NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - MAGNUM-HW-CC

Certificate Date:  2023.02.13

Validation Report Number:  CCEVS-VR-VID11276-2023

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.2e

CC Testing Lab:  Acumen Security

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide: MAGNUM-HW-CC Security Administration Manual for Common Criteria [PDF]

Administrative Guide: MAGNUM-HW 1RU Enterprise Class Server for MAGNUM User Manual [PDF]

Product Description

The TOE is classified as a network device (a generic infrastructure device that can be connected to a network). The TOE hardware device is the Evertz MAGNUM-HW-CC which includes the MAGNUM-HW-CC (1 RU) with an Intel Xeon Silver 4309Y processor, running MAGNUM-SDVN firmware v21.10.4. The SDVN firmware is based on Ubuntu 20.04 TLS (Focal). The MAGNUM-HW-CC serves as the primary user and network interface device for the MAGNUM control application.

Evertz MAGNUM software (MAGNUM-SDVN 21.10.4) is a custom-developed application written primarily in python. MAGNUM-HW operates as a combination of an application layer and as part of the integrated Linux platform stack, using a customized Ubuntu operating system. The TOE version of MAGNUM (MAGNUM-HW-CC) is only operable on Evertz provided platforms and hardware.

The TOE is an infrastructure network device that provides secure remote management, auditing, and updating capabilities. The TOE provides secure remote management using an HTTPS/TLS web interface and an SSH command line interface. The TOE generates audit logs and transmits the audit logs to a remote syslog server over a mutually authenticated TLS channel. The TOE verifies the authenticity of software updates by verifying the digital signature prior to installing any update.

The scope of the evaluated functionality includes the following,

         Secure remote administration of the TOE via TLS and SSH

         Secure Local administration of the TOE

         Secure connectivity with remote audit servers

         Secure access to the management functionality of the TOE

         Identification and authentication of the administrator of the TOE

No other functionality is included within the scope of this evaluation.

Evaluated Configuration

The MAGNUM is a software module that unifies control and interfacing to Evertz and 3rd party media steaming devices. As a unified controller, the MAGNUM supports the following functionalities that are outside of the scope of this evaluation:

·       MAGNUM serves as the control interface for Evertz’s proprietary IPX media streaming switch fabric that allows the general user to establish, change, and tear down multicast IP video streams. MAGNUM may also serve as a general control interface for similar Evertz and third-party systems and devices.

·       Equipment to prepare video for IP transport, or to convert it into other video formats, is outside the scope of this TOE. Such equipment includes, but is not limited to, cameras, KVMs, codecs, video servers and video displays. Equipment to perform functions such as embedding audio and/or other information within the video stream is also outside the scope of this TOE.

·       MAGNUM issues commands (via dedicated internal API) to Evertz’s proprietary IPX switching fabric and other production endpoints for the purpose of initiating, maintaining, and tearing down virtual routing paths. The MAGNUM-HW-CC device serves as the primary operational and administrative management interface to the closed multicast switching environment.

·       MAGNUM provides Out-of-Band Management (OOBM) of Evertz IPX, EXE, and other 3rd party devices. To perform primary operational and administrative management functions on the closed multicast switching environment, Security Administrators may access MAGNUM software via direct connection using a terminal session. Security Administrators may also access MAGNUM via a dedicated management workstation operating over an OOBM network to perform these OOB management functions. In addition to Security Administrators, general users may also access the MAGNUM software via a dedicated management workstation over an OOBM network.

Note: Sites may close this OOBM network or may operate MAGNUM within an existing OOBM, if the topology is compliant with the security parameters listed in the sections below.

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the MAGNUM-HW-CC was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5.  The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5.  Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1.  The product, when delivered configured as identified in the MAGNUM-HW-CC Security Administration Manual for Common Criteria, Revision 03, satisfies all of the security functional requirements stated in the MAGNUM-HW-CC Security Target v1.3. The project underwent CCEVS Validator review.  The evaluation was completed in February/2023.  Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.

Environmental Strengths

The TOE is comprised of several security features. Each of the security features identified above consists of several security functionalities, as identified below.

·       Security Audit

·       Cryptographic Support

·       Identification and Authentication

·       Security Management

·       Protection of the TSF

·    TOE Access

·    Trusted Path/Channel

 Security Audit

The TOE generates audit records for security relevant events. Audit data are stored internally and are only accessible to privileged administrators. The TOE supports access to the TSF using administrator accounts for authentication and authorization to management and security functions.

