NIAP: Compliant Product
  NIAP  »»  Product Compliant List  »»  Compliant Product  
Compliant Product - Brocade Communications Systems LLC Directors and Switches using Fabric OS v9.1.1

Certificate Date:  2023.04.07

Validation Report Number:  CCEVS-VR-VID11340-2023

Product Type:    Network Device

Conformance Claim:  Protection Profile Compliant

PP Identifier:    collaborative Protection Profile for Network Devices Version 2.2e

CC Testing Lab:  Gossamer Security Solutions

CC Certificate [PDF] Security Target [PDF] Validation Report [PDF]

Assurance Activity [PDF]

Administrative Guide [PDF]

Product Description

The Target of Evaluation (TOE) is the Brocade Communications Systems LLC Directors and Switches using Fabric OS v9.1.1.  The various models of the TOE differ in performance, form factor and number of ports, but all run the same Fabric OS version 9.1.1 software.  The TOE is available in two form factors:

1.     a rack-mount Director chassis with a variable number of replaceable modules or ‘blades’, and

2.     a self-contained network switching appliance device

Brocade Directors and Switches are hardware appliances that create a “SAN”.SANs enable connectivity between machines in the environment containing a type of network card called a Fibre Channel Host Bus Adapter (HBA) that are located in the environment and storage devices such as disk storage systems and tape libraries that are also located in the environment.The network connection between the storage devices in the environment, the TOE, and HBAs in the environment use high-speed network hardware.SANs are optimized to transfer large blocks of data between HBAs and storage devices.SANs can be used to replace or supplement server-attached storage solutions, for example.

HBAs communicate with the TOE using FC or FC over IP (FCIP) protocols.Storage devices in turn are physically connected to the TOE using cabling connected to FC/FCIP interfaces.

Evaluated Configuration

The TOE consists of the following physical appliances and processors:

Hardware Model



NXP Semiconductors T1042 (e5500 core)


Intel(R) Atom(TM) CPU C3338R (2cores)


NXP Semiconductors T1042 (e5500 core)


NXP Semiconductors T1042 (e5500 core)


NXP Semiconductors T1042 (e5500 core)


NXP Semiconductors T1042 (e5500 core)


NXP Semiconductors P4080 (e500mc core)


NXP Semiconductors P4080 (e500mc core)


NXP Semiconductors P4080 (e500mc core)


NXP Semiconductors P4080 (e500mc core)

Security Evaluation Summary

The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) requirements and guidance.The evaluation demonstrated that the TOEmeets the security requirements contained in the Security Target.The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 5, April 2017. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 5, April 2017.The product, when delivered and configured as identified in the Brocade Fabric OS Common Criteria User Guide, 9.1.x, January 19, 2023 document, satisfies all of the security functional requirements stated in the Brocade Communications Systems LLC Directors and Switches using Fabric OS v9.1.1 Security Target, Version 0.5, January 20, 2023.The project underwent CCEVS Validator review.The evaluation was completed in March 2023.Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report (report number CCEVS-VR-VID11340-2023) prepared by CCEVS.

Environmental Strengths

Logical Boundaries:

The logical boundaries of the Directors and Switches using FabricOS v9.1.1 are realized in the security functions that it implements. Each of these security functions is summarized below.

Security audit:

The TOE generates audit events for numerous activities including policy enforcement, system management and authentication.  A syslog server in the environment is relied on to store audit records generated by the TOE.  The TOE generates a complete audit record including the IP address of the TOE, the event details, and the time the event occurred.  The time stamp is provided by the TOE appliance hardware.  When the syslog server writes the audit record to the audit trail, it applies its own time stamp, placing the entire TOE-generated syslog protocol message contents into an encapsulating syslog record.

Cryptographic support:

The TOE contains CAVP tested cryptographic implementations that provide key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level cryptographic protocols including SSH and TLS.

Identification and authentication:

The TOE authenticates administrative users.  In order for an administrative user to access the TOE, a user account including a username and password must be created for the user, and an administrative role must be assigned.  Either the TOE performs the validation of the login credentials or an external authentication server is called.

The TOE provides serial terminal (command line) and Ethernet network-based (command-line) management interfaces.  The TOE provides administrative interfaces to set and reset administrator passwords.

Security management:

The TOE provides both serial terminal- and Ethernet network-based management interfaces.  The TOE provides administrative interfaces to configure hard zoning, configure administrative interfaces, as well as to set and reset administrator passwords. By default, host bus adapters do not have access to storage devices.

Protection of the TSF:

The TOE implements a number of features designed to protect itself to ensure the reliability and integrity of its security features.

It protects particularly sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator.  It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for log accountability).

Note that the TOE is a single appliance, and as such, no intra-TOE communication is subject to any risks that may require special protection (e.g., cryptographic mechanisms).

The TOE includes functions to perform self-tests so that it might detect when it is failing.  It also includes mechanisms (i.e., verification of the digital signature of each new image) so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE.

TOE access:

The TOE can be configured to display a message of the day banner when an administrator establishes an interactive session and subsequently will enforce an administrator-defined inactivity timeout value after which the inactive session (local or remote) will be terminated.

Trusted path/channels:

The TOE enforces a trusted path between the TOE administrators and the TOE using SSH connections for Ethernet connections from the Administrator terminal to the TOE.The TOE encrypts commands sent from terminal applications by administrators using SSH for the command line interface.The TOE provides a TLS protected communication channel between itself and remote audit and authentication servers.



Vendor Information

Brocade Communications Systems LLC A Broadcom Inc. Company
Hamid Sobouti
Site Map              Contact Us              Home