Compliant Product - Kemp LoadMaster
Certificate Date:
2023.01.27
CC Certificate Validation Report Number: CCEVS-VR-VID11280-2023 Product Type: Network Device Conformance Claim: Protection Profile Compliant PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e CC Testing Lab: Acumen Security ![]() ![]() ![]() Assurance Activity ![]() Administrative Guide ![]() Administrative Guide ![]() Administrative Guide ![]() Administrative Guide ![]()
Product Description
The TOE supports (sometimes optionally) secure connectivity with several other IT environment devices as described below.
Table 1 IT Environment Components
Evaluated Configuration
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Kemp LoadMaster was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. Acumen Security determined that the evaluation assurance level (EAL) for the product is EAL 1. The product, when delivered configured as identified in the AGD “Configuring LoadMaster for Common Criteria Conformance v0.2”, satisfies all the security functional requirements stated in the Kemp LoadMaster Security v0.8. The project underwent CCEVS Validator review. The evaluation was completed in January 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
Environmental Strengths
The TOE provides the security functionality required by [NDcPP]. · Security Audit · Cryptographic Support · Identification and Authentication · Security Management · Protection of the TSF · TOE Access · Trusted Path/Channels These features are described in more detail in the subsections below. 1.1.1 Security AuditThe TOE generates audit records for security relevant events. The audit events are associated with the administrator or processes. The audit records are transmitted over TLS to an external audit server. 1.1.2 Cryptographic SupportThe TOE provides following cryptographic services described below.
Table 2 Cryptographic Services
Each of these cryptographic algorithms have been validated for conformance to the requirements specified in their respective standards, as identified below.
Table 3 CAVP Algorithm Testing References 1.1.3 Identification and AuthenticationThe TOE provides password-based and X.509 certificate-based logon mechanisms. This password-based mechanism encores minimum length requirements. The TOE also validates and authenticates X.509 certificates when they are used to identify a remote TLS server or an administrator logging into the TOE. 1.1.4 Security ManagementThe TOE provides management capabilities via a Web-based GUI, accessed over HTTPS. Management functions allow the administrators to configure the system, install updates, and manage users. 1.1.5 Protection of the TSFThe TOE prevents the reading of plaintext passwords and keys. The TOE provides a reliable timestamp for its own use. The reliable timestamp can be set by a security administrator or authenticated NTP. To protect the integrity of its security functions, the TOE implements a suite of self-tests at startup and halts or disables affected functionality if a self-test fails. The TOE ensures that updates to the TOE are authenticated by verifying a digital signature prior to installing any update. 1.1.6 TOE accessThe TOE monitors local and remote administrative sessions for inactivity and either locks or terminates the session when a threshold time period is reached. An advisory notice is displayed at the start of each session. 1.1.7 Trusted Path/ChannelsThe TOE initiates a TLS trusted channel with a syslog server and LDAP authentication server (as configured). The TOE is a TLS/HTTPS server that allows remote administrators to establish a trusted path with the TOE. Vendor InformationProgress Software Corporation Mark Hoffman 781-280-4000 mark.hoffmann@progress.com www.kemptechnologies.com |