliance is a virtual appliance configured to run NSX-T application roles (Manager, Policy, and Controller).
· The NSX-T Edge is a virtual appliance that provides routing services and connectivity to networks that are external to the NSX-T deployment.
The components described above make a basic virtualized environment ready for virtualized networking. The NSX-T Unified Appliance provides a single API entry point to the system, persists user configuration, handles user queries, and performs operational tasks. The TOE is configured for a single instance of ESXi 6.7 Hypervisor which includes a single NSX-T Unified Appliance instance, single instance of the NSX-T Edge appliance, and does not contain non-TOE functionality.
Customers with a higher scale environment may use vCenter Server, but that is optional and is not included within the TOE.
Evaluated Configuration
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the VMware NSX-T Data Center 3.1 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. The product, when delivered configured as identified in the VMware NSX-T Data Center 3.1 Common Criteria Guidance Addendum, satisfies all of the security functional requirements stated in the VMware NSX-T Data Center 3.1 Common Criteria Security Target. The project underwent CCEVS Validator review. The evaluation was completed in July 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Environmental Strengths
Logical Boundary Rationale for Security Audit (FAU)
Security Function
|
Description
|
Security Audit (FAU)
|
The TOE generates audit records for all security-relevant events. For each audited events, the TOE records the date and time, the type of event, the subject identity, and the outcome of the event. The resulting records are stored on Unified Appliance and can be sent securely to a designated log server for archiving. Security Administrators, using the appropriate REST API commands, can also view audit records locally. The TOE provides a reliable timestamp relying on the appliance’s to built-in clock.
|
Logical Boundary Rationale for Cryptographic Support (FCS)
Security Function
|
Description
|
Cryptographic Support (FCS)
|
The TOE provides cryptography support for secure communications and protection of information. The cryptographic services provided by the TOE are listed in Table 3 - TOE Provided Cryptography below. The TOE implements the secure protocols - TLS/HTTPS on the server side and TLS on the client side. The TOE implements deletion procedures to mitigate the possibility of disclosure or modification of CSPs.
The TOE uses two types of dedicated cryptographic modules to manage CSPs: VMware BC-FJA (Bouncy Castle FIPS Java API) module for Java based implementations of TLS/HTTPS, key stores, and trust stores; and VMware’s OpenSSL FIPS Object module for TLS/HTTPS, key stores, and trust stores. The algorithm certificate references are listed in the tables below (Table 4 – VMware’s OpenSSL FIPS Object Module Algorithm and Table 5 – VMware BC-FJA (Bouncy Castle FIPS Java API) Module Algorithm) described in the ST.
|
The following table lists all cryptography provided within TOE:
Cryptographic Method
|
Usage within the TOE
|
TLS Establishment
|
Used to establish initial TLS session
|
ECDH Key Agreement
|
Used in TLS session establishment
|
RSA Key Generation
|
Used to create key-pairs and X.509 certificates for use in TLS protocols
|
RSA Signature Services
|
Used in TLS session establishment.
