Australasian Information
Security Evaluation Program
Juniper Networks, Inc. Junos 12.3 X48-D30
for SRX XLR Platforms
Certification Report
2016/104
21-12-2016
Version 1.0
Commonwealth of Australia 2016
Reproduction is authorised provided
that the report is copied in its entirety.
21-December-2016 Version 1.0 ii
Amendment Record
Version Date Description
0.1 08-12-2016 Internal
0.2 21-12-2016 Internal
1.0 21-12-2016 External release
21-December-2016 Version 1.0 iii
Executive Summary
This report describes the findings of the IT security evaluation of Juniper Networks,
Inc. Junos 12.3 X48-D30 for SRX XLR Platforms against Common Criteria and
Protection Profiles.
The Target of Evaluation (TOE) is Juniper Networks, Inc. Junos 12.3 X48-D30 for
SRX XLR Platforms. The TOE is a product that is designed to provide for the support
of the definition and enforcement of information flow policies among network nodes.
Routers provide for stateful packet inspection of every packet that traverses the
network and provides centralised management functions to manage and administer the
network security policy. All information flowing from one network node to another
will pass through an instance of the TOE. Juniper Networks security devices
accomplish routing through a process called a Virtual Router (VR). A security device
divides its routing component into two or more VRs with each VR maintaining its
own list of known networks in the form of a routing table, routing logic, and
associated security zones.
The functionality defined in the Security Target that was subsequently evaluated is
summarised as follows:
 Security Audit – JUNOS auditable events are stored in the Syslog files, and
can be sent to an external log server (via IPSec). Auditable events include
start-up and shutdown of the audit functions, authentication events, service
requests, as well as numerous other security events. Audit records include the
date and time, event category, event type, username, and the outcome of the
event (success or failure). Local Syslog storage limits are configurable and are
monitored. In the event of storage limits being reached the oldest logs will be
overwritten.
 Cryptological Support – baseline cryptological module is included to provide
confidentiality and integrity services for authentication.
 User Data Protection – The TOE is designed to forward network packets
(i.e., information flows) from source network entities to destination network
entities based on available routing information. This information is either
provided directly by TOE users or indirectly from other network entities
(outside the TOE) configured by the TOE users.
 Information Flow - The TOE has the capability to regulate the information
flow across its interfaces; traffic filters can be set in accordance with the
presumed identity of the source, the identity of the destination, the transport
layer protocol, the source service identifier, and the destination service
identifier (TCP or UDP port number).
 Identification and Authentication – The TOE requires users to provide
unique identification and authentication data before any administration access
to the system is granted. The devices also require that applications exchanging
information with them successfully authenticate prior to any exchange. This
covers Secure Shell (SSH) used to exchange information.
21-December-2016 Version 1.0 iv
 Security Management – The TOE provides an authorised Administrator role
that is responsible for-
o the configuration and maintenance of cryptographic elements related to
the establishment of secure connections to and from the evaluated
product
o the regular review of all audit data
o all other administrative tasks (e.g., creating the security policy) and
o the devices are managed through a Command Line Interface (CLI).
The CLI is accessible through remote administrative session.
 Protection of the TSF – The TOE provides a protection mechanism for its
security functions, including cryptological keys and administrator passwords
The TOE provides for both cryptographic and non-cryptographic self-tests,
and is capable of automated recovery from failure states. Also, reliable
timestamp is made available by the TOE
 TOE Access – The TOE can be configured to terminate inactive sessions.
 Trusted Path / Channels – The TOE creates trusted channels between itself
and remote, trusted authorised IT product and remote administrator
 Stateful Traffic Filtering – The TOE provides stateful network traffic
filtering based on examination of network packets and the application of
information flow rules.
 Intrusion Prevention - The TOE can be configured to analyse IP-based
network traffic forwarded to the TOE’s interfaces, and detect violations of
administratively-defined IPS policies. The TOE is capable of initiating a
proactive response to terminate/interrupt an active potential threat, and to
initiate a response in real time that would cause interruption of the suspicious
traffic flow.
