MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 1 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es REF: 2014-11-INF-1611 v1 Difusión: Expediente Fecha: 21.04.2016 Created by: CERT9 Revised by: CALIDAD Approved by: TECNICO CERTIFICATION REPORT File: 2014-11 Eudemon1000E-N (USG6600) Series Firewall Applicant: 440301192W HUAWEI Technologies Co., Ltd. References: [EXT-2420] Certification request of Eudemon1000E-N (USG6600) Series Firewall [EXT-2977] Eudemon1000E-N(USG6600) Series Firewall Evaluation Technical Report, version 2.0, 14-12-2015 The product documentation referenced in the above documents. Certification report of the product Eudemon1000E-N (USG6600) Series Firewall, as requested in [EXT-2420] dated 7/03/2014, and evaluated by the laboratory Epoche & Espri S.L.U, as detailed in the Evaluation Technical Report [EXT-2977] received on 14/12/2015. MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 2 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es TABLE OF CONTENTS EXECUTIVE SUMMARY ..................................................................................................................................3 TOE SUMMARY ..................................................................................................................................................4 SECURITY ASSURANCE REQUIREMENTS................................................................................................5 SECURITY FUNCTIONAL REQUIREMENTS ..............................................................................................6 IDENTIFICATION..............................................................................................................................................7 SECURITY POLICIES .......................................................................................................................................8 ASSUMPTIONS AND OPERATIONAL ENVIRONMENT............................................................................8 THREATS .........................................................................................................................................................9 OPERATIONAL ENVIRONMENT FUNCTIONALITY.................................................................................9 ARCHITECTURE..............................................................................................................................................10 LOGICAL ARCHITECTURE.........................................................................................................................10 PHYSICAL ARCHITECTURE.......................................................................................................................12 DOCUMENTS ....................................................................................................................................................12 PRODUCT TESTING........................................................................................................................................13 PENETRATION TESTING.............................................................................................................................14 EVALUATED CONFIGURATION .................................................................................................................15 EVALUATION RESULTS................................................................................................................................15 COMMENTS & RECOMMENDATIONS FROM THE EVALUATION TEAM.......................................16 CERTIFIER RECOMMENDATIONS ............................................................................................................16 GLOSSARY........................................................................................................................................................16 BIBLIOGRAPHY...............................................................................................................................................16 SECURITY TARGET........................................................................................................................................17 MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 3 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es EXECUTIVE SUMMARY This document constitutes the Certification Report for the certification file of the product Eudemon1000E-N(USG6600) Series Firewall. The TOE is a firewall system composed of a hardware platform and a software running within the platform as a whole system. The evaluation has been performed on product series with multiple HW platforms. The applicable HW platforms of the TOE have been identified as shown in the following table. Series Model ESN 1000E Eudemon1000E-N7E 210235G7FYZ0C8000001 USG6620 2102359519Z0C9000004 USG6650 210235G7G410E7000104 USG6680 210235G7G70123401230 The version of the TOE SW installed in the testing platforms is V100R001C20SPC100B021. Developer/manufacturer: Huawei Technologies Co., Ltd. Sponsor: Huawei Technologies Co., Ltd. Certification Body: Centro Criptológico Nacional (CCN) del Centro Nacional de Inteligencia (CNI). ITSEF: Epoche & Espri S.L.U. Protection Profile: No. Evaluation Level: Common Criteria v3.1 R4 – EAL4+ALC_FLR.1 Evaluation end date: 14/12/2015. All the