Compliant Product - Arista Networks 7280 Series Switches Running EOS 4.28
Certificate Date: 2023.07.27CC Certificate Security Target Validation Report
Validation Report Number: CCEVS-VR-VID11356-2023
Product Type: Network Device
Conformance Claim: Protection Profile Compliant
PP Identifier: collaborative Protection Profile for Network Devices Version 2.2e
CC Testing Lab: Acumen Security
The Arista 7280 series switches are fixed form factor switches. The 7280 series switches range in size between 1 and 2 RU. Models vary in total throughput, port count, port speeds, route table scales etc.
Each switch model runs Arista’s Linux-based network operating system called Extensible Operating System (EOS). The same EOS binary image runs on all TOE hardware models. All EOS code is compiled to the same i686 assembly, making it such that no processor runs anything different from any other processor. All processors implement the i686 assembly language. All SFRs in this Security Target are implemented by EOS. Hence, they behave identically on every switch model. The table below provides the list of appliances across different series:
Security Evaluation Summary
The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Arista Networks 7280 Series Switches Running EOS 4.28 was evaluated are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 rev 5. The evaluation methodology used by the Evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 rev 5. The product, when delivered configured as identified in the Common Criteria Guidance Supplement - Arista Networks 7280 Switches Running EOS 4.28, satisfies all of the Security Functional Requirements (SFRs) stated in the Arista Networks 7280 Series Switches Running EOS 4.28 Security Target version 0.5. The project underwent CCEVS Validator review. The evaluation was completed in July 2023. Results of the evaluation can be found in the Common Criteria Evaluation and Validation Scheme Validation Report prepared by CCEVS.
The logical boundary of the TOE includes the security functions implemented exclusively by the TOE.
The TOE implements CAVP validated cryptographic algorithms for asymmetric key generation, encryption/decryption, digital signature, integrity protection/verification and random bit generation. These algorithms are used to provide security for the SSH and TLS connections of the Trusted Path and Trusted Channel. The TOE implements the Arista EOS Crypto Module v2.0 which uses the underlying OpenSSL FIPS Object Module 2.0.16 library for all cryptographic functions.
· The TOE allows human users with the Security Administrator role to administer the TOE over a remote console (SSH Trusted Path) and local CLI (Local Console).
· The eAPI JSON-RPC trusted IT entity client allows machine users with the Security Administrator role to administer the TOE over a remote TLS Trusted Channel.
These interfaces do not allow the Security Administrator to execute arbitrary commands or executables on the TOE.
· The TOE provides reliable time stamps for itself.
The TOE requires the use of the trusted path for initial administrator authentication and all remote administration actions.
Arista Networks, Inc.