Compliant Product - CAE MPIC 3.0.66
Certificate Date: 2022.11.23CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11299-2022
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: Lightship Security USA, Inc.
The TOE is a standalone physical network device, used to transmit data from the hardware panels to a software-based flight simulation, processed by one or more Daughter Boards (DB). The simulation data is processed by the DB’s and then feedback is transmitted back to the hardware panels via the MPIC. It comes in a range of form factors MPIC, MPIC-PCMIP, MPIC-EMB. The different form factors can be installed in combination or independently to Network data. All form factors provide a basic set of security functions such as, a secure remote management path, identification and authentication services to trusted administrators, and secure auditing of administrator actions. The MPIC-PCMIP form factor differs as it has standard type slot for extensions compared to the custom interface on the MPIC. The MPIC-EMB differs as it is designed to be embedded and not mounted into systems.
The TOE evaluated configuration includes the CAE MPIC running system software version: 3.0.66.
Security Evaluation Summary
The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the product meets the security requirements contained in the Security Target. The criteria against which the CAE MPIC 3.0.66 was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1, Revision 5. Lightship Security USA determined that the product is conformant to requirements for collaborative Protection Profile for Network Devices Version 2.2e. The product, when configured as identified in the CAE MPIC 3.0.66 Common Criteria Guide, Version 1.1, October 2022, satisfies all of the security functional requirements stated in the CAE MPIC 3.0.66 Security Target, Version 1.1, October 2022. Three validators, on behalf of the CCEVS Validation Body, monitored the evaluation carried out by Lightship Security USA. The evaluation was completed in November 2022. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS .
The TOE is comprised of the following security features which are described in more detail in the subsections below.
The TOE is able to generate audit records of security relevant events. The TOE stores audit records locally and can also be configured to send the audit records to an external audit server over a protected communication channel. Log files are transferred in real time via SSH tunnel to the external audit server. Only authorized administrators may view audit records and no capability to modify the audit records is provided.
The TOE protects the integrity and confidentiality of communications between itself and the syslog server. The TOE provides the following CAVP-certified cryptographic services: random bit generation; asymmetric cryptographic key pair generation; key establishment; symmetric data encryption and decryption; digital signature generation and verification; cryptographic hashing; and keyed-hash message authentication. When local audit logs reach a maximum size of 8MB, logs are rotated out by removing the oldest log first and creating a new log file.
The TOE requires all users to be successfully identified and authenticated prior to accessing its security management functions and other capabilities. Administrative access to the TOE is facilitated through the local CLI via direct serial connection or SSH. Administrator credentials are the same for each user regardless of which interface is accessed.
The TOE supports the local (i.e., on device) definition of administrators with usernames and passwords. Only after the administrative user presents the correct authentication credentials will they be granted access to the TOE administrative functionality. Passwords can be composed of any combination of upper and lower case letters, numbers, and the following special characters: !; @; #; $; %; ^; &; *; (; and )
The TOE is capable of tracking authentication failures of remote administrators. When a user account has sequentially failed authentication the configured number of times the account will be locked for a Security Administrator defined time period.
The TOE enables secure management of its security functions, including Administrator authentication with passwords; configurable password policies; Role Based Access Control; access banners; management of critical security functions and data; and protection of cryptographic keys and passwords.
Protection of the TSF
The TOE protects sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator.
The TOE provides reliable time stamps for its own use and uses NTP to synchronize its time.
The TOE provides a trusted means for determining the current running version of its firmware and to update its firmware. The TOE verifies the integrity of TOE updates using a hard-coded public key.
The TOE implements various self-tests that execute during the power-on and start up sequence as well as at the administrative user’s request, including cryptographic known answer tests that verify the correct operation of the TOE’s cryptographic functions.
The TOE will terminate inactive local and remote interactive sessions after a configurable amount of time. Administrative users may terminate their own sessions at any time using the “exit” command. The TOE displays an administrator configurable message to users prior to login at the CLI.
The TOE protects secure communications with an audit server as a client using SSH. The TOE protects connections from remote administrative users as a server using SSH.