Microsoft Windows 10 version 1909 and Microsoft Windows Server version 1909

Protocols

VPN

Vendor

Microsoft, Microsoft Corporation

Security level

EAL4, EAL 2

Claims

O.E, T.I

Security Assurance Requirements (SAR)

ALC_FLR

Evaluation facilities

DEKRA Testing and Certification

Symmetric Algorithms

HMAC

Protocols

TLS, DTLS, IKE, IPsec, VPN

Vendor

Samsung, Microsoft, Microsoft Corporation

Security level

EAL 1, EAL 4, EAL 2, ITSEC Evaluation

Claims

A.U

Security Assurance Requirements (SAR)

ADV_FSP.1, AGD_OPE.1, AGD_PRE.1, ALC_CMC.1, ALC_CMS.1, ALC_TSU_EXT.1, ALC_FLR, ATE_IND.1, AVA_VAN.1, ASE_INT.1, ASE_CCL.1, ASE_OBJ.2, ASE_ECD.1, ASE_REQ.2, ASE_SPD.1, ASE_TSS.1

Security Functional Requirements (SFR)

FAU_GEN.1, FAU_SEL.1, FCS_CKM.1, FCS_CKM.2, FCS_CKM_EXT.2, FCS_CKM_EXT.4, FCS_COP.1, FCS_RBG_EXT.1, FCS_STO_EXT.1, FCS_TLSC_EXT.1, FCS_TLSC_EXT.2, FCS_TLSC_EXT.3, FCS_TLSC_EXT.4, FCS_DTLS_EXT.1, FDP_ACF_EXT.1, FDP_IFC_EXT.1, FDP_RIP.2, FIA_AFL.1, FIA_PAE_EXT.1, FIA_PSK_EXT.1, FIA_UAU.5, FMT_MOF_EXT.1, FMT_SMF_EXT.1, FMT_SMF.1, FPT_ACF_EXT.1, FPT_ASLR_EXT.1, FPT_SBOP_EXT.1, FPT_SRP_EXT.1, FPT_TST_EXT.1, FPT_TUD_EXT.1, FPT_TUD_EXT.2, FTA_TAB.1, FTA_WSE_EXT.1, FTP_TRP.1, FTP_ITC_EXT.1, FTP_ITC.1

Certificates

2019-47-INF-3134-v1

Evaluation facilities

DEKRA Testing and Certification

Standards

FIPS 140-2, X.509

Symmetric Algorithms

AES, AES-128, AES-256, AES-, RC4, DES, 3DES, HMAC, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512