The report concludes that the product has complied with the Security Requirements
for Network Devices, version 1.1 (NDPP), Network Device Protection Profile
Extended Package Stateful Traffic Filter Firewall version 1.0 (FWEP) and Network
Device Protection Profile (NDPP) Extended Package for Intrusion Prevention
Systems (IPSEP) and that the evaluation was conducted in accordance with the
Common Criteria and the requirements of the Australasian Information Security
Evaluation Program (AISEP). The evaluation was performed by BAE Systems
Applied Intelligence and was completed on 20 October 2016.
With regard to the secure operation of the TOE, the Australasian Certification
Authority (ACA) recommends that administrators:
a) Ensure that the TOE is operated in the evaluated configuration and that
assumptions concerning the TOE security environment are fulfilled
b) Configure and operate the TOE according to the vendor’s product
administrator guidance
c) Maintain the underlying environment in a secure manner so that the integrity
of the TOE Security Function is preserved.
d) The Evaluators also recommend that the administrator verify the hash of the
downloaded software, as present on the Juniper Website.
21-December-2016 Version 1.0 v
e) Note that in the evaluated configuration the TOE permits only main mode to
be configured for IKEv1 Phase 1 exchanges.
This report includes information about the architecture of the TOE, and information
regarding the conduct of the evaluation.
It is the responsibility of the user to ensure that the TOE meets their requirements. For
this reason, it is recommended that a prospective user of the TOE refer to the Security
Target and read this Certification Report prior to deciding whether to purchase the
product.
21-December-2016 Version 1.0 vi
Contents
Chapter 1 – Introduction ...............................................................................1
1.1 .............................................................................................1
Overview
1.2 ...............................................................................................1
Purpose
1.3 ........................................................................................1
Identification
Chapter 2 – Target of Evaluation..................................................................3
2.1 .............................................................................................3
Overview
2.2 ........................................................................3
Description of the TOE
2.3 ................................................................................3
TOE Functionality
2.4 .................................................................................4
TOE Architecture
2.5 ..........................................................................5
Clarification of Scope
2.5.1 ................................................................................... 5
Evaluated Functionality
2.5.2 ...................................................... 5
Non-evaluated Functionality and Services
2.6 ...............................................................................................6
Security
2.6.1 ................................................................................................. 6
Security Policy
2.7 ..................................................................................................6
Usage
2.7.1 Evaluated Configuration.................................................................................... 6
2.7.2 ............................................................................................... 6
Secure Delivery
2.7.3 ..................................................................................... 7
Installation of the TOE
2.8 .............................................................................7
Version Verification
2.9 .............................................................8
Documentation and Guidance
2.10 .....................................................................................8
Secure Usage
Chapter 3 – Evaluation ..................................................................................9
3.1 .............................................................................................9
Overview
3.2 ........................................................................9
Evaluation Procedures
3.3 ................................................................................................9
Testing
3.3.1 Testing Coverage.............................................................................................. 9
3.4 ...................................................................................9
Entropy Testing
3.5 .............................................................................9
Penetration Testing
Chapter 4 – Certification .............................................................................11
4.1 ...........................................................................................11
Overview
4.2 .........................................................................................11
Assurance
4.3 ............................................................................11
Certification Result
4.4 ............................................................................11
Recommendations
Annex A – References and Abbreviations.................................................13
A.1 ........................................................................................13
References
21-December-2016 Version 1.0 vii
21-December-2016 Version 1.0 viii
A.2 ....................................................................................14
Abbreviations
Chapter 1 – Introduction
1.1 Overview
This chapter contains information about the purpose of this document and how to
identify the Target of Evaluation (TOE).
1.2 Purpose
The purpose of this Certification Report is to:
a) Report the certification of results of the IT security evaluation of the
Juniper Networks, Inc. Junos 12.3 X48-D30 for SRX XLR Platforms
against the requirements of the Common Criteria (CC), the NDPP v1.1,
FWEP v1.0 and the IPSEP 1.0.
b) Provide a source of detailed security information about the TOE for any
interested parties.
This report should be read in conjunction with the TOE’s Security Target (Ref 1)
which provides a full description of the security requirements and specifications that
were used as the basis of the evaluation.
1.3 Identification
The TOE is Juniper Networks, Inc. Junos 12.3 X48-D30 for SRX XLR Platforms.
Table 1 Identification Information
Description Version
Evaluation Scheme Australasian Information Security Evaluation
Program.
TOE Juniper Networks, Inc. Junos 12.3 X48-D30 for
SRX XLR Platforms.
