BSI-DSZ-CC-1097-2019
for
FabricOS version 8.2.0a2
from
Brocade Communications Systems LLC
BSI - Bundesamt für Sicherheit in der Informationstechnik, Postfach 20 03 63, D-53133 Bonn
Phone +49 (0)228 99 9582-0, Fax +49 (0)228 9582-5477, Infoline +49 (0)228 99 9582-111
Certification Report V1.0 CC-Zert-327 V5.23
BSI-DSZ-CC-1097-2019 (*)
Network Device
FabricOS
version 8.2.0a2
from Brocade Communications Systems LLC
PP Conformance: None
Functionality: Product specific Security Target
Common Criteria Part 2 extended
Assurance: Common Criteria Part 3 conformant
EAL 2 augmented by ALC_FLR.2
The IT Product identified in this certificate has been evaluated at an approved evaluation
facility using the Common Methodology for IT Security Evaluation (CEM), Version 3.1
extended by Scheme Interpretations for conformance to the Common Criteria for IT
Security Evaluation (CC), Version 3.1. CC and CEM are also published as ISO/IEC 15408
and ISO/IEC 18045.
(*) This certificate applies only to the specific version and release of the product in its
evaluated configuration and in conjunction with the complete Certification Report and
Notification. For details on the validity see Certification Report part A chapter 5.
The evaluation has been conducted in accordance with the provisions of the certification
scheme of the German Federal Office for Information Security (BSI) and the conclusions
of the evaluation facility in the evaluation technical report are consistent with the
evidence adduced.
This certificate is not an endorsement of the IT Product by the Federal Office for
Information Security or any other organisation that recognises or gives effect to this
certificate, and no warranty of the IT Product by the Federal Office for Information
Security or any other organisation that recognises or gives effect to this certificate, is
either expressed or implied.
Bonn, 8 October 2019
For the Federal Office for Information Security
Joachim Weber L.S.
Head of Branch
SOGIS
Recognition Agreement
Bundesamt für Sicherheit in der Informationstechnik
Godesberger Allee 185-189 - D-53175 Bonn - Postfach 20 03 63 - D-53133 Bonn
Phone +49 (0)228 99 9582-0 - Fax +49 (0)228 9582-5477 - Infoline +49 (0)228 99 9582-111
Common Criteria
Recognition Arrangement
Certification Report BSI-DSZ-CC-1097-2019
This page is intentionally left blank.
4 / 31
BSI-DSZ-CC-1097-2019 Certification Report
Contents
A. Certification......................................................................................................................6
1. Preliminary Remarks....................................................................................................6
2. Specifications of the Certification Procedure...............................................................6
3. Recognition Agreements..............................................................................................7
4. Performance of Evaluation and Certification................................................................8
5. Validity of the Certification Result.................................................................................8
6. Publication....................................................................................................................9
B. Certification Results.......................................................................................................10
1. Executive Summary....................................................................................................11
2. Identification of the TOE.............................................................................................12
3. Security Policy............................................................................................................15
4. Assumptions and Clarification of Scope.....................................................................15
5. Architectural Information.............................................................................................16
6. Documentation...........................................................................................................17
7. IT Product Testing.......................................................................................................17
8. Evaluated Configuration.............................................................................................21
9. Results of the Evaluation............................................................................................22
10. Obligations and Notes for the Usage of the TOE.....................................................25
11. Security Target..........................................................................................................25
12. Definitions.................................................................................................................25
13. Bibliography..............................................................................................................27
C. Excerpts from the Criteria..............................................................................................29
D. Annexes.........................................................................................................................30
5 / 31
Certification Report BSI-DSZ-CC-1097-2019
A. Certification
1. Preliminary Remarks
Under the BSIG1
Act, the Federal Office for Information Security (BSI) has the task of
issuing certificates for information technology products.
Certification of a product is carried out on the instigation of the vendor or a distributor,
hereinafter called the sponsor.
A part of the procedure is the technical examination (evaluation) of the product according
to the security criteria published by the BSI or generally recognised security criteria.
The evaluation is normally carried out by an evaluation facility recognised by the BSI or by
BSI itself.
The result of the certification procedure is the present Certification Report. This report
contains among others the certificate (summarised assessment) and the detailed
Certification Results.
The Certification Results contain the technical description of the security functionality of
the certified product, the details of the evaluation (strength and weaknesses) and
instructions for the user.
2. Specifications of the Certification Procedure
The certification body conducts the procedure according to the criteria laid down in the
following:
● Act on the Federal Office for Information Security2
● BSI Certification and Approval Ordinance3
● BSI Schedule of Costs4
● Special decrees issued by the Bundesministerium des Innern (Federal Ministry of the
Interior)
● DIN EN ISO/IEC 17065 standard
● BSI certification: Scheme documentation describing the certification process (CC-
Produkte) [3]
● BSI certification: Scheme documentation on requirements for the Evaluation Facility, its
approval and licencing process (CC-Stellen) [3]
1
Act on the Federal Office for Information Security (BSI-Gesetz - BSIG) of 14 August 2009,
Bundesgesetzblatt I p. 2821
2
Act on the Federal Office for Information Security (BSI-Gesetz - BSIG) of 14 August 2009,
Bundesgesetzblatt I p. 2821
3
Ordinance on the Procedure for Issuance of Security Certificates and approval by the Federal Office for
Information Security (BSI-Zertifizierungs- und -Anerkennungsverordnung - BSIZertV) of 17 December
2014, Bundesgesetzblatt 2014, part I, no. 61, p. 2231
4
Schedule of Cost for Official Procedures of the Bundesamt für Sicherheit in der Informationstechnik
(BSI-Kostenverordnung, BSI-KostV) of 03 March 2005, Bundesgesetzblatt I p. 519
6 / 31
BSI-DSZ-CC-1097-2019 Certification Report
● Common Criteria for IT Security Evaluation (CC), Version 3.15
[1] also published as
ISO/IEC 15408
● Common Methodology for IT Security Evaluation (CEM), Version 3.1 [2] also published
as ISO/IEC 18045
● BSI certification: Application Notes and Interpretation of the Scheme (AIS) [4]
3. Recognition Agreements
In order to avoid multiple certification of the same product in different countries a mutual
recognition of IT security certificates - as far as such certificates are based on ITSEC or
CC - under certain conditions was agreed.
3.1. European Recognition of CC – Certificates (SOGIS-MRA)
The SOGIS-Mutual Recognition Agreement (SOGIS-MRA) Version 3 became effective in
April 2010. It defines the recognition of certificates for IT-Products at a basic recognition
level and, in addition, at higher recognition levels for IT-Products related to certain SOGIS
Technical Domains only.
