National Information Assurance Partnership
Common Criteria Evaluation and Validation Scheme
Validation Report
for
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700
Series, 5510 HI Series, 5130 HI Series and 5130 EI Series
Switches
Report Number: CCEVS-VR-VID10671-2016
Dated: 4 March 2016
Version: 1.0
National Institute of Standards and Technology National Security Agency
Information Technology Laboratory Information Assurance Directorate
100 Bureau Drive 9800 Savage Road STE 6940
Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6940
®
TM
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page i of ii
ACKNOWLEDGEMENTS
Validation Team
Jerome Myers
The Aerospace Corporation
Ken Stutterheim
The Aerospace Corporation
Mike Matta
National Information Assurance Partnership
Common Criteria Testing Laboratory
Leidos Inc. (formerly SAIC, Inc.)
Columbia, MD
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page ii of ii
Table of Contents
1 Executive Summary.............................................................................................................1
2 Identification........................................................................................................................4
2.1 Technical Decisions....................................................................................................5
2.2 Threats.........................................................................................................................5
2.3 Organizational Security Policies.................................................................................6
3 Architectural Information ....................................................................................................7
4 Assumptions.........................................................................................................................8
4.1 Clarification of Scope .................................................................................................8
5 Security Policy.....................................................................................................................9
5.1 Security Audit.............................................................................................................9
5.2 Cryptographic Support................................................................................................9
5.3 User Data Protection...................................................................................................9
5.4 Identification and Authentication ...............................................................................9
5.5 Security Management .................................................................................................9
5.6 Protection of the TSF..................................................................................................9
5.7 TOE Access ..............................................................................................................10
5.8 Trusted Path/Channels ..............................................................................................10
6 Documentation...................................................................................................................11
7 IT Product Testing .............................................................................................................12
7.1 Penetration Testing ...................................................................................................13
8 Evaluated Configuration ....................................................................................................14
9 Results of the Evaluation ...................................................................................................16
10 Validator Comments/Recommendations ...........................................................................17
11 Annexes..............................................................................................................................18
12 Security Target...................................................................................................................19
13 Abbreviations and Acronyms ............................................................................................20
14 Bibliography ......................................................................................................................21
List of Tables
Table 1: Evaluation Summary ........................................................................................................ 4
Table 2: Product Documentation Links ........................................................................................ 11
Table 3: Evaluated Configuration Identification .......................................................................... 14
Table 4: TOE Security Assurance Requirements ......................................................................... 16
List of Figures
Figure 1: Comware V7.1 Architecture............................................................................................ 7
Figure 2: Test Configuration......................................................................................................... 12
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 1 of 21
1 Executive Summary
This report is intended to assist the end-user of this Information Technology (IT) product and any security
certification agent for that end-user in determining the suitability of this product in their environment.
End-users should review the Security Target (ST) ([6]), which is where specific security claims are made,
in conjunction with this Validation Report (VR), which describes how those security claims were
evaluated and tested and any restrictions on the evaluated configuration. Prospective users should read
carefully the Assumptions and Clarification of Scope in Section 4 and the Validator Comments in Section
10, where any restrictions on the evaluated configuration are highlighted.
This report documents the National Information Assurance Partnership (NIAP) assessment of the
evaluation of the Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130
HI Series and 5130 EI Series Switches with Comware 7.1 (the Target of Evaluation, or TOE)1
. It presents
the evaluation results, their justifications, and the conformance results. This VR is not an endorsement of
the TOE by any agency of the U.S. Government and no warranty of the TOE is either expressed or
implied. This VR applies only to the specific version and configuration of the product as evaluated and as
documented in the ST.
The evaluation of the Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series,
5130 HI Series and 5130 EI Series Switches with Comware 7.1 was performed by Leidos (formerly
Science Applications International Corporation (SAIC)) Common Criteria Testing Laboratory (CCTL) in
Columbia, Maryland, USA, and was completed in February 2016. The evaluation was conducted in
accordance with the requirements of the Common Criteria and Common Methodology for IT Security
Evaluation (CEM), version 3.1, revision 4 ([1], [2], [3], [4]) and assurance activities specified in
Protection Profile for Network Devices, Version 1.1, 8 June 2012, as amended by Errata #3 dated 3
November 2014 ([5]), and including the following optional SFRs: FCS_IPSEC_EXT.1;
FCS_SSH_EXT.1; and FIA_PSK_EXT.1. The conduct of the evaluation was consistent with NIAP
Common Criteria Evaluation and Validation Scheme (CCEVS) policies and practices as described on
their web site (www.niap-ccevs.org).