Software Version 12.3 X48-D30
Hardware Platforms SRX1400, SRX 3400, SRX3600, SRX5400,
SRX 5400E, SRX5600, SRX5600E, SRX 5800
and SRX5800E with SPC 2-10-20
Security Target Junos 12.3 X48-D30 for SRX XLR Platforms,
Version 1.2, dated 09 February 2017
Evaluation Technical
Report
Evaluation Technical Report Junos 12.3 X48-
D30 for SRX XLR Platforms, dated 09
December 2016
21-December 2016 Version 1.0 1
Criteria Common Criteria for Information Technology
Security Evaluation Part 2 Extended and Part 3
Conformant, September 2012, Version
3.1.Rev 4
Methodology Common Methodology for Information
Technology Security September 2012, Version
3.1.Rev 4
Conformance NDPP v1.1
FWEP v1.0
IPSEP v1.0
Security Requirements for Network Devices
Errata #3
Developer Juniper Networks Inc
1133 Innovation Way, Sunnyvale, California,
94089, United States
Evaluation Facility BAE Systems Applied Intelligence
Level 1, 14 Childers Street
Canberra ACT 2600
21-December 2016 Version 1.0 2
Chapter 2 – Target of Evaluation
2.1 Overview
This chapter contains information about the Target of Evaluation (TOE), including a
description of functionality provided, its architectural components, the scope of
evaluation, security policies, and its secure usage.
2.2 Description of the TOE
The TOE is Junos 12.3 X48-D30 for SRX XLR Platforms. XLR refers to the specific
range of Broadcom processors implemented in the selected hardware platforms.
The TOE is a product that is designed to provide for the support of the definition and
enforcement of information flow policies among network nodes. Routers provide for
stateful packet inspection of every packet that traverses the network and provides
centralised management functions to manage and administer the network security
policy. All information flowing from one network node to another will pass through
an instance of the TOE.
Information flow is controlled on the basis of network node addresses, protocol, type
of access requested, and services requested. In support of the information flow
security functions, the TOE ensures that security-relevant activity is audited, that their
own functions are protected from potential attacks, and provides the security tools to
manage all of the security functions.
The TOE also implements Intrusion Prevention System functionality. It is able to
monitor information flows to detect potential attacks based on both pre-defined attack
signature and anomaly characteristics in the traffic.
2.3 TOE Functionality
The functionality defined in the Security Target that was subsequently evaluated is
summarised as follows:
 Security Audit – JUNOS auditable events are stored in the Syslog files, and
can be sent to an external log server (via IPSec). Auditable events include
start-up and shutdown of the audit functions, authentication events, service
requests, as well as numerous other security events. Audit records include the
date and time, event category, event type, username, and the outcome of the
event (success or failure). Local Syslog storage limits are configurable and are
monitored. In the event of storage limits being reached the oldest logs will be
overwritten.
 Cryptological Support – baseline cryptological module is included to provide
confidentiality and integrity services for authentication.
 User Data Protection – The TOE is designed to forward network packets
(i.e., information flows) from source network entities to destination network
21-December 2016 Version 1.0 3
 Information Flow - The TOE has the capability to regulate the information
flow across its interfaces; traffic filters can be set in accordance with the
presumed identity of the source, the identity of the destination, the transport
layer protocol, the source service identifier, and the destination service
identifier (TCP or UDP port number).
 Identification and Authentication – The TOE requires users to provide
unique identification and authentication data before any administration access
to the system is granted. The devices also require that applications exchanging
information with them successfully authenticate prior to any exchange. This
covers Secure Shell (SSH) used to exchange information.
 Security Management – The TOE provides an authorised Administrator role
that is responsible for-
o the configuration and maintenance of cryptographic elements related to
the establishment of secure connections to and from the evaluated
product
o the regular review of all audit data
o all other administrative tasks (e.g. creating the security policy)
o The devices are managed through a Command Line Interface (CLI).
The CLI is accessible through remote administrative session.
 Protection of the TSF – The TOE provides a protection mechanism for its
security functions, including cryptological keys and administrator passwords
The TOE provides for both cryptographic and non-cryptographic self-tests,
and is capable of automated recovery from failure states. Also, reliable
timestamp is made available by the TOE
 TOE Access – The TOE can be configured to terminate inactive sessions.
