Compliant Product - Brocade Communications Systems LLC Directors and Switches using Fabric OS v9.1.1
Certificate Date: 2023.04.07CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11340-2023
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: Gossamer Security Solutions
The Target of Evaluation (TOE) is the Brocade Communications Systems LLC Directors and Switches using Fabric OS v9.1.1. The various models of the TOE differ in performance, form factor and number of ports, but all run the same Fabric OS version 9.1.1 software. The TOE is available in two form factors:
1. a rack-mount Director chassis with a variable number of replaceable modules or ‘blades’, and
2. a self-contained network switching appliance device
Brocade Directors and Switches are hardware appliances that create a “SAN”.SANs enable connectivity between machines in the environment containing a type of network card called a Fibre Channel Host Bus Adapter (HBA) that are located in the environment and storage devices such as disk storage systems and tape libraries that are also located in the environment.The network connection between the storage devices in the environment, the TOE, and HBAs in the environment use high-speed network hardware.SANs are optimized to transfer large blocks of data between HBAs and storage devices.SANs can be used to replace or supplement server-attached storage solutions, for example.
HBAs communicate with the TOE using FC or FC over IP (FCIP) protocols.Storage devices in turn are physically connected to the TOE using cabling connected to FC/FCIP interfaces.
The TOE consists of the following physical appliances and processors:
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance.The evaluation demonstrated that the TOEmeets the security requirements contained in the Security Target.The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.The product, when delivered and configured as identified in the Brocade Fabric OS Common Criteria User Guide, 9.1.x, January 19, 2023 document, satisfies all of the security functional requirements stated in the Brocade Communications Systems LLC Directors and Switches using Fabric OS v9.1.1 Security Target, Version 0.5, January 20, 2023.The project underwent CCEVS Validator review.The evaluation was completed in March 2023.Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11340-2023) prepared by CCEVS.
The logical boundaries of the Directors and Switches using FabricOS v9.1.1 are realized in the security functions that it implements. Each of these security functions is summarized below.
The TOE generates audit events for numerous activities including policy enforcement, system management and authentication. A syslog server in the environment is relied on to store audit records generated by the TOE. The TOE generates a complete audit record including the IP address of the TOE, the event details, and the time the event occurred. The time stamp is provided by the TOE appliance hardware. When the syslog server writes the audit record to the audit trail, it applies its own time stamp, placing the entire TOE-generated syslog protocol message contents into an encapsulating syslog record.
The TOE contains CAVP tested cryptographic implementations that provide key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level cryptographic protocols including SSH and TLS.
Identification and authentication:
The TOE authenticates administrative users. In order for an administrative user to access the TOE, a user account including a username and password must be created for the user, and an administrative role must be assigned. Either the TOE performs the validation of the login credentials or an external authentication server is called.
The TOE provides serial terminal (command line) and Ethernet network-based (command-line) management interfaces. The TOE provides administrative interfaces to set and reset administrator passwords.
The TOE provides both serial terminal- and Ethernet network-based management interfaces. The TOE provides administrative interfaces to configure hard zoning, configure administrative interfaces, as well as to set and reset administrator passwords. By default, host bus adapters do not have access to storage devices.
Protection of the TSF:
The TOE implements a number of features designed to protect itself to ensure the reliability and integrity of its security features.
It protects particularly sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for log accountability).
Note that the TOE is a single appliance, and as such, no intra-TOE communication is subject to any risks that may require special protection (e.g., cryptographic mechanisms).
The TOE includes functions to perform self-tests so that it might detect when it is failing. It also includes mechanisms (i.e., verification of the digital signature of each new image) so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE.
The TOE can be configured to display a message of the day banner when an administrator establishes an interactive session and subsequently will enforce an administrator-defined inactivity timeout value after which the inactive session (local or remote) will be terminated.
The TOE enforces a trusted path between the TOE administrators and the TOE using SSH connections for Ethernet connections from the Administrator terminal to the TOE.The TOE encrypts commands sent from terminal applications by administrators using SSH for the command line interface.The TOE provides a TLS protected communication channel between itself and remote audit and authentication servers.
Brocade Communications Systems LLC A Broadcom Inc. Company