The TOE is a hardware and software solution that consists of the Comware 7.1 software running on any
of the Hewlett Packard Enterprise appliances listed here according to the model series.
The 7900 Series devices in the evaluated configuration are as follows:
 HP FlexFabric 7904 Switch Chassis (JG682A)
 HP FlexFabric 7910 Switch Chassis (JG841A)
o HP FlexFabric 7910 – 7.2Tbps Fabric / Main Processing Unit (JG842A) and/or
o HP FlexFabric 7910 – 2.4Tbps Fabric / Main Processing Unit (JH001A)
The 7500 Series devices in the evaluated configuration are as follows:
 HP 7502 Switch Chassis (JD242C) with HP 7502 Main Processing Unit (JH208A)
 HP 7503 Switch Chassis (JD240C)
1
On November 1, 2015, Hewlett-Packard became two separate companies: Hewlett Packard Enterprise and HP Inc.
The network products are developed by the new Hewlett Packard Enterprise. The former HP network switches and
routers are undergoing product rebranding. The rebranding is not complete in the documentation and on the
websites. The TOE may be referred to with the prefix “HP”, “HP FlexFabric”, “HPE” or “HPE FlexFabric”. For the
purpose of this evaluation, these name variations are used interchangeably and refer to the same product.
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 2 of 21
 HP 7506 Switch Chassis (JD239C)
 HP 7510 Switch Chassis (JD238C)
The 7503, 7506 and 7510 Switch Chassis require one of the following:
o HP 7500 1.2Tbps Fabric w/ 2-port 40GbE for IRF-Only Main Processing Unit (JH207A),
or
o HP 7500 2.4Tbps Fabric w/ 8-port GbE/10GbE and 2-port 40GbE User Ports Main
Processing Unit (JH209A)
The 5700 Series devices in the evaluated configuration are as follows:
 HP FlexFabric 5700-40XG-2QSFP+Switch (JG896A)
 HP FlexFabric 5700-48G-4XG-2QSFP+Switch (JG894A)
 HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch (JG898A)
 HP FlexFabric 5700-40XG-2QSFP+TAA-Compliant Switch (JG697A)
 HP FlexFabric 5700-48G-4XG-2QSFP+TAA-Compliant Switch (JG895A)
 HP FlexFabric 5700-32XGT-8XG-2QSFP+TAA-Compliant Switch (JG899A)
The 5510 HI Series devices in the evaluated configuration are as follows:
 HPE 5510 24G 4SFP+ HI 1-slot Switch (JH145A)
 HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch (JH147A)
 HPE 5510 24G SFP 4SFP+ HI 1-slot Switch (JH149A)
 HPE 5510 48G 4SFP+ HI 1-slot Switch (JH146A)
 HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch (JH148A)
The 5130 HI Series devices in the evaluated configuration are as follows:
 HP 5130-24G-4SFP+ HI Switch with 1 Slot (JH323A)
 HP 5130-48G-4SFP+ HI Switch with 1 Slot (JH324A)
 HP 5130-24G-PoE+-4SFP+ HI Switch with 1 Slot (JH325A)
 HP 5130-48G-PoE+-4SFP+ HI Switch with 1 Slot (JH326A)
The 5130 EI Series devices in the evaluated configuration are as follows:
 HP 5130-24G-4SFP+ EI Switch (JG932A)
 HP 5130-24G-SFP-4SFP+ EI Switch (JG933A)
 HP 5130-48G-4SFP+ EI Switch (JG934A)
 HP 5130-24G-PoE+-4SFP+ (370W) EI Switch (JG936A)
 HP 5130-48G-PoE+-4SFP+ (370W) EI Switch (JG937A)
 HP 5130-24G-4SFP+ EI TAA-compliant Switch (JG942A)
 HP 5130-24G-SFP-4SFP+ EI TAA-compliant Switch (JG943A)
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 3 of 21
 HP 5130-48G-4SFP+ EI TAA-compliant Switch (JG944A)
 HP 5130-24G-PoE+-4SFP+ (370W) EI TAA-compliant Switch (JG946A)
 HP 5130-48G-PoE+-4SFP+ (370W) EI TAA-compliant Switch (JG947A)
Each series of switches included in the TOE consists of a set of distinct devices that vary primarily
according to power delivery, performance, and port density. Each device in the TOE is a stand-alone
gigabit Ethernet switch that implements network layers 2 and 3 switching, service and routing operations.