 Trusted Path / Channels – The TOE creates trusted channels between itself
and remote, trusted authorised IT product and remote administrator.
 Stateful Traffic Filtering – The TOE provides stateful network traffic
filtering based on examination of network packets and the application of
information flow rules.
 Intrusion Prevention - The TOE can be configured to analyse IP-based
network traffic forwarded to the TOE’s interfaces, and detect violations of
administratively-defined IPS policies. The TOE is capable of initiating a
proactive response to terminate/interrupt an active potential threat, and to
initiate a response in real time that would cause interruption of the suspicious
traffic flow.
2.4 TOE Architecture
The TOE consists of the following major architectural components:
 The Routing Engine (RE) runs the JUNOS software and provides Layer 3
routing services and network management for all operations necessary for the
21-December 2016 Version 1.0 4
 The Packet Forwarding Engine (PFE) provides all operations necessary for
transit packet forwarding
Juniper Networks security devices accomplish routing through a process called a
Virtual Router (VR). A security device divides its routing component into two or
more VRs with each VR maintaining its own list of known networks in the form of a
routing table, routing logic, and associated security zones.
The TOE is managed and configured via Command Line Interface, which can be
access via a console port or remotely using SSH connections, and does not depend on
FTP or SSL to operate correctly.
The marketing name for the board that implements the PFE on the SRX 5000 series is
the Services Processing Card (SPC). There are two models of the SPC available for
the SRX 5000 series, but only one was evaluated. No other SRX models have a
similar option.
2.5 Clarification of Scope
The evaluation was conducted in accordance with the Common Criteria and
associated methodologies.
The evaluated configuration is based on the default installation of the TOE with
additional configuration implemented as per the guidance documentation (Ref 2).
The scope of the evaluation was limited to those claims made in the Security Target
(Ref 1).
2.5.1 Evaluated Functionality
All tests performed during the evaluation were taken from NDDP (Ref 3), FWEP (Ref
4) and IPSEP (Ref 5) and sufficiently demonstrate the security functionality of the
TOE. Some of the tests were combined for ease of execution.
2.5.2 Non-evaluated Functionality and Services
Potential users of the TOE are advised that some functions and services have not been
evaluated as part of the evaluation. Potential users of the TOE should carefully
consider their requirements for using functions and services outside of the evaluated
configuration; Australian Government users should refer to Australian Government
Information Security Manual (ISM) (Ref 6) for policy relating to using an evaluated
product in an un-evaluated configuration. New Zealand Government users should
consult the Government Communications Security Bureau (GCSB).
The following components are considered outside of the scope of the TOE:
 Secure Socket Layer (SSL)
21-December 2016 Version 1.0 5
 External syslog server
 Use of telnet, since it violates the Trusted Path requirement set (see Security
Requirements)
 Use of FTP, since it violates the Trusted Path requirement set (see Security
Requirements)
 Use of SNMP, since it violates the Trusted Path requirement set (see Security
Requirements)
 Management via J-Web, since it violates the Trusted Path requirement set (see
Security Requirements)
 Media use (other than during installation of the TOE)
 TLS
2.6 Security
2.6.1 Security Policy
The TOE Security Policy (TSP) is a set of rules that defines how the information
within the TOE is managed and protected. The Security Target (Ref 1) contains a
summary of the functionality to be evaluated.
2.7 Usage
2.7.1 Evaluated Configuration
The TOE consists of the Juniper Networks, Inc. Junos 12.3 X48-D30 for SRX XLR
Platforms. The evaluation was conducted on the default installation and configuration
of the TOE with additional guidance and configuration information drawn from the
configuration guidance (Ref 2).
2.7.2 Secure Delivery
To ensure that the software received is the evaluated product the customer must check
the version details received against the list specified in the TOE. The customer should
perform the following checks to ensure that they have received the correct version of
the TOE.
The verification of the TOE is largely automatic, as demonstrated in testing. The TOE
cannot load a modified software image. Authentic software images can be
downloaded from https://www.juniper.net In addition to the automated verification,
the site includes individual MD5 hashes for each image. The administrator should
verify the hash of the software before installing it into the hardware platform.
There are several mechanisms provided in the delivery process to ensure that a
customer receives a product that has not been tampered with. The customer should
perform the following checks upon receipt of a device to verify the integrity of the
platform.