assurance components required by the evaluation level EAL4+ (augmented with ALC_FLR.1 Basic flaw remediation) have been assigned a “PASS” verdict. Consequently, the laboratory Epoche & Espri S.L.U assigns the “PASS” VERDICT to the whole evaluation due all the evaluator actions are satisfied for the EAL4 + ALC_FLR.1, as defined by the Common Criteria v3.1 R4 and the CEM v3.1 R4. Considering the obtained evidences during the instruction of the certification request of the product Eudemon1000E-N(USG6600) Series Firewall version V100R001C20SPC100B021 (running on the above mentioned platforms), a positive resolution is proposed. MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 4 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es TOE summary The TOE consists of a hardware platform and software image integrated as a whole system. The TOE is designed to provide firewall, VPN, VLAN, antivirus protection, anti-spam protection and content filtering etc. to provide protection on TCP/IP networks. It can protect computer networks from abuse. The series firewall resides between the network it is protecting and an external network such as the Internet, restricting the information flow between the networks to that permitted by a policy (set of rules) defined by the Security Administrator. They detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real-time; without degrading network performance. In addition to providing stateful application-level protection, the TOE delivers a full range of network-level services including; firewall, Virtual Private Network (VPN), Virtual Local Area Network (VLAN), antivirus protection, anti-spam protection and content filtering etc.; using dedicated, easily managed platforms. TOE major security features The major security features implemented by the TOE and subject to evaluation (no assurance can be supposed to any other functionality) to, can be summarised as follows: - Authentication  The TOE can authenticate administrative users by user name and password. Administration may either be performed locally using the Local Console CLI or remotely using the Network Web-Based GUI or Network CLI. The TOE provides a local authentication scheme for this, or can optionally enforce authentication decisions obtained from a Radius or TACACS+ server in the IT environment.  Authentication is always enforced for network remote sessions via SSH, SFTP (Secure FTP),and HTTPS (Web-Based GUI) sessions. Authentication for access via the console is always enabled and password protected. - Access Control  The TOE has the ability to control the administrator permissions for every administrator account. This control is performed using three different control policies: administrator roles, administrator levels and users built-in. - Communication Security  The TOE provides communication security by implementing SSH protocol. Two versions of SSH: SSH1 (SSH1.5) and SSH2 (SSH2.0) are implemented. - Flow Control Policy  The TOE provides a policy mechanism based on security rules and traffic engineering rules. For each policy item, aspects like packet source and MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 5 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es destination addresses, in and out interfaces, security zones, and ports can be used as filters, and actions like allow, block or even traffic engineering processes can be assigned. Through such mechanism, we can define a policy and drop attacks for the TOE itself.  The TOE also offers a feature Access Control List (ACL) for filtering incoming and outgoing information flow. - Security functionality management  Security functionality management includes not only authentication, administrator role, but also managing security related data consisting of configuration profile and runtime parameters. - Cryptographic functions  Cryptographic functions are required by security features as dependencies, where:  AES is used as default encryption algorithm for SSH;  3DES is used as optional encryption algorithm for SSH;  RSA is used in user authentication when user tries to authenticate and gain access to the TOE;  HMAC-SHA is used as verification algorithm for packets of SSH protocols. - Security Audit SECURITY ASSURANCE REQUIREMENTS The product was evaluated with all the evidences required to fulfil the evaluation level EAL4+ and the evidences required by the additional component ALC_FLR.1 Basic flaw remediation, according to Common Criteria v3.1 R4. Class Family/Component ASE: Security Target evaluation ASE_CCL.1 Conformance claims ASE_ECD.1 Extended components definition ASE_INT.1 ST introduction ASE_OBJ.2 Security objectives ASE_REQ.2 Derived security requirements ASE_SPD.1 Security problem definition ASE_TSS.1 TOE summary specification ADV: Development ADV_ARC.1 Security architecture description ADV_FSP.4 Complete functional specification ADV_IMP.1 Implementation representation of the TSF ADV_TDS.3 Basic modular design AGD: Guidance documents AGD_OPE.1 Operational user guidance MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 6 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es AGD_PRE.1 Preparative procedures ALC: Life-cycle support ALC_CMC.4 Production support, acceptance procedures and automation ALC_CMS.4 Problem tracking CM coverage ALC_DEL.1 Delivery