The basic recognition level includes Common Criteria (CC) Evaluation Assurance Levels
EAL 1 to EAL 4. For "Smartcards and similar devices" a SOGIS Technical Domain is in
place. For "HW Devices with Security Boxes" a SOGIS Technical Domains is in place, too.
In addition, certificates issued for Protection Profiles based on Common Criteria are part of
the recognition agreement.
The current list of signatory nations and approved certification schemes, details on
recognition, and the history of the agreement can be seen on the website at
https://www.sogisportal.eu.
The SOGIS-MRA logo printed on the certificate indicates that it is recognised under the
terms of this agreement by the related bodies of the signatory nations. A disclaimer
beneath the logo indicates the specific scope of recognition.
This certificate is recognized under SOGIS-MRA for all assurance components selected.
3.2. International Recognition of CC – Certificates (CCRA)
The international arrangement on the mutual recognition of certificates based on the CC
(Common Criteria Recognition Arrangement, CCRA-2014) has been ratified on 08
September 2014. It covers CC certificates based on collaborative Protection Profiles (cPP)
(exact use), CC certificates based on assurance components up to and including EAL 2 or
the assurance family Flaw Remediation (ALC_FLR) and CC certificates for Protection
Profiles and for collaborative Protection Profiles (cPP).
The current list of signatory nations and approved certification schemes can be seen on
the website: https://www.commoncriteriaportal.org.
The Common Criteria Recognition Arrangement logo printed on the certificate indicates
that this certification is recognised under the terms of this agreement by the related bodies
of the signatory nations. A disclaimer beneath the logo indicates the specific scope of
recognition.
5
Proclamation of the Bundesministerium des Innern of 12 February 2007 in the Bundesanzeiger dated
23 February 2007, p. 3730
7 / 31
Certification Report BSI-DSZ-CC-1097-2019
This certificate is recognized according to the rules of CCRA-2014, i. e. up to and including
CC part 3 EAL 2+ ALC_FLR components.
4. Performance of Evaluation and Certification
The certification body monitors each individual evaluation to ensure a uniform procedure, a
uniform interpretation of the criteria and uniform ratings.
The product FabricOS , version 8.2.0a2 has undergone the certification procedure at BSI.
The evaluation of the product FabricOS , version 8.2.0a2 was conducted by SRC Security
Research & Consulting GmbH. The evaluation was completed on 30 September 2019.
SRC Security Research & Consulting GmbH is an evaluation facility (ITSEF)6
recognised
by the certification body of BSI.
For this certification procedure the applicant is: Brocade Communications Systems LLC.
The product was developed by: Brocade Communications Systems LLC.
The certification is concluded with the comparability check and the production of this
Certification Report. This work was completed by the BSI.
5. Validity of the Certification Result
This Certification Report applies only to the version of the product as indicated. The
confirmed assurance package is valid on the condition that
● all stipulations regarding generation, configuration and operation, as given in the
following report, are observed,
● the product is operated in the environment described, as specified in the following report
and in the Security Target.
For the meaning of the assurance components and assurance levels please refer to CC
itself. Detailed references are listed in part C of this report.
The Certificate issued confirms the assurance of the product claimed in the Security Target
at the date of certification. As attack methods evolve over time, the resistance of the
certified version of the product against new attack methods needs to be re-assessed.
Therefore, the sponsor should apply for the certified product being monitored within the
assurance continuity program of the BSI Certification Scheme (e.g. by a re-assessment or
re-certification). Specifically, if results of the certification are used in subsequent evaluation
and certification procedures, in a system integration process or if a user's risk
management needs regularly updated results, it is recommended to perform a re-
assessment on a regular e.g. annual basis.
In order to avoid an indefinite usage of the certificate when evolved attack methods would
require a re-assessment of the products resistance to state of the art attack methods, the
maximum validity of the certificate has been limited. The certificate issued on
8 October 2019 is valid until 07.10.2024. Validity can be re-newed by re-certification.
The owner of the certificate is obliged:
6
Information Technology Security Evaluation Facility
8 / 31
BSI-DSZ-CC-1097-2019 Certification Report
1. when advertising the certificate or the fact of the product's certification, to refer to
the Certification Report as well as to provide the Certification Report, the Security
Target and user guidance documentation mentioned herein to any customer of the
product for the application and usage of the certified product,
2. to inform the Certification Body at BSI immediately about vulnerabilities of the
product that have been identified by the developer or any third party after issuance
of the certificate,
3. to inform the Certification Body at BSI immediately in the case that security relevant
changes in the evaluated life cycle, e.g. related to development and production sites
or processes, occur, or the confidentiality of documentation and information related
to the Target of Evaluation (TOE) or resulting from the evaluation and certification
procedure where the certification of the product has assumed this confidentiality
being maintained, is not given any longer. In particular, prior to the dissemination of
confidential documentation and information related to the TOE or resulting from the
evaluation and certification procedure that do not belong to the deliverables
according to the Certification Report part B, or for those where no dissemination
rules have been agreed on, to third parties, the Certification Body at BSI has to be
informed.
In case of changes to the certified version of the product, the validity can be extended to
the new versions and releases, provided the sponsor applies for assurance continuity (i.e.
re-certification or maintenance) of the modified product, in accordance with the procedural
requirements, and the evaluation does not reveal any security deficiencies.
6. Publication
The product FabricOS , version 8.2.0a2 has been included in the BSI list of certified
products, which is published regularly (see also Internet: https://www.bsi.bund.de and [5]).
Further information can be obtained from BSI-Infoline +49 228 9582-111.
Further copies of this Certification Report can be requested from the developer7
of the
product. The Certification Report may also be obtained in electronic form at the internet
address stated above.
7
Brocade Communications Systems LLC
1320 Ridder Park Drive
San Jose 95131
9 / 31
Certification Report BSI-DSZ-CC-1097-2019
B. Certification Results
The following results represent a summary of
● the Security Target of the sponsor for the Target of Evaluation,
● the relevant evaluation results from the evaluation facility, and
● complementary notes and stipulations of the certification body.
10 / 31
BSI-DSZ-CC-1097-2019 Certification Report
1. Executive Summary
The Target of Evaluation (TOE) is the Brocade Communications Systems LLC FabricOS
Version 8.2.0a2 running on Brocade Directors and Switches family of products configured
as instructed by the preparatory documentation which are provided by Brocade
Communications Systems LLC.
Brocade Communications Systems LLC FabricOS Version 8.2.0a2 running on Brocade
Directors and Switches is a software solution utilizing hardware appliances that implement
what is called a 'Storage Area Network' or 'SAN'. SANs provide physical connections
between servers that are located in the environment and storage devices such as disk
storage systems and tape libraries that are also located in the environment.