Asymmetric Algorithms

ECDHE, ECDH, ECDSA, ECC, Diffie-Hellman, DH, DHE, DSA

Hash functions

SHA-1, SHA1, SHA-256, SHA-384, SHA-512, SHA256, SHA384, SHA512, SHA-2

Schemes

MAC, Key Exchange, Key agreement

Protocols

SSL, TLS, TLS 1.2, TLS 1.0, TLS 1.1, DTLS, DTLS 1.0, DTLS 1.2, IKE, IKEv1, IKEv2, IPsec, VPN, PGP

Randomness

PRNG, DRBG, RNG, RBG

Elliptic Curves

P-256, P-384, P-521, secp256r1, secp384r1, secp521r1

Block cipher modes

ECB, CBC, GCM, CCM, XTS

TLS cipher suites

TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_NULL_WITH_NULL_NULL

Vendor

Samsung, Microsoft, Microsoft Corporation, Cisco

Claims

O.ACCOUNTABILITY, O.INTEGRITY, O.MANAGEMENT, O.PROTECTED_STORAGE, O.PROTECTED_COMMS, O.AUTH_COMM, O.CRYPTOGRAPHIC_FUNCTIONS, O.SYSTEM_MONITORING, O.TOE_ADMINISTRATION, O.TSF_SELF_TEST, O.WIRELESS_ACCESS_POINT_CONNECTION, O.WIRELESS_ACCESS_POINT_, O.WIRELESS_ACCESS_POINT_CO, T.NETWORK_ATTACK, T.NETWORK_EAVESDROP, T.LOCAL_ATTACK, T.LIMITED_PHYSICAL_ACCESS, T.TSF_FAILURE, T.UNAUTHORIZED, T.UNDETECTED_ACTIONS, T.UNAUTHORIZED_ACCESS, T.TSF_CONFIGURATION, T.UNAUTHORIZED_UPDATE, T.USER_DATA_REUSE, A.PLATFORM, A.PROPER_USER, A.PROPER_ADMIN, A.NO_TOE_BYPASS, A.TRUSTED_ADMIN, A.PHYSICAL, A.TRUSTED_CONFIG, OE.PLATFORM, OE.PROPER_USER, OE.PROPER_ADMIN, OE.NO_TOE_BYPASS, OE.TRUSTED_ADMIN, OE.PHYSICAL, OE.TRUSTED_CONFIG

Security Assurance Requirements (SAR)

ADV_FSP.1, AGD_OPE.1, AGD_PRE.1, AGD_OPE, ALC_TSU_EXT.1, ALC_CMC.1, ALC_CMS.1, ATE_IND.1, AVA_VAN.1, ASE_INT.1, ASE_CCL.1, ASE_OBJ.2, ASE_ECD.1, ASE_REQ.2, ASE_SPD.1, ASE_TSS.1

Security Functional Requirements (SFR)

FAU_GEN.1, FAU_SEL.1, FAU_GEN.1.1, FAU_GEN.1.2, FAU_GEN, FAU_SEL.1.1, FAU_SEL, FCS_TLSC_EXT, FCS_TLSC_EXT.1, FCS_CKM_EXT.4, FCS_CKM.1, FCS_COP.1.1, FCS_CKM.2, FCS_COP.1, FCS_RBG_EXT.1, FCS_STO_EXT.1, FCS_TLSC_EXT.2, FCS_TLSC_EXT.3, FCS_TLSC_EXT.4, FCS_DTLS_EXT.1, FCS_CKM_EXT.2, FCS_CKM, FCS_RBG_EXT, FCS_CKM.1.1, FCS_CKM.2.1, FCS_CKM_EXT.4.1, FCS_CKM_EXT.4.2, FCS_RBG_EXT.1.1, FCS_RBG_EXT.1.2, FCS_STO_EXT.1.1, FCS_TLSC_EXT.1.1, FCS_TLSC_EXT.1.2, FCS_TLSC_EXT.1.3, FCS_TLSC_EXT.2.1, FCS_TLSC_EXT.3.1, FCS_TLSC_EXT.4.1, FCS_DTLS_EXT.1.1, FCS_DTLS_EXT.1.2, FCS_TLCS_EXT.1, FCS_TLCS_EXT, FCS_TLSC_EXT.1.4, FCS_TLSC_EXT.1.5, FCS_TLSC, FCS_CKM_EXT.2.1, FCS_IPSC_EXT.1, FCS_CKM_EXT, FCS_STO_EXT, FCS_TLS_EXT.1, FCS_TLS_EXT.2, FCS_TLS_EXT.3, FCS_TLS_EXT, FCS_DTLS_EXT, FCS_CKM_EXT.1, FDP_ACF_EXT.1, FDP_IFC_EXT.1, FDP_RIP.2, FDP_ACF_EXT.1.1, FDP_IFC_EXT.1.1, FDP_RIP.2.1, FDP_ACF_EXT, FDP_RIP, FDP_RDP.2, FIA_AFL.1, FIA_UAU.5, FIA_PAE_EXT.1, FIA_PSK_EXT.1, FIA_AFL.1.1, FIA_AFL.1.2, FIA_UAU.5.1, FIA_UAU.5.2, FIA_PAE_EXT.1.1, FIA_PSK_EXT.1.1, FIA_PSK_EXT.1.3, FIA_PSK_EXT.1.2, FIA_AFL, FIA_PAE_EXT, FIA_UAU, FIA_PSK_EXT, FMT_SMF_EXT, FMT_MOF.1, FMT_MOF_EXT.1, FMT_SMF_EXT.1, FMT_SMF.1, FMT_MOF_EXT.1.1, FMT_SMF_EXT.1.1, FMT_SMF, FMT_SMF.1.1, FPT_TUD_EXT.1, FPT_TUD_EXT.2, FPT_ACF_EXT.1, FPT_ASLR_EXT.1, FPT_SBOP_EXT.1, FPT_SRP_EXT.1, FPT_TST_EXT.1, FPT_TST_EXT, FPT_ACF_EXT.1.1, FPT_ACF_EXT.1.2, FPT_ASLR_EXT.1.1, FPT_SBOP_EXT.1.1, FPT_SRP_EXT.1.1, FPT_TST_EXT.1.1, FPT_TUD_EXT.1.1, FPT_TUD_EXT.1.2, FPT_TUD_EXT.2.1, FPT_TUD_EXT.2.2, FPT_TST_EXT.1.2, FPT_ACF_EXT, FPT_ASLR_EXT, FPT_SBOP_EXT, FPT_SRP_EXT, FPT_TUD_EXT, FTA_WSE_EXT.1, FTA_TAB.1, FTA_TAB.1.1, FTA_WSE_EXT.1.1, FTA_WSE_EXT, FTA_TAB, FTP_ITC_EXT.1, FTP_TRP.1, FTP_ITC.1, FTP_ITC_EXT, FTP_TRP.1.1, FTP_TRP.1.2, FTP_TRP.1.3, FTP_ITC_EXT.1.1, FTP_ITC, FTP_ITC_EXT.1.2, FTP_ITC.1.1, FTP_ITC.1.2, FTP_ITC.1.3, FTP_TRP