The TOE also supports sending audit records to a remote Syslog server. Audit records sent to the remoteserver are protected by a TLS connection. Each audit record includes identity (username, IP address, orprocess), date and time of the event, type of event, and the outcome of the event.

Cryptographic Support

The TOE includes an OpenSSL library (Version 1.1.1k with Fedora Core 33 Patches) that implements CAVP validated cryptographic algorithms for random bit generation, encryption/decryption, authentication, and integrity protection/verification. These algorithms are used to provide security for the TLS, HTTPs, and SSH connections for secure management and secure connections to a syslog and authentication servers. TLS and HTTPs are also used to verify firmware updates. The cryptographic services provided by the TOE are described below:

Table 3 – TOE Cryptographic Protocols

Cryptographic Protocol

Use within the TOE

HTTPS/TLS (client)

Secure connection to syslog

HTPS/TLS (server)

Remote management

SSH (server)

Remote management


Provides encryption/decryption in support of the TLS and SSH protocol.


Deterministic random bit generation use to generate keys.

Secure hash

Used as part of digital signatures and firmware integrity checks.


Provides keyed hashing services in support of TLS.


Provides key establishment for TLS.


Used to generate EC-DH components for key establishment for TLS.


Provide key generation and signature generation and verification (PKCS1_V1.5) in support of TLS.

Each of these cryptographic algorithms have been validated for conformance to the requirements
specified in their respective standards, as identified below:

Table 4 – CAVP Algorithm Testing References



CAVP Certificate #


AES 128/256-bit CBC, CTR, GCM

IOS 19772 (GCM)
IOS 10116(CTR)


Intel® Xeon® Silver 4309Y

CTR DRBG using AES 256

ISO/IEC 18031:2011


Intel® Xeon® Silver 4309Y


NIST SP 800-56A (key establishment)


Intel® Xeon® Silver 4309Y

ECDSA with NIST curves P-256, P384

FIPS PUB 186-4, “Digital Signature Standard (DSS), Appendix B.4


Intel® Xeon® Silver 4309Y


ISO/IEC 9797-2:2011


Intel® Xeon® Silver 4309Y


ISO/IEC 10118-3:2004


Intel® Xeon® Silver 4309Y

RSA 2048-, 3072-, 4096-bit

FIPS PUB 186-4 (key generation)


Intel® Xeon® Silver 4309Y

RSA 2048-, 3072-, 4096-bit

ISO/IEC 9796-2 (digital signature generation and verification)


Intel® Xeon® Silver 4309Y

 Identification and Authentication

The TOE authenticates administrative users using a username/password combination. The TOE does not allow access to any administrative functions prior to successful authentication. The TOE validates and authenticates X.509 certificates for all certificate uses.

The TOE supports passwords consisting of alphanumeric and special characters and enforces minimum password lengths. The TSF supports certificates using RSA signature algorithms. Certificates are used to authenticate trusted channels, not administrators. The TOE only allows users to view the login warning banner prior to authentication. Remote administrators are locked out after a configurable number of unsuccessful authentication attempts.

 Security Management

The TOE allows users with the Security Administrator role to administer the TOE over a remote web UI, remote CLI, or a local CLI. These interfaces do not allow the Security Administrator to execute arbitrary commands or executables on the TOE. Security Administrators can manage connections to an external Syslog server, as well as determine the size of local audit storage.

 Protection of the TSF

The TOE implements several self-protection mechanisms. This protection includes self-tests to ensure the correct operations of cryptographic functions. Firmware upgrades, performed by a Security Administrator, must pass two authentication tests. The TOE does not provide an interface for the reading of secret or private keys. The TOE ensures timestamps, timeouts, and certificate checks are accurate by maintaining a real-time clock.

TOE Access

The TOE can be configured to display a warning and consent banner when an administrator attempts to establish an interactive session over the CLI (local or remote) or remote web UI. The TOE also enforces a configurable inactivity timeout for remote administrative sessions.

  Trusted Path/Channels

The TOE uses TLS to provide a trusted communication channel between itself and remote. The trusted channels utilize X.509 certificates to perform mutual authentication. The TOE initiates the TLS trusted channel with the remote server.

The TOE uses HTTPS/TLS and SSH to provide a trusted path between itself and remote administrative users. The TOE does not implement any additional methods of remote administration. The remote administrative users are responsible for initiating the trusted path when they wish to communicate with the TOE.

Vendor Information

Evertz Microsystems
Paulo Francisco
Site Map              Contact Us              Home