procedures ALC_DVS.1 Identification of security measures ALC_LCD.1 Developer defined life-cycle model ALC_TAT.1 Well-defined development tools ALC_FLR.1 Basic flaw remediation ATE: Tests ATE_COV.2 Analysis of coverage ATE_DPT.1 Testing: basic design ATE_FUN.1 Functional testing ATE_IND.2 Independent testing - sample AVA: Vulnerability assessment AVA_VAN.3 Focused vulnerability analysis SECURITY FUNCTIONAL REQUIREMENTS The product security functionality satisfies the following functional requirements, according to the Common Criteria v3.1 R4: Class Family/Component FAU GEN.1 GEN.2 SAR.1 SAR.3 STG.1 STG.3 FCS COP.1/AES COP.1/DES COP.1/3DES COP.1/RSA COP.1/MD5 COP.1/HMAC-MD5 COP.1/HMAC-SHA CKM.1/AES CKM.1/DES CKM.1/3DES CKM.1/RSA CKM.1/HMAC_MD5 CKM.1/HMAC_SHA CKM.4/3DES CKM.4/AES CKM.4/DES CKM.4/RSA MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 7 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es CKM.4/HMAC_MD5 CKM.4/HMAC-SHA FDP ACC.1 ACF.1 IFC.1 IFF.1 FIA AFL.1 ATD.1 SOS.1/OSPF SOS.1/BGP SOS.1/SSH UAU.2 UID.2 FMT MOF.1 MSA.1 MSA.3 SMF.1 SMR.1 FPT STM.1 FTA SSL.3 TSE.1 FTP TRP.1 ITC.1 IDENTIFICATION Product: Eudemon1000E-N(USG6600) Series Firewall SW version: V100R001C20SPC100B021 HW platforms ESN: Series Model ESN 1000E Eudemon1000E-N7E 210235G7FYZ0C8000001 USG6620 2102359519Z0C9000004 USG6650 210235G7G410E7000104 USG6680 210235G7G70123401230 Security Target: Eudemon1000E-N(USG6600) Series Firewall - Security Target, version 1.13, October 2015 MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 8 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es Protection Profile: No. Evaluation Level: Common Criteria v3.1 R4 – EAL4 + ALC_FLR.1 SECURITY POLICIES There are no Organizational Security Policies defined for this evaluation. ASSUMPTIONS AND OPERATIONAL ENVIRONMENT The following assumptions are constraints to the conditions used to assure the security properties and functionalities compiled by the security target [ST]. These assumptions have been applied during the evaluation in order to determine if the identified vulnerabilities can be exploited. In order to assure the secure use of the TOE, it is necessary to start from these assumptions for its operational environment. If this is not possible and any of them could not be assumed, it would not be possible to assure the secure operation of the TOE. Assumption Name Assumption Definition A.PhysicalProtection The TOE is physically protected so that only the authorized user of the TOE has physical access. A.NetworkElements The environment is supposed to provide supporting mechanism to the TOE:  A Radius server or TACACS+ server for external authentication/authorization decisions;  Peer router(s) for the exchange of dynamic routing information;  Remote entities (PCs) used for administration of the TOE. A.NetworkSegregation It is assumed that the ETH management interface in the TOE will be accessed only through an independent local network. This network is separate from the networks that use the other interfaces of the TOE. A.NoEvil The administration users who manage the TOE and TOE environmental components are appropriately trained, non-hostile, and follow all guidance. MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 9 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es THREATS The threats to the IT assets against which protection is required by the TOE or by the security environment are listed below. The information assets to be protected are the information stored, processed or generated by the TOE. Configuration data for the TOE, TSF data (such as user account information and passwords, routing configuration data, etc.) and other information that the TOE facilitates access to (such as system software, patches and network traffic routed by the TOE) are all considered part of information assets. The threats defined are: Threat Name Threat Definition T.UnwantedTraffic Any network user that sends unwanted/unexpected traffic to/through the TOE will cause the TOE and/or resources on the network to become too slow or unavailable, or reach resources on the network that it is not allowed to reach. T.UnauthenticatedAccess A user who is not an administrator gains access to the management interface of the TOE T.UnauthorizedAccess An administrator authorized to perform certain actions and access certain information gains access to commands or information he is not authorized for. T.Eavesdrop An eavesdropper is able to intercept, and potentially modify or re-use information assets that are exchanged between: TOE and LMT/RMT (management traffic) TOE and other routers/switches (routing information) OPERATIONAL ENVIRONMENT FUNCTIONALITY The product requires the cooperation from its operational environment to fulfil some of the objectives of the defined security problem. The security objectives declared for the TOE operational environment are categorized below. Security Objectives that are to be satisfied by the environment: Environment Security Objective Definition MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 10 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es Environment Security Objective Definition OE.NetworkElements The operational environment shall provide network devices that the TOE needs to cooperate with:  A Radius server or TACACS+ server for external