The TOE provides the following major security features:
• auditing of user activity,
• identification and authentication of users,
• management based upon user roles,
• a SAN access policy,
• restrictions upon TOE access,
• encryption supporting communication with network peers, and
• encryption supporting administrative trusted path.
The Security Target [6] is the basis for this certification. It is not based on a certified
Protection Profile.
The TOE Security Assurance Requirements (SAR) are based entirely on the assurance
components defined in Part 3 of the Common Criteria (see part C or [1], Part 3 for details).
The TOE meets the assurance requirements of the Evaluation Assurance Level EAL 2
augmented by ALC_FLR.2.
The TOE Security Functional Requirements (SFR) relevant for the TOE are outlined in the
Security Target [6] chapter 6.1. They are selected from Common Criteria Part 2 and some
of them are newly defined. Thus the TOE is CC Part 2 extended.
The TOE Security Functional Requirements are implemented by the following TOE
Security Functionality:
TOE Security Functionality Addressed issue
Security audit The TOE generates Audit data. The Audit records include date, time of
the event, type, user identity that caused the event. The records are
sent to a syslog server in the environment.
User data protection The TOE provides the ability to restrict block-read and block-write
operations to connected storage devices that are initiated by host bus
adapters. Host bus adapter can only access storage devices that are
members of the same zone.
Identification and Authentication The TOE defines administrative users with user identity, password and
role. Role permissions determine the functions that administrators may
perform. The TOE authenticates administrative users using either its
own authentication mechanism or a RADIUS or LDAP Server.
Passwords are chosen by a defined policy.
Security Management The TOE provides both serial terminal- and Ethernet network-based
11 / 31
Certification Report BSI-DSZ-CC-1097-2019
TOE Security Functionality Addressed issue
management interfaces. Each of these types of interfaces provides
equivalent management functionality.
TOE Access An IP Filter policy is a set of rules applied to the IP management
interfaces as a packet filtering firewall. The IP Filter policy permits or
denies traffic to go through the IP management interfaces according to
the policy rules.
Trusted Path The TOE enforces a trusted path between the TOE administrators and
the TOE using SSHv2 connections for Ethernet connections from the
Administrator terminal to the TOE and configured network peers that
are providing syslog, RADIUS or LDAP services
Table 1: TOE Security Functionalities
For more details please refer to the Security Target [6], chapter 7.
The assets to be protected by the TOE are defined in the Security Target [6] chapter 3.
Based on these assets the TOE Security Problem is defined in terms of Assumptions,
Threats and Organisational Security Policies. This is outlined in the Security Target [6],
chapters 3.1 and 3.2.
This certification covers the configurations of the TOE as outlined in chapter 8.
The vulnerability assessment results as stated within this certificate do not include a rating
for those cryptographic algorithms and their implementation suitable for encryption and
decryption (see BSIG Section 9, Para. 4, Clause 2).
The certification results only apply to the version of the product indicated in the certificate
and on the condition that all the stipulations are kept as detailed in this Certification
Report. This certificate is not an endorsement of the IT product by the Federal Office for
Information Security (BSI) or any other organisation that recognises or gives effect to this
certificate, and no warranty of the IT product by BSI or any other organisation that
recognises or gives effect to this certificate, is either expressed or implied.
2. Identification of the TOE
The Target of Evaluation (TOE) is called:
FabricOS , version 8.2.0a2
The following table outlines the TOE deliverables:
N
o
Type Identifier Release Form of Delivery SHA-512
Checksum
1 SW Brocade
Communications
Systems LLC FabricOS
Version 8.2.0a2
8.2.0.a2 Pre-installed on
Brocade Director
Blade Models,
Director Models,
Switch Appliance
Models, see section
2.1
-
12 / 31
BSI-DSZ-CC-1097-2019 Certification Report
N
o
Type Identifier Release Form of Delivery SHA-512
Checksum
2 DOC Brocade Fabric OS
8.2.0a BSI Configuration
Guide
FOS-802a-
BSI-
UG100, 18
January
2019
Password-protected
user-id for registered
users (customers),
web download
secured with https
C4F95D9D19EBF76
AF1FEC65B0F7B68
A7A83891BBD81C4
CCACC04316EB60
EC02E72B15467F1
928DB14983A37BF
8EF390D7DAEF5C4
4B978D4A31A3B25
F04347D5E
3 DOC Brocade - FabricOS
Administration Guide,
8.2.0a
#53-
1005237-
05, 10 May
2018
Password-protected
user-id for registered
users (customers),
web download
secured with https
11B7FAFB8D10BA8
09521F1A411BAE21
E750A52C3350CED
4C927FB4F88923A
02FB8496A231FDA
E382BABFC8A8279
88A461D33DF6818
5CBF5D52F1851C5
2D2800C
4 DOC Brocade – FabricOS
Command Reference,
8.2.0a
53-
1005241-
04, 10 April
2018
Password-protected
user-id for registered
users (customers),
web download
secured with https
15C22C35C15DF38
AADB83AFD94FBD
E1A8AFBE91795F0
8F59C5156DDF157
E9677280D318ECF
CB8921D235EA331
8682B6E35C621888
B8B37D4333E9C77
F7F5B177
5 DOC Brocade – FabricOS
Message Reference,
8.2.0a
53-
1005249-
04, 10 April
2018
Password-protected
user-id for registered
users (customers),
web download
secured with https
4F2B2AECD1B6DA
16F0AECD495AB03
CD26160B4A0416C
A732C719E646AE6
13FCBF5B2E49F74
57A4804819218ED3
9D9D30F49FBC6A2
738065A7150DA2D
4B5730F0
6 DOC Brocade – FabricOS
Troubleshooting and
Diagnostics Guide,
Supporting FabricOS,
8.2.0
53-
1005252-
03, 10 April
2018
Password-protected
user-id for registered
users (customers),
web download
secured with https
E59697B102573260
D2934491C41BAB7
B695B9FFD1733EA
5F4618C67FE7A50
32B8F9BC5C36AB4
1AC5C5FAD959A2A
3520951A4B845E55
4FC76FB2FC8B7E3
39497E
Table 2: Deliverables of the TOE
The certified software, Brocade Communications Systems LLC FabricOS Version 8.2.0a2,
is certified for the following series and models of Brocade Director and switch products:
• Generation 5 hardware (Gen5HW)
◦ Director Blade1 Models: FC16-32, FC16-48, FC16-64, CP8, CR16-4, CR16-8,
FX8-24
13 / 31
Certification Report BSI-DSZ-CC-1097-2019
◦ Director Models: DCX 8510-4, DCX 8510-8
◦ Switch Appliance Models: 6510, 6520 and 7840
• Gen 6 hardware (Gen6HW)
◦ Director Blade Models: FC32-48, CPX6, CR32-4, CR32-8 and SX6
◦ Director Models: X6-4, X6-8
◦ Switch Appliance Models: G620 and G630
The software loading process is automated and solely controlled by Brocade’s engineers.