Certification process

out of scope, The OS relies upon a trustworthy computing platform for its execution. This underlying platform is out of scope of this PP. A.PROPER_USER The user of the OS is not willfully negligent or hostile, and uses the, kernel. Software loaded for execution directly by the platform (e.g. first-stage bootloaders) is out of scope. For each additional category of executable code verified before execution, the evaluator will

Certification process

out of scope, The OS relies upon a trustworthy computing platform for its execution. This underlying platform is out of scope of this PP. A.PROPER_USER The user of the OS is not willfully negligent or hostile, and uses the, kernel. Software loaded for execution directly by the platform (e.g. first-stage bootloaders) is out of scope. For each additional category of executable code verified before execution, the evaluator will

Standards

FIPS 140-2, FIPS PUB 186-4, FIPS PUB 197, FIPS 186-4, FIPS 140, FIPS 197, FIPS 180-4, FIPS 198-2, FIPS 198-1, NIST SP 800-38E, NIST SP 800-38A, NIST SP 800-38D, NIST SP 800-38C, NIST SP 800-38F, NIST SP 800-57, SP 800-56A, NIST SP 800-90A, NIST SP 800-90B, NIST SP 800-56A, SP 800-90, NIST SP 800-90, NIST SP 800-56B, PKCS #7, RFC 2396, RFC 3526, RFC 5246, RFC 5288, RFC 5289, RFC 6125, RFC 4347, RFC 6347, RFC 3394, RFC 2246, RFC 4346, RFC 5216, RFC 5430, RFC 4301, RFC 4303, RFC 4106, RFC 3602, RFC 4109, RFC 4304, RFC 4868, RFC 6379, RFC 4945, RFC 5280, RFC 2560, RFC 5759, RFC 6066, RFC 7296, RFC 3546, RFC 3268, RFC 4366, RFC 4492, RFC 4681, RFC 2818, RFC 4306, RFC 2408, RFC 2404, ISO/IEC 2900-2, X.509, x.509