authentication / authorization decisions;  Peer router(s) for the exchange of dynamic routing information;  Remote entities (PCs) used for administration of the TOE. OE.Physical The operational environment shall protect the TOE against unauthorized physical access. OE.NetworkSegregation The operational environment shall ensure that the ETH management interface in the TOE will be accessed only through an independent local network This network is separate from the networks that use the other interfaces of the TOE. OE.Manage Sites deploying the TOE will provide competent, non-hostile TOE administrators who are appropriately trained and follow all administrator guidance. TOE administrators will ensure the system and its environment are used securely. ARCHITECTURE LOGICAL ARCHITECTURE The logical architecture is depicted in the following figure: MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 11 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es The TOE software is divided into two different planes: Management Plane (MP) a Data Plane (DP). MP is composed by only one subsystem called Management plane Subsystem. DP is composed by three subsystems called Forwarding plane Subsystem, Control plane Subsystem, and Content Filter Subsystem. Management plane subsystem provides configuration management, protocol, status, routing management and device management. (Security Function Management, Cryptographic support, Access control, Authentication, Communication Security) Forwarding plane subsystem provide firewall packet forwarding, security check and traffic control. (Flow control policy, Communication Security) Control plane subsystem provides user authentication(local or remote using a RADIUS or TACACS server), relation analyze and remote query for specific operation. (Authentication, Communication security) Content Filter plane subsystem provides functionality which is not SFR-related such as anti-virus, anti-spam, DPI (Deep Protocol Identification), and other non-security features. This subsystem is irrelevant with the security features, and therefore will no longer be mentioned along this security target. MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 12 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es PHYSICAL ARCHITECTURE The following table shows the base platforms models of the TOE. Model Picture USG6620/6630/6650/6660/6670/6680 Eudemon1000E-N3/N5/N6/N7/N7E The SW running within the equipment is: File name: sup.bin MD5: ccbf426bc3039844d7d816126e10a56 DOCUMENTS The product includes the following documents that shall be distributed and made available together to the users of the evaluated version. The manual and guides of the product are published at technical support web site (http://www.huawei.com) of Huawei Technologies Co., Ltd. The user can retrieve, browse, and download all the documents online from this site.  USG6000 1. Log in to the homepage of Huawei at http://enterprise.huawei.com 2. If you are not a registered user, you need to go to 3 to register first. If you are already a registered user, go to 4 to log in. 3. Click Register and register with the system according to the prompt. After the registration succeeds, you will obtain your account and password. Keep them safe. 4. Enter the user name, password, and displayed verification code, and then click Login. 5. Click ‘Support’ button in top of the page. Choose Product Support > Enterprise Networking > Security > NGFW, and click Secospace USG6300, Secospace USG6500. MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 13 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es 6. Download HUAWEI USG6000 Series & NGFW Module V100R001C20SPC100Product Documentation. All the manuals of USG6000 V100R001C20SPC100 are in this compressed package.  Eudemon200E-N/1000E-N 1. Log in to the homepage of Huawei at http://support.huawei.com/carrier/ 2. Click “Access Earlier Website”. 3. If you are not a registered user, you need to go to 4 to register first. If you are already a registered user, go to 5 to log in. 4. Click Register and register with the system according to the prompt. After the registration succeeds, you will obtain your account and password. Keep them safe. 5. Choose Data Communication > Product > Network Security > Eudemon > Product Manual, and click Eudemon200E- N(V100R001C20SPC100) or Eudemon1000E- N(V100R001C20SPC100). 6. Download HUAWEI Eudemon200E-N/1000E-N Series & NGFW Module V100R001C20SPC100Product Documentation. All the manuals of Eudemon200E-N/1000E-N V100R001C20SPC100are in this compressed package. PRODUCT TESTING The tests performed by both the evaluator and the developer are based on the TSFIs description included in the functional specification, the SFRs description included in [ST], and the subsystems and modules defined in the TOE design documentation. The evaluator has performed an installation and configuration of the TOE and its operational environment following the steps included in the installation and operation manuals. The TOE configuration used to execute the independent tests is consistent with the evaluated configuration according to security target [ST]. The evaluator has repeated all the cases specified by the developer in the test documentation and has compared the obtained results with those obtained by the developer