Brocade FabricOS images are retrieved by authorized Brocade personnel and are
transferred securely to factory sites across private networks. After the hardware is loaded
with FabricOS at the manufacturer´s site, the hardware is packaged and the entire crate is
shrink-wrapped afterwards. During all steps confidentiality, authenticity and integrity are
ensured by Brocade’s engineers, by the private network and at Brocade’s manufacturer’s
site.
For documentation and software downloads, Brocade Partner Network and Brocade
Connect sites are given access only to registered-partners and end users respectively.
Guidance documents in these sites are authenticated using an Okta user-id and password
which are provided only to these registered users. Okta is an ID and password
management service that provides both Single-Sign-On and universal-directory services.
This documentation is authored by Brocade and transferred to the Brocade web site
(https://www.brocade.com) through a VPN that provides authentication of Brocade as the
document’s source. The web download of the documentation files is secured with
Hypertext Transfer Protocol Secure (HTTPS).
Brocade performs the delivery directly to end customers or to the OEM/channel partner by
respecting the same standards. The transport is performed by trusted C-TPAT2 certified
carriers. Brocade selects its carriers by using a request for proposal (RFP) process, where
the transport company has to declare to be CTPAT certified. Brocade verifies CTPAT
certification before commencement of operations with that transport company. Every
delivery has an identifier from the commercial carrier (e.g., tracking number) and contains
a packaging list. Each stock keeping unit (SKU) has a detailed bill of materials with
numerous specification documents. This ensures authenticity and integrity and
confidentiality.
The shrink-wrapped crate is shipped to Brocade’s OEM/channel partner then directly to
end customers using commercial carriers. After delivering products to the OEM the
responsibility for security needs is transferred from Brocade to the OEM, who will handle
the delivery to the end customer.
The end customer can initiate an own commercial carrier transport of the pre-installed TOE
from Brocade to its site self-dependent. After leaving the manufacturer´s site the end
customer´s transport service has to ensure authenticity, integrity and confidentiality of the
TOE.
Note 1: As it is unequivocally stated in documentation that the download delivery which is
also offered does not lead to a certified version of the TOE.
Note 2: Using the BSI Common Criteria Configuration Guide with a download version of
FabricOS will not lead to a certified version.
14 / 31
BSI-DSZ-CC-1097-2019 Certification Report
2.1. Identification of the TOE by the User
On boot up, the user has to verify and confirm that the approved Brocade Communications
Systems LLC FabricOS Version 8.2.0a2 is pre-installed using “version” or “firmwareshow”
command.
3. Security Policy
The security policy enforced is defined by the selected set of Security Functional
Requirements and implemented by the TOE. The TOE implements a role-based access
control policy to control administrative access to the system. In addition, the TOE
implements policies pertaining to the following security functional classes:
• Security audit
• User data protection
• Identification and authentication
• Security management
• TOE access
• Trusted path
Specific details concerning the above mentioned security policies can be found in [6],
chapter 7.
4. Assumptions and Clarification of Scope
The Assumptions defined in the Security Target and some aspects of Threats and
Organisational Security Policies are not covered by the TOE itself. These aspects lead to
specific security objectives to be fulfilled by the TOE-Environment. The following topics are
of relevance:
• OE.AUDIT - The environment will provide a Syslog server and a means to present a
readable view of the audit data.
• OE.AUTH_SVR - The authentication server will offer a password policy that
requires password length, password strength and a restriction of failed login
attempts that is consistent with the requirements of the Security Target.
• OE.PKI - The PKI associated with the trusted root certificates that are installed into
the TOE utilize cryptographic algorithms and methods appropriate for the protection
of the data processed by the TOE.
• OE.NETWORK - The Environment will physically protect network communication to
and from the TOE from unauthorized disclosure or modification.
• OE.MGMT_NET - The SSHv2 administration workstation, syslog server, and (when
utilized) the authentication servers that are connected to the management network
are operated in a secure environment.
• OE.CONFIG - The TOE will be installed, configured, managed and maintained in
accordance with its guidance documentation.
• OE.PHYCAL - The TOE will be located within controlled access facilities, which will
prevent unauthorized physical access.
15 / 31
Certification Report BSI-DSZ-CC-1097-2019
• OE.HARDWARE - The TOE is assumed to run on models of Brocade Directors and
Switches that are listed in section 1.2, [6]. In particular it is assumed that the
following functionality is available to the TOE:
• a) Hardware real time clock
• b) A trustworthy bootloader
Details can be found in the Security Target [6], chapter 4.2.
5. Architectural Information
The Target of Evaluation (TOE) is Fabric Operating System (FabricOS) version 8.2.0a2
running on Brocade Directors and Switches hardware appliances. The Brocade Directors
and Switches hardware appliances are available in two form factors: a rack-mount Director
Chassis with a variable number of blades, or a self-contained switch appliance device.
This chapter gives an overview of the subsystems of the TOE and the corresponding TSF
which were objects of this evaluation.
The security functions of the TOE are enforced by the following two subsystems:
• Runtime Subsystem (supports the TSF “Security audit”)
• FabricOS Subsystem (supports the TSF “Security audit”, “User data protection”,
“Identification and authentication”, “Security management”, “TOE access”, “Trusted
path”)
Operating system capabilities of the FabricOS are executed by the Runtime Subsystem.
The Runtime Subsystem provides an execution environment for the FabricOS subsystem.
The Logging functionality is responsible for the collection of audit records from other TOE
software, the insertion of common fields into audit records (e.g., date/time stamps), the
short-term, local storage of audit records, the protection of local audit records, and the
transmission of audit records to a remote syslog server.
The Crypto Support Functionality is responsible for the cryptographic operations
associated with various network protocols (e.g., SSHv2, TLSv1.2). The Crypto Support
Functionality also generates SSH & TLS keys.
All networking performed by the FabricOS Subsystem occurs over either the management
network interface or over a SAN network interface. Each model of the TOE in-stalled has
at least one management network port (a Director chassis may have more than one). The
number of SAN network interfaces varies by model. These SAN network interfaces are
used to connect the FabricOS Subsystem with HBAs and storage devices.
