Compliant Product - Dell EMC Networking SmartFabric OS10.5.4
Certificate Date: 2023.09.06CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11338-2023
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: Lightship Security USA, Inc.
Administrative Guide: Common Criteria Guide
Administrative Guide: Dell SmartFabric OS10 User Guide, Release 10.5.4
The TOE is a network switch. The TOE is deployed within a network to provide layer 2 and layer 3 network management and interconnectivity functionality. The TOE interfaces within the scope of the evaluation are as follows:
· CLI. Administrative CLI via direct serial connection or SSH.
· Logs. Syslog via TLS.
The TOE is Dell EMC Networking SmartFabric OS10.5.4 Version: OS10.5.4.3P1.
The physical boundary of the TOE includes all software and hardware shown in the table below. The TOE is delivered via commercial courier.
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Dell EMC Networking SmartFabric OS10.5.4 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Rev. 5. The product, when configured as identified in the Dell EMC Networking SmartFabric OS10.5.4 Common Criteria Guide, v1.0, satisfies all of the security functional requirements stated in the Dell EMC Networking SmartFabric OS10.5.4 Security Target, Version 2.0. The project underwent CCEVS Validator review. The evaluation was completed in September 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The logical boundaries of the Dell EMC Networking SmartFabric OS10.5.4 are realized in the security functions that it implements. Each of these security functions is summarized below.
The TOE protects the integrity and confidentiality of communications using TLS and SSHs and using CAVP validated cryptographic algorithms.
The TOE enables secure management of its security functions, including:
· Administrator authentication with passwords
· Configurable password policies
· Role Based Access Control
· Access banners
· Management of critical security functions and data
· Protection of cryptographic keys and passwords
The TOE ensures the authenticity and integrity of software updates through GPG digital signatures and published hash. The TOE also implements “show version” CLI command that displays information about firmware version running on the TOE. An authorized user must authenticate to the secure Dell Support website where the software downloads are available. The downloaded image must be transferred to the appliance using a secure method such as Secure Copy or SFTP.
The TOE generates logs of security relevant events. The TOE stores logs locally and is capable of sending log events to a remote audit server.
The TOE performs a suite of self-tests to ensure the correct operation and enforcement of its security functions. The TOE performs diagnostic self-tests and cryptographic module self-tests during start-up and generates audit records to record a failure. Self-tests comply with the FIPS 140-2 requirements for self-testing.
Identification and Authentication
The TOE ensures that all users must be authenticated before accessing its functions and data. TOE can be accessed directly via serial RJ45 connection or remotely via SSHv2 connection. When a user account has sequentially failed authentication the configured number of times, the account will be locked for a Security Administrator defined time period. The TOE uses X.509v3 certificates to support authentication for TLS. Certificate revocation checking is performed using a CRL.
The TOE generates audit records of user and administrator actions. The TOE includes the user identity in audit events resulting from actions of identified users. The Security Administrator can configure the TOE to send logs in real-time to a syslog server via TLS.
The TOE implements a cryptographic module. The cryptographic module has the ability to generate and destroy cryptographic keys. The cryptographic module uses CAVP validated cryptographic algorithms.
Dell Technologies, Inc