 Shipping label - Ensure that the shipping label correctly identifies the correct
customer name and address as well as the device.
21-December 2016 Version 1.0 6
 Outside packaging - Inspect the outside shipping box and tape. Ensure that the
shipping tape has not been cut or otherwise compromised. Ensure that the box
has not been cut or damaged to allow access to the device.
 Inside packaging - Inspect the plastic bag and seal. Ensure that the bag is not
cut or removed. Ensure that the seal remains intact.
If the customer identifies a problem during the inspection, he or she should
immediately contact the supplier. Provide the order number, tracking number, and a
description of the identified problem to the supplier.
Additionally, there are several checks that can be performed to ensure that the
customer has received a box sent by Juniper Networks and not a different company
masquerading as Juniper Networks. The customer should perform the following
checks upon receipt of a device to verify the authenticity of the device:
 Verify that the device was ordered using a purchase order. Juniper Networks
devices are never shipped without a purchase order.
 When a device is shipped, a shipment notification is sent to the e-mail address
provided by the customer when the order is taken. Verify that this e-mail
notification was received.
 Verify that the e-mail contains the following information:
o Purchase order number
o Juniper Networks order number used to track the shipment
o Carrier tracking number used to track the shipment
o List of items shipped including serial numbers.
o Address and contacts of both the supplier and the customer
 Verify that the shipment was initiated by Juniper Networks. To verify that a
shipment was initiated by Juniper Networks, you should perform the following
tasks:
o Compare the carrier tracking number of the Juniper Networks order
number listed in the Juniper Networks shipping notification with the
tracking number on the package received.
o Log on to the Juniper Networks online customer support portal at
https://www.juniper.net/customers/csc/management to view the order
status.
o Compare the carrier tracking number or the Juniper Networks order
number listed in the Juniper Networks shipment notification with the
tracking number on the package received.
2.7.3 Installation of the TOE
The guidance documentation (Ref 2) contains all relevant information for the secure
configuration of the TOE.
2.8 Version Verification
The verification of the TOE is largely automatic. This was demonstrated in testing.
The TOE cannot load a modified software image. Authentic software images can be
downloaded from https://www.juniper.net. In addition to the automated verification,
the site includes individual MD5 hashes for each image. The administrator should
verify the hash of the software before installing it into the hardware platform.
21-December 2016 Version 1.0 7
2.9 Documentation and Guidance
It is important that the TOE is used in accordance with guidance documentation in
order to ensure secure usage. The following documentation is available to the
consumer when the TOE is purchased:
 Junos® OS Common Criteria and Junos Evaluated Configuration Guide for
SRX Series Security Devices, Release 12.3X48-D30, 28-Jul-16
 Junos® OS CLI User Guide, Release 12.3, 13-Jun-16
 Junos® OS Installation and Upgrade Guide, Release 12.3, 17-Jun-16
 Junos® OS System Basics: Getting Started Configuration Guide, Release
12.3, 10-Jun-16
 Junos® OS Intrusion Protection and Prevention Feature Guide for Security
Devices, Release 12.3X48-D10, 12-Jan-16
 Junos® 12.3 X48 for SRX Series Platforms – SRX Guidance Annex, Version
1.0, 17-Jan-17
All guidance material is available for download at www.juniper.net. All common
criteria guidance material is available at www.commoncriteriaportal.org. The
Information Security Manual (ISM) is available at www.asd.gov.au.
2.10 Secure Usage
The evaluation of the TOE took into account certain assumptions about its operational
environment. These assumptions must hold in order to ensure the security objectives
of the TOE are met.
A.NO_GENERAL_PURPOSE
It is assumed that there are no general-purpose computing capabilities (e.g., compilers
or user applications) available on the TOE, other than those services necessary for the
operation, administration and support of the TOE.
A.PHYSICAL
Physical security, commensurate with the value of the TOE and the data it contains, is
assumed to be provided by the environment.
A.TRUSTED_ADMIN
TOE Administrators are trusted to follow and apply all administrator guidance in a
trusted manner.
A.CONNECTIONS
It is assumed that the TOE is connected to distinct networks in a manner that ensures
that the TOE security policies will be enforced on all applicable network traffic
flowing among the attached networks.