The SAN functionality implements the FabricOS Subsystem support for traffic on SAN
network interfaces, enforcing zoning rules and ensuring encryption of data as configuration
dictates. The SAN functionality also provides fibre channel (FC) protocol support for use
over physical FC SAN Data ports. The SAN functionality includes a fixed definition of IP
Filters that protect the FabricOS Subsystem and limit network protocols accepted through
network ports that are dedicated to SAN data (e.g. Ethernet SAN Data Ports).
The management network is used exclusively to allow administrators to perform
management operations on the FabricOS subsystem, and to support communication with
external syslog, RADIUS and LDAP servers.
16 / 31
BSI-DSZ-CC-1097-2019 Certification Report
Over the management network interface, the Remote Access Functionality provides the
network protocol support for the SSH and TLS protocols which protect communication
between administrators and the FabricOS subsystem.
The AAA functionality provides network protocol support for the RADIUS and LDAP
protocols. These protocols connect the FabricOS subsystem with an external
authentication server. The Runtime Environment provides a local repository for user
identification and authentication material.
Together, the FabricOS subsystem can utilize either locally defined accounts or accounts
defined via LDAP and RADIUS for the identification and authentication of administrators.
The Admin functionality provides a command line interface for the configuration and
management of the FabricOS subsystem over an SSH connection and ensures that all
users are identified and authenticated before being allowed to perform operations using
the Command Line Interface (CLI). Restrictions based upon administrative roles are en-
forced upon actions taken through the CLI and supports the management of local user
accounts and authentication material.
6. Documentation
The evaluated documentation as outlined in table 2 is being provided with the product to
the customer. This documentation contains the required information for secure usage of
the TOE in accordance with the Security Target.
Additional obligations and notes for secure usage of the TOE as outlined in chapter 10 of
this report have to be followed.
7. IT Product Testing
Developer Tests
Test Configuration and Test Approach
Brocade FabricOS runs on the complete range of Brocade platforms. In general it is the
case that tests for any security-relevant TOE function may be performed on any Brocade
hard-ware platform. None of the security-relevant functions contain behaviour that is
unique to a particular platform. The test configuration can be applied to an arbitrary device
of a switch appliance equivalence class, switch equivalence class or director equivalence
class. Tests are executed on every equivalence class.
For testing purpose the TOE is configured strictly following the referenced Common
Criteria guidance document [9]. At the end of these steps an evaluated version is installed
on an above mentioned equivalence class and can be tested in a freshly installed state
providing the security features claimed in the Security Target.
Testing of the TOE security functions is provided by a series of automated and manual
tests. These tests demonstrate the security-relevant behaviour of the TOE at the interfaces
identified in the Functional Specification document and defined in the High-Level Design
documentation. The goal of the tests is to demonstrate that the TOE meets the security
functional requirements specified in the Security Target. Using the testing resources is
optimized by applying an adaptive, white box testing approach to exploit several properties
of the TOE.
17 / 31
Certification Report BSI-DSZ-CC-1097-2019
• Enable security auditing FAU_GEN.1: Enable security auditing, through the
‘auditcfg’ command and verify that set security alerts are triggered and reported
correctly to the sys-log/syslog-ng server.
• Account lockout for non admin accounts; successful and unsuccessful login
FIA_AFL.1 FIA_UAU.5 FIA_UID.2 FTA_TSE.1: This test verifies that an account
locks out after a configured number of “lockoutthreshold” and remains locked for the
configured time “lockoutduration” minutes.
• Use of Management Functions, including user / group modifications FMT_SMF.1
FMT_SMR.1 FMT_MTD.1(1) FMT_MTD.1(2) FIA_ATD.1(1): Validate user changes
are reflected and admin role permissions supersede those of user role.
• Authenticate incoming and outgoing SSH user with RSA keys FCS_CKM.1(1).1
FCS_COP.1(2) FCS_CKM.1(2).1: Validation of RSA key authentication to and from
FOS switch without password.
• Key and secret deletion FCS_CKM.4: Verifies that certificates can be deleted
successfully.
• Basic zoning on different HW FDP_ACF.1 FDP_ACC.1 FMT_MSA.1 FMT_MSA.3:
This test verifies zoning of Brocade switches and validates the restriction of access
to storage or initiator ports.
• User class cannot supersede the default ad-min role FIA_ATD.1(1) FMT_SMR.1:
This test covers that no non-admin defined class may supersede the default admin
account for that access right (“O” and “M”). Command permissions are defined as
either M for modify, O for observe, or N for No.
• Password Policy Management FIA_ATD.1(1) FIA_ATD.1(2) FIA_SOS.1: This
subsection verifies the functionality of various password policy parameters in a
fabric environment.
• Consistent user deny FIA_UAU.2 FIA_UID.2: Verify that passwords changes for all
user ac-counts that can access the switch will be denied if account verification is
rejected. Verify that no authentication data is feedback to the user while inputting
authentication data.
• RADIUS and LDAP authentication FTA_MCS.1 FIA_UAU.5: This test covers the
authentication facility available to firmware by communicating to RADIUS and LDAP
servers.
• Cipher configuration with SSH and TLS ciphers FCS_CKM.1(1).1 FCS_COP.1(1)
FCS_COP.1(2) FCS_CKM.2 FTP_ITC.1 FTP_TRP.1: This test verifies that sec-
cryptoconfig functions correctly when editing the ciphers allowed for SSH sessions.
• Maximum number of sessions for each role FMT_SMR.1 FTA_MCS.1: This test
verifies that the total number of SSH sessions that are allowed is limited to 32. The
local db authentication will limit users according to 4 sessions per account.
• IPFILTER robustness AVA_VAN.2: Verify that ports can be opened and closed by
changing active IPFILTER policy.
• Verify import utility for validity of Certificate FIA_ATD.1(1): Verify invalid certificates
cannot be imported into FOS for use with LDAP or syslog-ng.
18 / 31
BSI-DSZ-CC-1097-2019 Certification Report
7.1. Independent Evaluator Tests
Overview
The independent testing was partially performed using the developer’s testing
environment, partially using the test environment of the evaluation facility. The
configuration of the TOE being intended to be covered by the current evaluation was
tested.
The overall test result is that no deviations were found between the expected and the
actual test results.
TOE Test Configuration
The TOE was tested in DMZ with a stand-alone test computer and additional work-
stations. The TOE was running on one machine of each equivalence class and was
configured according to chapter 1.4 of [6]. The evaluator has started the TOE and
configured it together with the developer. This was done by directly booting up the TOE
after the start-up of the machine.