and documented in each associated report. The test repetition performed by the evaluator has demonstrated that the test plan and report provided by the vendor contains information enough to make a reader able to repeat all tests included. Additionally, after the repetition, the evaluator has obtained the same results as the expected ones. The independent testing has covered 100% of SFRs of the [ST] and TSFIs defined in the functional specification for the TOE, sampling has not been performed. The test cases have taken into account critical parameters values, searching that the TOE behaves in a non-expected manner. There has not been any MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 14 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es deviation from the expected results under the environment defined in security target [ST]. The deployed testing platforms for the evaluation are presented in the following figure: PENETRATION TESTING The evaluator has performed an installation and configuration of the TOE and its operational environment following the steps included in the installation and operation manuals. The TOE does NOT present exploitable vulnerabilities under the environment defined in the security target [ST]. All identified vulnerabilities can be considered closed if the TOE is installed and operated according to the security target [ST] and related documentation. The overall test result is that no deviations were found between the expected and the actual test results taking into account that environment. No attack scenario with the attack potential “Basic” has been MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 15 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es successful in the TOE’s operational environment as defined in the security target [ST] when all measures required by the developer are applied. EVALUATED CONFIGURATION The TOE is defined by its name and version number: - Eudemon1000E-N (USG6600) Series Firewall SW version: V100R001C20SPC100B021 HW platforms ESN: Series Environment ESN 1000E Local 210235G7FYZ0C8000001 Remote 2102359519Z0C9000004 Remote 210235G7G410E7000104 Remote 210235G7G70123401230 To set up the TOE in a way consistent to the evaluated configuration and the operational environment defined in the security target [ST], users must follow the steps included in the installation and operation manuals (see section DOCUMENTS). EVALUATION RESULTS The product “Eudemon1000E-N(USG6600) Series Firewall“ has been evaluated against the “Eudemon1000E-N(USG6600) Series Firewall Security Target, Version 1.13, October 2015”. All the assurance components required by the evaluation level EAL4 + ALC_FLR.1 have been assigned a “PASS” verdict. Consequently, the laboratory Epoche & Espri S.L.U assigns the “PASS” VERDICT to the whole evaluation due all the evaluator actions are satisfied for the evaluation level EAL4 + ALC_FLR.1, as defined by the Common Criteria v3.1 R4 and the CEM v3.1 R4. MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 16 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es COMMENTS & RECOMMENDATIONS FROM THE EVALUATION TEAM The TOE usage is recommended given that there are not exploitable vulnerabilities in the operational environment. Nonetheless, the following usage recommendations are given: - The fulfilment of the assumptions within indicated in the security target is a key point as it implies TOE environment configurations that leave some potential vulnerabilities out of the scope. - It is very important the adequate fulfilling of the installation procedures; the installation procedure may be vulnerable if those procedures are not followed. CERTIFIER RECOMMENDATIONS Considering the obtained evidences during the instruction of the certification request of the product “Eudemon1000E-N(USG6600) Series Firewall, version V100R001C20SPC100B021”, a positive resolution is proposed. GLOSSARY CCN Centro Criptológico Nacional CNI Centro Nacional de Inteligencia EAL Evaluation Assurance Level ETR Evaluation Technical Report OC Organismo de Certificación SFR Security Functional Requirement TOE Target Of Evaluation TSF TOE Security Functionality TSFI TSF Interface BIBLIOGRAPHY The following standards and documents have been used for the evaluation of the product: MINISTERIO DE LA PRESIDENCIA CENTRO NACIONAL DE INTELIGENCIA CENTRO CRIPTOLÓGICO NACIONAL ORGANISMO DE CERTIFICACIÓN Página 17 de 17 Dossier: 2014-11 C/ Argentona nº 20 Email: organismo.certificacion@cni.es [CC_P1] Common Criteria for Information Technology Security Evaluation Part 1: Introduction and general model, Version 3.1, R4 Final, Sept. 2012. [CC_P2] Common Criteria for Information Technology Security Evaluation Part 2: Security functional components, Version 3.1, R4 Final, Sept. 2012. [CC_P3] Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components, Version 3.1, R4 Final, Sept. 2012. [CEM] Common Methodology for Information Technology Security Evaluation: Version 3.1, R4 Final, Sept. 2012. [ST] Eudemon1000E-N(USG6600) Series Firewall Security Target, Version 1.13, October 2015 SECURITY TARGET Along with this certification report, the complete security target of the evaluation is available in the Certification Body: - Eudemon1000E-N(USG6600) Series Firewall Security Target, Version 1.13, October 2015