21-December 2016 Version 1.0 8
Chapter 3 – Evaluation
3.1 Overview
This chapter contains information about the procedures used in conducting the
evaluation, the testing conducted as part of the evaluation and the certification result.
3.2 Evaluation Procedures
The criteria against which the Target of Evaluation (TOE) has been evaluated are
contained in the NDPP (Ref 3), FWEP (Ref 4), IPSEPv1.0, (Ref 5) and Common
Criteria for Information Technology Security Evaluation Version 3.1 Revision 4,
Parts 2 and 3 (Refs 7 and 8).
The methodology used is described in the Common Methodology for Information
Technology Security Evaluation Version 3.1 Revision 4 (Ref 9).
The evaluation was carried out in accordance with the operational procedures of the
Australasian Information Security Evaluation Program (AISEP) (Ref 10).
In addition, the conditions outlined in the Arrangement on the Recognition of
Common Criteria Certificates in the field of Information Technology Security were
also upheld.
The evaluation was based on the default installation and configuration of the TOE
with additional configuration taken from the guidance documentation (Ref 2).
3.3 Testing
3.3.1 Testing Coverage
All tests performed by the Evaluators were taken from the NDPP, FWEP and IPSEP.
These tests are designed in such a way as to provide a full coverage of testing for all
security functions claimed by the TOE. All SFRs listed in the Security Target and the
Protection Profile packages were exercised during testing.
3.4 Entropy Testing
The entropy design description, justification, operation and health tests are assessed
and documented in a separate report (Ref 11).
3.5 Penetration Testing
The developer performed a vulnerability analysis of the TOE in order to identify any
obvious vulnerability in the product and to show that the vulnerabilities were not
exploitable in the intended environment of the TOE. This analysis included a search
for possible vulnerability sources in publicly-available information.
The following factors have been taken into consideration during the penetration tests:
21-December 2016 Version 1.0 9
a) Time taken to identify and exploit (elapsed time)
b) Specialist technical expertise required (specialist expertise)
c) Knowledge of the TOE design and operation (knowledge of the TOE)
d) Window of opportunity
e) IT hardware/software or other equipment required for the exploitation.
Based on the results of this testing, the Evaluators determined that the TOE is resistant
to an attacker possessing a basic attack potential.
21-December 2016 Version 1.0 10
Chapter 4 – Certification
4.1 Overview
This chapter contains information about the result of the certification, an overview of
the assurance provided and recommendations made by the Certifiers.
4.2 Assurance
This certification is focused on the evaluation of product compliance with a Protection
Profile and the associated functional packages that covers the technology area of
network devices. Agencies can have confidence that the scope of an evaluation
against an ASD approved Protection Profile covers the necessary security
functionality expected of the evaluated product and known security threats will have
been addressed.
The effectiveness and integrity of cryptographic functions are also within the scope of
product evaluations performed in line with Protection Profiles (PPs). PPs provide
assurance by a full security target and an analysis of the SFR in that ST, guidance
documentation and a basic description of the architecture of the TOE, to understand
the security behaviour.
4.3 Certification Result
After due consideration of the conduct of the evaluation as reported to the Certifiers
and of the Evaluation Technical Report (Ref 12) the Australasian Certification
Authority certifies the evaluation of the Juniper Networks, Inc. Junos 12.3 X48-D30
for SRX XLR Platforms product performed by the Australasian Information Security
Evaluation Facility, BAE Applied intelligence.
The AISEF BAE Systems Applied Intelligence has determined that Juniper
Networks, Inc. Junos 12.3 X48-D30 for SRX XLR Platforms uphold the claims made
in the Security Target (Ref 1) and has met the requirements of NDPP (Ref 3), FWEP
(Ref 4) and IPSEP (Ref 5).
The effectiveness and integrity of cryptographic functions are also within the scope of
product evaluations performed in line with Protection Profiles.
The analysis is supported by testing as outlined in the NDPP (3), FWEP (Ref 4) and
IPSEP (Ref 5) assurance activities, and a vulnerability survey demonstrating
resistance to penetration attackers with a basic attack potential.
Compliance also provides assurance through evidence of secure delivery procedures.
Certification is not a guarantee of freedom from security vulnerabilities.