Besides the requirements described in chapter 1.4 of [6] the test environment also needs
to fullfil the security objectives for the environment. These security objectives are fulfilled
by the following services. The testers starting a SYSLOG server in the test net-work
(OE.AUDIT, OE.MGMT_NET). Only a secure connection (SSH) is used to configure the
TOE. The authentication server is installed with username and password
(OE.AUTH_SVR). The test environment is located in a secured server room and in a
distinct DMZ (OE.NETWORK, OE.PHYCAL, OE.MGMT_NET). The installation instructions
are used as outlined in 1.4.2 of [6] (OE.CONFIG). Tests are executed only with Brocade
Directors and Switches that are listed in section 1.2 of [6] (OE.HARDWARE).
These above described components match the needed components described in the
application developer guidance [9] to establish the TOE. The TOE environment and the
related test equipment for the tests are consistent with the described ones in [6] and [9].
The tests of the TOE are carried out by executing the test environment. There are four
standard workstations and 6 appliances with the TOE installed. In detail there are 3
appliances, one of each equivalence class with a redundant appliance. The four work-
stations represent the 2 Authentication servers, syslog server and a testing workstation.
The entire developer test configuration and the test protocols were made available to the
evaluator.
For testing the TOE the evaluators used the same configuration as used in the developer
tests. The machines and the developer test cases were analyzed during a visit of SRC in
the test lab of Brocade in Denver (CO) USA. The main difference is that the evaluator is
using a https secured WebEx remote connection to connect to a test net-work at Brocade
where all the test equipment is installed and running. During the visit in Denver CO the
evaluators used the following test configuration:
Test Setup for independent testing
Hardware: 6520 (Eq Cl1)
DCX CP0 / CP1 (Eq Cl2)
G630 (Eq Cl3)
19 / 31
Certification Report BSI-DSZ-CC-1097-2019
X6-4 (Eq Cl4)
7840 (Eq Cl1 with Goldeneye)
Software: Brocade Communications Systems LLC FabricOS Version 8.2.0a2
LDAP (slapd –v on Linux)
Linux: OpenLDAP: slapd 2.4.40
Windows Server 2012 R2 Datacenter: AD DS (Active Directory Domain
Services)
Radius (radius –v on linux)
Linux: Free RADIUS Version 2.1.5
Windows Server 2012 R2 Datacenter: RADIUS Server in Network Access
Policy 6.3.9600.16384
Syslog Server
syslog-ng 3.13.2 on Debian 4.14.12
Storage Server
SANBlaze V7.5 and 7.4.2
SRC Test OS
Kali Linux Version 2018.1
Table 3: Test Setup for independent testing
This hardware and software configuration has been used to establish a complete testing
network including the TOE in every equivalence class (Eq Cl).
During the tests the TOE runs on four different hardware appliances according to each
equivalence class. In most of the test cases the TOE communicates with a Server (LDAP,
RADIUS or Syslog). Additionally the TOE has been set up between the systems and SRC
to conduct the evaluator tests. The systems are connected using Ethernet connection and
a VPN Tunnel.
Test Cases and results
All developer tests were redone during the visit of the test lab in Denver(CO) USA 08th to
12th of October 2018.
The following table shows six of the conducted developer tests and their test results.
• Login via SSH as LDAP user and verify that login is successful
• No non-admin defined MOF class may supersede the default admin account for that
MOF by showing the current admin permissions.
• Deletion of private key and known hosts
• Validation of open ports from an external system
• Creation of an initial Zone on the switch
• Expiration of user password of ‘user’
The overall test result is that no deviations were found between the expected and the
actual test results.
The following list briefly summarizes the test subset devised by the evaluator:
20 / 31
BSI-DSZ-CC-1097-2019 Certification Report
• Try to connect SSH with unsupported ciphers (Negative Test)
• Try to connect SSH with supported cipher (Positive Test)
• Try to connect TOE to server with not imported Certification Authority (Nega-tive
Test)
• Try to connect TOE to server with not supported cipher (Negative Test)
• Try to establish SSH connection to TOE (Positive Test)
• Try to establish SSH connection to TOE after deleting knownhosts (Positive Test)
• Try to establish SSH connection to TOE after manipulating knoen host key of the
TOE (Positive Test)
• Test of the SSH connection Timeout after establishment (Positive Test)
• Test of the dev/random function (Negative Test)
The independent test subset consists of six individual tests. TSFI_1, TSFI_3, TSFI_4 and
TSFI_7 were tested. The remaining TSFIs and conditions (with and without permission for
each file) were tested during the developer’s tests.
All actual test results were consistent with the expected test results.
7.2. Vulnerability Analysis
Overview
The penetration testing was partially performed using the developer’s testing environment,
partially using the test environment of the ITSEF.
Equivalence classes of TOE configurations were identified. At least one TOE configuration
of every equivalence class was tested.
The overall test result is that no deviations were found between the expected and the
actual test results; moreover, no attack scenario with the attack potential Basic was
actually successful.
Tests and Results
SFRs taken from Cryptographic support (FCS), regarding to RNG, SSH and TLS, were
penetration tested. The remaining SFRs were analyzed, but not penetration tested due to
non-exploitability of the related attack scenarios in the TOE’s operational environment also
including an attacker with a Basic attack potential.
The overall test result is that no deviations were found between the expected and the
actual test results. No attack scenario with the attack potential Basic was actually
successful in the TOE’s operational environment as defined in [6] provided that all
measures required by the developer are applied.
8. Evaluated Configuration
The evaluated configuration is the Brocade FabricOS version 8.2.0a2 software configured
as instructed by the preparatory documentation called “BSI Common Criteria Configuration
Guide” [9] and pre-installed on Brocade Directors and Switches hardware appliances.
By using the preparatory documentation all models run the same configuration of the
FabricOS Version 8.2.0a2 software.
21 / 31
Certification Report BSI-DSZ-CC-1097-2019
The Brocade Directors and Switches hardware appliances are available in two form
factors:
• a rack-mount Director chassis with a variable number of blades, or
• a self-contained switch appliance device.
The following table summarizes the hardware equivalence classes and the relevant
characteristics that distinguish each class:
EQ I EQ II EQ III EQ IV
Gen 5 Switch
Appliance
Gen 5 Director
w/ CP blades
Gen 6 Switch
Appliance
Gen 6 Director
w/ CP blades
Platforms 7840, 6510,
6520
DCX 8510-4,
DCX 8510-8
G620, G630 X6-4, X6-8
ASIC Goldeneye2 and
Condor3
Condor3 Condor4 Condor4
Speed 4G to 16Gb 4G to 16Gb 8G to 32G 8G to 32G
Credit Buffers 700 to 8192 8192 2048 2048
Zones 4K to 8K 8K 2MB 1MB
Max Trunk Ports 8 8 8 8
Note: Downloading and installing Brocade FabricOS version 8.2.0a2 in the field will not
lead to an evaluated configuration.