Used in secure software update
|
SP 800-90 DRBG
|
Used in TLS session establishment
|
SHS
|
Used in secure software update
|
HMAC-SHS
|
Used to provide TLS traffic integrity verification
|
AES
|
Used to encrypt TLS traffic
|
Table 3 – TOE Provided Cryptography
Algorithms under VMware’s OpenSSL FIPS Object Module cryptography module are listed in the table:
Algorithm
|
Description
|
Mode Supported
|
CAVP Cert. #
|
Standards
|
AES
|
Used for symmetric encryption/decryption
|
GCM (128 and 256 bits) CBC (128 and 256 bits)
|
A1292
|
SP 800-38D
SP 800-38A
|
SHS (SHA)
|
Cryptographic hashing services
|
Byte Oriented SHA-1, SHA-256, SHA-384
|
A1292
|
FIPS 180-4
|
HMAC
|
Keyed hashing services and software integrity test
|
Byte Oriented HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
|
A1292
|
FIPS 198
|
DRBG
|
Deterministic random bit generation services in accordance with ISO/IEC 18031:2011
|
Hash_DRBG (512) CTR_DRBG (AES-256)
|
A1292
|
SP 800-90A
|
RSA
|
Signature Generation and Verification
|
FIPS PUB 186-4 Key Generation (2048-bit, 3072 bit key)
|
A1292
|
FIPS 186-4
|
CVL – KAS-ECC
|
Key Agreement
|
NIST Special PUB 800-56A
|
A1292
|
SP 800-56Ar3
|
Table 4 – VMware’s OpenSSL FIPS Object Module Algorithm
Algorithm
|
Description
|
Mode Supported
|
CAVP Cert. #
|
Standards
|
AES
|
Used for symmetric encryption/decryption
|
GCM (128 and 256 bits) CBC (128 and 256 bits)
|
C2174
|
SP 800-38D
SP 800-38A
|
SHS (SHA)
|
Cryptographic hashing services
|
Byte Oriented SHA-1, SHA-256, SHA-384
|
C2174
|
FIPS 180-4
|
HMAC
|
Keyed hashing services and software integrity test
|
Byte Oriented HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384
|
C2174
|
FIPS 198
|
DRBG
|
Deterministic random bit generation services in accordance with ISO/IEC 18031:2011
|
Hash_DRBG (512) CTR_DRBG (AES-256)
|
C2174
|
SP 800-90A
|
RSA
|
Signature Generation and Verification
|
FIPS PUB 186-4 Key Generation (2048-bit, 3072 bit key)
|
C2174
|
FIPS 186-4
|
CVL – KAS-ECC
|
Key Agreement
|
NIST Special Publication 800-56A
|
C2174
|
SP 800-56Ar3
|
Table 5 – VMware BC-FJA (Bouncy Castle FIPS Java API) Module Algorithm
Logical Boundary Rationale for Identification and Authentication (FIA)
Security Function
|
Description
|
Identification and Authentication (FIA)
|
Security Administrators are identified and authenticated prior to being allowed access to any of the services other than the display of the warning banner. The REST API requires user name and password for authentication. The identification and authentication credentials are confirmed against a local user database. The TOE uses X.509v3 certificates as defined by RFC 5280 to support authentication for TLS/HTTPS connections.
The TOE provides the capability to set password minimum length rules to ensure the use of strong passwords in attempts to protect against brute force attacks. The TOE also accepts passwords composed of a variety of characters to support complex password composition. During authentication, no indication is given of the characters composing the password.
|
Logical Boundary Rationale for Security Management (FMT)
Security Function
|
Description
|
Security Management (FMT)
|
The TOE provides secure administrative services for management of general TOE configuration and TOE security functionality. There are two types of administrative users within the system: Security Administrator and Auditor (read only). All of the management functions are restricted to Security Administrators. The TOE administration occurs through REST API. The TOE provides the ability to perform the following actions:
· Administer the TOE locally and remotely
· Configure the access banner
· Configure the cryptographic services
· Update the TOE and verify the updates using digital signature capability prior to installing those updates
· Specify the time limits of session inactivity
|
Logical Boundary Rationale for Protection of the TSF (FPT)
Security Function
|
Description
|
Protection of the TSF (FPT)
|
The TOE implements a number of measures to protect the integrity of its security features:
· The TOE protects CSPs, including stored passwords and cryptographic keys, so they are not directly viewable or accessible in plaintext.
· The TOE ensures that reliable time information is available for log accountability. The time can be configured through the REST API.
The TOE performs self-tests to detect internal failures and protect itself from malicious updates.
|
Logical Boundary Rationale for TOE Access (FTA)
Security Function
|
Description
|
TOE Access (FTA)
|
The TOE will display a customizable banner when an administrator initiates a session. The TOE also enforces an administrator-defined inactivity timeout after which any inactive session is automatically terminated. Once a session has been terminated, the TOE requires the user to re-authenticate.
|
Logical Boundary Rationale for Trusted Path/Channels (FTP)
Security Function
|
Description
|
Trusted Path/Channels (FTP)
|
The TOE establishes a trusted path between the Unified Appliance and the administrative REST API using TLS/HTTPS. The TOE establishes a secure connection using TLS for:
· Sending syslog data to a log server.
|
Vendor Information
VMware
Paul Dul 1-650-427-1430 1-650-475-5001
pdul@vmware.com
https://www.vmware.com
|