The Leidos evaluation team determined that the TOE is conformant to Protection Profile for Network
Devices, v1.1, 8 June 2012, as amended by Errata #3, dated 3 November 2014. The TOE, when installed,
configured and operated as specified in the evaluated guidance documentation, satisfies all of the security
functional requirements stated in Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5130
EI Series, 5130 HI Series and 5510 HI Series Switches Security Target, Version 1.0, 16 February 2016.
The information in this VR is largely derived from the Assurance Activities Report (AAR) ([9]) and
associated test report ([10]) produced by the Leidos evaluation team.
The validation team reviewed the evaluation outputs produced by the evaluation team, in particular the
AAR and associated test report. The validation team found that the evaluation results showed that the
TOE satisfies all of the security functional and assurance requirements stated in the ST. The evaluation
also showed that the TOE is conformant to Protection Profile for Network Devices, v1.1, 8 June 2012, as
amended by Errata #3, dated 3 November 2014, and that the assurance activities specified in the
Protection Profile have been performed appropriately. Therefore, the validation team concludes that the
testing laboratory’s findings are accurate, the conclusions justified, and the conformance results are
correct. The conclusions of the testing laboratory documented in the proprietary Evaluation Technical
Report (ETR) ([8]) are consistent with the evidence produced.
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 4 of 21
2 Identification
The CCEVS is a joint National Security Agency (NSA) and National Institute of Standards and
Technology (NIST) effort to establish commercial facilities to perform trusted product evaluations. Under
this program, security evaluations are conducted by commercial testing laboratories called Common
Criteria Testing Laboratories (CCTLs) in accordance with National Voluntary Laboratory Assessment
Program (NVLAP) accreditation.
The NIAP Validation Body assigns Validators to monitor the CCTLs to ensure quality and consistency
across evaluations. Developers of information technology products desiring a security evaluation contract
with a CCTL and pay a fee for their product’s evaluation. Upon successful completion of the evaluation,
the product is added to NIAP’s Product Compliant List (PCL).
Table 1 provides information needed to completely identify the product and its evaluation.
Table 1: Evaluation Summary
Evaluated Product: Hewlett Packard Enterprise Switches as follows:
 7900 Series running Comware V7.1.045 Release 2138P02
 7500 Series running Comware V7.1.045 Release 7170
 5700 Series running Comware V7.1.045 Release 2423
 5510 HI Series running Comware V7.1.045 Release 1118
 5130 HI Series running Comware V7.1.045 Release 1116
 5130 EI Series running Comware V7.1.045 Release 3109P16
Sponsor & Developer: Hewlett Packard Enterprise
11445 Compaq Center Drive West
Houston, Texas 77070
United States
CCTL: Leidos (formerly SAIC)
Common Criteria Testing Laboratory
6841 Benjamin Franklin Drive
Columbia, MD 21046
Completion Date: February 2016
CC: Common Criteria for Information Technology Security Evaluation,
Version 3.1, Revision 4, September 2012
Interpretations: There were no applicable interpretations used for this evaluation.
CEM: Common Methodology for Information Technology Security
Evaluation: Version 3.1, Revision 4, September 2012
PP: Protection Profile for Network Devices, Version 1.1, 8 June 2012, as
amended by Errata #3 dated 3 November 2014
Evaluation Personnel: Katie Sykes
Kevin Steiner
Cody Cummins
Zalman Kuperman
Tony Apted
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 5 of 21
Validation Body: National Information Assurance Partnership CCEVS
2.1 Technical Decisions
The following NIAP Technical Decisions were applied during the course of this evaluation:
 TD0004: FCS_TLS_EXT Man-in-the-Middle Test - This Technical Decision removes the
FCS_TLS_EXT man-in-the-middle tests for the NDPP (FCS_TLS_EXT.1.1, Test 2), pending
development of new TLS requirements and assurance activities and identification of suitable test
tools.
 TD0005: FPT_ITT Test 3 Resolution - This Technical Decision removes the need to perform
Test 3 associated with FPT_ITT.1 in NDPP, consistent with the test requirements for FTP_ITC.1
and FTP_TRP.1.
 TD0011: FCS_SSH_EXT.1.4 Clarification - The SFR requires that the SSH transport
implementation use specific encryption algorithms. Can the restriction to those algorithms be
reliant upon configuration of the SSH client? No. The restrictions must be implemented by the
TOE.
 TD0012: FCS_SSH_EXT.1.4 - Algorithms not identified in FCS_SSH_EXT.1.4 must not be
allowed; other cipher suites (such as 3DES-CBC) must be disabled in evaluated configurations.