The evaluated configuration does not apply to all the features of the software. Applicable
commands to configure or disable excluded features are detailed in the pre-requisites and
configuration chapters of the BSI Common Criteria Configuration Guide [9].
9. Results of the Evaluation
9.1. CC specific results
The Evaluation Technical Report (ETR) [7] was provided by the ITSEF according to the
Common Criteria [1], the Methodology [2], the requirements of the Scheme [3] and all
interpretations and guidelines of the Scheme (AIS) [4] as relevant for the TOE.
The Evaluation Methodology CEM [2] was used.
For RNG assessment the scheme interpretations AIS 20 and AIS 31 were used (see [4]).
As a result of the evaluation the verdict PASS is confirmed for the following assurance
components:
• All components of the EAL 2 package including the class ASE as defined in the CC
(see also part C of this report)
• The components ALC_FLR.2 augmented for this TOE evaluation.
The evaluation has confirmed:
22 / 31
BSI-DSZ-CC-1097-2019 Certification Report
• for the Functionality: Product specific Security Target
Common Criteria Part 2 extended
• for the Assurance: Common Criteria Part 3 conformant
EAL 2 augmented by ALC_FLR.2
● The results of the evaluation are only applicable to the TOE as defined in chapter 2 and
the configuration as outlined in chapter 8 above.
9.2. Results of cryptographic assessment
The strength of the cryptographic algorithms was not rated in the course of this certification
procedure (see BSIG Section 9, Para. 4, Clause 2). But cryptographic functionalities with a
security level of lower than 100 bits can no longer be regarded as secure without
considering the application context. Therefore, for these functionalities it shall be checked
whether the related crypto operations are appropriate for the intended system. Some
further hints and guidelines can be derived from the 'Technische Richtlinie BSI TR-02102'
(https://www.bsi.bund.de).
The following table gives an overview of the cryptographic functionalities inside the TOE
to enforce the security policy and outlines its rating from cryptographic point of view. Any
Cryptographic Functionality that is marked in column 'Security Level above 100 Bits' of the
following table with 'no' achieves a security level of lower than 100 Bits (in general context)
only.
No. Purpose Cryptographic
Mechanism
Standard of
Implementation
Key Size
in Bits
Security
Level
above 100
Bits
Comments
1 Authenticity RSA signature
verification for TLS
RSAES-PKCS1-v1_5
[PKCS#1 v2.1],
[FIPS180-4] (SHA),
[RFC5246] (TLS v1.2)
modulus
length =
2048 bit
Yes
2 RSA signature
verification for SSH
RSASSA-PKCS1-
v1_5
(authentication of
SSH Host)
[PKCS#1 v2.1],
[FIPS180-4] (SHA),
[RFC4252] (SSH-AUTH)
modulus
length =
2048 bit
Yes
3 Authentication based
on user name and
password for SSH
Ch. 5 of [RFC4252]
(SSH-AUTH)
Guess
success
probability
ε ≤ 10-8
Yes Recommen
dation of
Guidances
has to be
followed.
4 Key
Agreement
Diffie-Hellman key
agreement for SSH
(Diffie-Hellman-
group14-sha1)
DH [RFC4253] (SSH
v2.0), [RFC3526]
(MODP)
plength =
2048
Yes
5 Diffie-Hellman key
agreement for SSHv2
(diffie-hellman-group-
exchange-sha256)
DH [RFC4419] (SSH
v2.0)
plength =
2048
Yes
23 / 31
Certification Report BSI-DSZ-CC-1097-2019
No. Purpose Cryptographic
Mechanism
Standard of
Implementation
Key Size
in Bits
Security
Level
above 100
Bits
Comments
6 HMAC value
generation for SSH
(PRF)
HMAC with SHA-1
[FIPS180-4] (SHA),
[RFC4253] (SSH v2.0)
128 bit Yes
7 Encrypted exchange
of pre-master secret
for TLS
RSA-encryption
RSAES-PKCS1-v1_5
(TLS_RSA)
[RFC5246] (TLS_RSA),
[PKCS#1 v2.1]
2048 bit Yes
8 Encrypted exchange
of pre-master secret
for TLS
DH ([HaC]) with
group14 (TLS_DHE)
from [RFC5246] (TLS
v1.2)
2048 bit Yes
9 HMAC value
generation for TLS
(PRF)
HMAC with SHA-256,
SHA-384
[FIPS180-4] (SHA),
[RFC2104] (HMAC),
[RFC5246] (TLS v1.2)
256 bit and
384 bit
Yes
10 Integrity HMAC value
generation and
verification for SSH
HMAC with SHA1,
SHA-256, SHA-512
[FIPS180-4] (SHA),
[RFC2104] (HMAC),
[RFC4253] (SSH v2.0),
[RFC6668] (SHA-2 for
SSH)
128, 256
bit and 512
bit
Yes
11 HMAC value
generation and
verification for TLS
HMAC with SHA-1,
SHA-256,SHA-384
[FIPS180-4] (SHA),
[RFC2104] (HMAC),
[RFC5246] (TLS v1.2)
128 bit,
256 bit,
and 384 bit
Yes
12 Confident-
iality
Symmetric encryption
and decryption for
SSH
AES in CBC mode
AES in CTR mode
[FIPS-197] (AES), [SP
800-38A] (CBC), [SP
800-38A] (CTR),
[RFC4253] (SSH v2.0)
128 bit,
and 256 bit
Yes
24 / 31
BSI-DSZ-CC-1097-2019 Certification Report
No. Purpose Cryptographic
Mechanism
Standard of
Implementation
Key Size
in Bits
Security
Level
above 100
Bits
Comments
13 Symmetric encryption
and decryption for
TLS
AES in CBC mode
AES in GCM mode
[FIPS-197] (AES), [SP
800-38A] (CBC), [SP
800-38D] (GCM),
[RFC5246] (TLS v1.2)
128 bit,
and 256 bit
Yes
14 Trusted
Channel
SSHv2 [RFC4253] - Yes
15 TLSv1.2 [RFC5246] - Yes
16
Cryptographi
c Primitive
Deterministic RNG
DRG.2
AIS 20/31 RNG DRG.2 2048 bit
n.a
n.a.
Table 4: TOE cryptographic functionality
10. Obligations and Notes for the Usage of the TOE
The documents as outlined in table 2 contain necessary information about the usage of the
TOE and all security hints therein have to be considered. In addition all aspects of
Assumptions, Threats and OSPs as outlined in the Security Target not covered by the TOE
itself need to be fulfilled by the operational environment of the TOE.
The customer or user of the product shall consider the results of the certification within his
system risk management process. In order for the evolution of attack methods and
techniques to be covered, he should define the period of time until a re-assessment of the
TOE is required and thus requested from the sponsor of the certificate.