4.4 Recommendations
Not all of the evaluated functionality present in the TOE may be suitable for
Australian and New Zealand Government users. For further guidance, Australian
21-December 2016 Version 1.0 11
Government users should refer to ISM (Ref 6) and New Zealand Government users
should consult the GCSB.
In addition to ensuring that the assumptions concerning the operational environment
are fulfilled and the guidance document is followed, the ACA also recommends that
users and administrators:
a) Ensure that the TOE is operated in the evaluated configuration and that
assumptions concerning the TOE security environment are fulfilled
b) Configure and operate the TOE according to the vendor’s product
administrator guidance
c) Maintain the underlying environment in a secure manner so that the integrity
of the TOE Security Function is preserved
d) The Evaluators also recommend that the administrator verify the hash of the
downloaded software, as present on the Juniper Website
e) Note that in the evaluated configuration, the TOE permits only main mode to
be configured for IKEv1 Phase 1 exchanges.
21-December 2016 Version 1.0 12
Annex A – References and Abbreviations
A.1 References
1. Security Target - Junos 12.3 X48-D30 for SRX XLR Platforms Version 1.2, 09
February 2017
2. Guidance Documentation:
 Junos® OS Common Criteria and Junos Evaluated Configuration Guide for SRX
Series Security Devices, Release 12.3X48-D30, 28-Jul-16
 Junos® OS CLI User Guide, Release 12.3, 13-Jun-16
 Junos® OS Installation and Upgrade Guide, Release 12.3, 17-Jun-16
 Junos® OS System Basics: Getting Started Configuration Guide, Release 12.3, 10-
Jun-16
 Junos® OS Intrusion Protection and Prevention Feature Guide for Security Devices,
Release 12.3X48-D10, 12-Jan-16
 Junos® 12.3 X48 for SRX Series Platforms – SRX Guidance Annex, Version 1.0, 17-
Jan-17
3. US Government approved Protection Profile – Protection Profile for Network
Devices (NDPP) version 1.1 June 8, 2012
4. US Government approved Network Devices Protection Profile – Protection Profile
Stateful Traffic Filter Firewall Extended Package (FWEP) Version 1.0 19
December 2011
5. Network Device Protection Profile (NDPP) Extended Package (EP) for Intrusion
Prevention Systems (IPS) Version 1.0 26 June 2014 (IPSEP)
6. 2016 Australian Government Information Security Manual (ISM), Australian
Signals Directorate
7. Common Criteria for Information Technology Security Evaluation Part 2: Security
functional components September 2014, Version 3.1 Revision 4
8. Common Criteria for Information Technology Security Evaluation Part 3: Security
assurance components September 2014, Version 3.1 Revision 4
9. Common Methodology for Information Technology Security Evaluation,
Evaluation methodology, September 2014 Version 3.1, Revision 4.
10. AISEP Policy Manual Release: 30 August 2011 Version 4.0
11. EFS-T042 - JNPR Junos 12.3 X48 NDPP+FWEP+IDPEP Seeding of the Kernel
RBG, Version 0.2, 15 Sep 2016
12. Evaluation Technical Report JUNOS 12.3 X48-D30 for SRX XLR Platforms
Version 1.0 9 December 2016, Ref EFS-T042-ETR 1.0
21-December 2016 Version 1.0 13
21-December 2016 Version 1.0 14
A.2 Abbreviations
AISEF Australasian Information Security Evaluation Facility
AISEP Australasian Information Security Evaluation Program
ASD Australian Signals Directorate
CC Common Criteria
CEM Common Evaluation Methodology
ETR Evaluation Technical Report
FTP File Transfer Protocol
FWEP US Government approved Network Devices Protection Profile –
Protection Profile Stateful Traffic Filter Firewall Extended Package
GCSB Government Communications Security Bureau
IPsec Internet Protocol security
NTP Network Time Protocol
NDPP US Government approved Protection Profile for Network Devices
IPSEP Network Device Protection Profile (NDPP) Extended Package (EP) for
Intrusion Prevention Systems (IPS)
PP Protection Profile
SFP Security Function Policy
SFR Security Functional Requirements
ST Security Target
TOE Target of Evaluation
TSF TOE Security Functions
TSP TOE Security Policy
XLR Refers to the specific range of Broadcom processors implemented in the
selected hardware platforms.