The limited validity for the usage of cryptographic algorithms as outlined in chapter 9 has
to be considered by the user and his system risk management process, too.
11. Security Target
For the purpose of publishing, the Security Target [6] of the Target of Evaluation (TOE) is
provided within a separate document as Annex A of this report.
12. Definitions
12.1. Acronyms
AAA Authentication, Authorization, and Accounting
AIS Application Notes and Interpretations of the Scheme
BSI Bundesamt für Sicherheit in der Informationstechnik / Federal Office for
Information Security, Bonn, Germany
BSIG BSI-Gesetz / Act on the Federal Office for Information Security
CCRA Common Criteria Recognition Arrangement
25 / 31
Certification Report BSI-DSZ-CC-1097-2019
CC Common Criteria for IT Security Evaluation
CEM Common Methodology for Information Technology Security Evaluation
CLI Command Line Interface
cPP Collaborative Protection Profile
DMZ Demilitarized Zone
EAL Evaluation Assurance Level
ETR Evaluation Technical Report
FC Fiber Channel
HBA Host Bus Adapter
IT Information Technology
ITSEF Information Technology Security Evaluation Facility
PP Protection Profile
RADIUS Remote Authentication Dial In User Service
SAN Storage Area Network
SAR Security Assurance Requirement
SFP Security Function Policy
SFR Security Functional Requirement
SSH Secure Shell
ST Security Target
TOE Target of Evaluation
TSF TOE Security Functionality
12.2. Glossary
Augmentation - The addition of one or more requirement(s) to a package.
Collaborative Protection Profile - A Protection Profile collaboratively developed by an
International Technical Community endorsed by the Management Committee.
Extension - The addition to an ST or PP of functional requirements not contained in CC
part 2 and/or assurance requirements not contained in CC part 3.
Formal - Expressed in a restricted syntax language with defined semantics based on well-
established mathematical concepts.
Informal - Expressed in natural language.
Object - A passive entity in the TOE, that contains or receives information, and upon which
subjects perform operations.
Package - named set of either security functional or security assurance requirements
Protection Profile - A formal document defined in CC, expressing an implementation
independent set of security requirements for a category of IT Products that meet specific
consumer needs.
26 / 31
BSI-DSZ-CC-1097-2019 Certification Report
Security Target - An implementation-dependent statement of security needs for a specific
identified TOE.
Semiformal - Expressed in a restricted syntax language with defined semantics.
Subject - An active entity in the TOE that performs operations on objects.
Target of Evaluation - An IT Product and its associated administrator and user guidance
documentation that is the subject of an Evaluation.
TOE Security Functionality - Combined functionality of all hardware, software, and
firmware of a TOE that must be relied upon for the correct enforcement of the SFRs.
13. Bibliography
[1] Common Criteria for Information Technology Security Evaluation, Version 3.1,
Part 1: Introduction and general model, Revision 5, April 2017
Part 2: Security functional components, Revision 5, April 2017
Part 3: Security assurance components, Revision 5, April 2017
https://www.commoncriteriaportal.org
[2] Common Methodology for Information Technology Security Evaluation (CEM),
Evaluation Methodology, Version 3.1, Rev. 5, April 2017,
https://www.commoncriteriaportal.org
[3] BSI certification: Scheme documentation describing the certification process (CC-
Produkte) and Scheme documentation on requirements for the Evaluation Facility,
approval and licencing (CC-Stellen), https://www.bsi.bund.de/zertifizierung
[4] Application Notes and Interpretations of the Scheme (AIS) as relevant for the TOE8
https://www.bsi.bund.de/AIS
[5] German IT Security Certificates (BSI 7148), periodically updated list published also
on the BSI Website, https://www.bsi.bund.de/zertifizierungsreporte
[6] Security Target BSI-DSZ-CC-1097-2019, Version 1.02, September 24, 2019,
Brocade Communications Systems LLC FabricOS Version 8.2.0a2 Running on
Brocade Directors and Switches Security Target, Brocade Communications Systems
LLC
[7] Evaluation Technical Report, Version 1.4, 30.09.2019, Evaluation Technical Report
(ETR) Summary, SRC Security Research & Consulting GmbH (confidential
document)
[8] Brocade Configuration Management Plan, Version 4.9, September 17, 2019,
(confidential document)
[9] Brocade - Brocade Fabric OS 8.2.0a BSI User Guide – Technical Publication FOS-
802a-BSI-UG100, 18 January 2019, file name: fos-bsiguide-v820x-20190118.pdf
8
specifically
• AIS 20, Version 3, Funktionalitätsklassen und Evaluationsmethodologie für deterministische
Zufallszahlengeneratoren
• AIS 31, Version 3, Funktionalitätsklassen und Evaluationsmethodologie für physikalische
Zufallszahlengeneratoren
• AIS 32, Version 7, CC-Interpretationen im deutschen Zertifizierungsschema
27 / 31
Certification Report BSI-DSZ-CC-1097-2019
[10] Brocade - Brocade Fabric OS - Administration Guide, 8.2.0a –53-1005237-05, 10
May 2018
[11] Brocade - Brocade Fabric OS Command Reference, 8.2.0a, 53-1005241-04, 10
April 2018
[12] Brocade - Brocade Fabric OS Message Reference, 8.2.0a, 53-1005249-04, 10 April
2018
[13] Brocade - Brocade Fabric OS Troubleshooting and Diagnostics Guide, 8.2.0, 53-
1005252-03, 10 April 2018
28 / 31
BSI-DSZ-CC-1097-2019 Certification Report
C. Excerpts from the Criteria
For the meaning of the assurance components and levels the following references to the
Common Criteria can be followed:
• On conformance claim definitions and descriptions refer to CC part 1 chapter 10.5
• On the concept of assurance classes, families and components refer to CC Part 3
chapter 7.1
• On the concept and definition of pre-defined assurance packages (EAL) refer to CC
Part 3 chapters 7.2 and 8
• On the assurance class ASE for Security Target evaluation refer to CC Part 3
chapter 12
• On the detailled definitions of the assurance components for the TOE evaluation
refer to CC Part 3 chapters 13 to 17
• The table in CC part 3 , Annex E summarizes the relationship between the
evaluation assurance levels (EAL) and the assurance classes, families and
components.
The CC are published at https://www.commoncriteriaportal.org/cc/
29 / 31
Certification Report BSI-DSZ-CC-1097-2019
D. Annexes
List of annexes of this certification report
Annex A: Security Target provided within a separate document.
30 / 31
BSI-DSZ-CC-1097-2019 Certification Report
Note: End of report
31 / 31