The Assurance Activities associated with this requirement must verify that connection attempts
with algorithms not listed in FCS_SSH_EXT.1.4 are denied. The NDPP will be updated to
reflect this decision.
 TD0017: NDPP Audit Shutdown - This Technical Decision allows for the use of a startup audit
record to indicate audit shutdown in the event of an uncontrolled shutdown.
 TD0026: FPT_TUD_EXT.1 - This Technical Decision allows for the administrator following
TOE guidance to reject an illegitimate update detected by the TOE, in addition to the TOE
rejecting the update automatically.
 TD0032: FCS_SSH_EXT.1.2 – SFR will be rewritten to conditionally require password-based
authentication
2.2 Threats
The ST references the Protection Profile for Network Devices to identify the following threats that the
TOE and its operational environment are intended to counter:
 An administrator may unintentionally install or configure the TOE incorrectly, resulting in
ineffective security mechanisms.
 Security mechanisms of the TOE may fail, leading to a compromise of the TSF.
 A user may gain unauthorized access to the TOE data and TOE executable code. A malicious
user, process, or external IT entity may masquerade as an authorized entity in order to gain
unauthorized access to data or TOE resources. A malicious user, process, or external IT entity
may misrepresent itself as the TOE to obtain identification and authentication data.
 A malicious party attempts to supply the end user with an update to the product that may
compromise the security features of the TOE.
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 6 of 21
 Malicious remote users or external IT entities may take actions that adversely affect the security
of the TOE. These actions may remain undetected and thus their effects cannot be effectively
mitigated.
 User data may be inadvertently sent to a destination not intended by the original sender.
2.3 Organizational Security Policies
The ST references the Protection Profile for Network Devices to identify following organizational
security policy that the TOE and its operational environment are intended to fulfill:
 The TOE shall display an initial banner describing restrictions of use, legal agreements, or any
other appropriate information to which users consent by accessing the TOE.
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 7 of 21
3 Architectural Information
The various routers comprising the TOE share a common software code base, called Comware. Comware
is special purpose appliance system software that implements networking technology. The evaluated
version of Comware is V7.1. The TOE supports both IPv4 and IPv6 networks; however, IPv6 was not
tested as part of this evaluation.
Comware V7.1 comprises four planes, as depicted in Figure 1 below: management plane; control plane;
data plane; and infrastructure plane:
Figure 1: Comware V7.1 Architecture
The Infrastructure Plane provides basic Linux services and Comware support functions. Basic Linux
services comprise basic Linux functions, C language library functions, data structure operations, and
standard algorithms. Comware support functions provide software and service infrastructures for
Comware processes, including all basic functions.
The Data Plane provides data forwarding for local packets and received IPv4 and IPv6 packets at
different layers.
The Control Plane comprises all routing, signaling, and control protocols, such as MPLS, OSPF, and
security control protocols. It generates forwarding tables for the data plane.
The Management Plane provides a management interface for operators to configure, monitor, and
manage Comware V7.1. The management interface comprises a Command Line Interface (CLI) accessed
locally via the console port and remotely via Secure Shell (SSH).
From a security perspective, the TOE implements NIST-validated cryptographic algorithms that support
the IPsec and SSH protocols as well as digital signature services that support the secure update
capabilities of the TOE.
The various TOE devices include the same security functions. The salient differences between the devices
are the available ports and port adapters primarily representing differences in numbers, types, and speeds
of available network connections.
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 8 of 21
4 Assumptions
The ST references the Protection Profile for Network Devices to identify the following assumptions about
the use of the product:
 It is assumed that there are no general-purpose computing capabilities (e.g., compilers or user
applications) available on the TOE, other than those services necessary for the operation,
administration and support of the TOE.
 Physical security, commensurate with the value of the TOE and the data it contains, is assumed to
be provided by the environment.
 TOE Administrators are trusted to follow and apply all administrator guidance in a trusted
manner.
4.1 Clarification of Scope
All evaluations (and all products) have limitations, as well as potential misconceptions that may require
clarification. This text covers some of the more important limitations and clarifications of this evaluation.
Note that:
1. As with any evaluation, this evaluation only shows that the evaluated configuration meets the
security claims made, with a certain level of assurance (the assurance activities specified in the
claimed PP and performed by the evaluation team).
2. This evaluation covers only the specific device models and software versions identified in this
document, and not any earlier or later versions released or in process.
3. The evaluation of security functionality of the product was limited to the functionality specified
in the claimed PP. Any additional security-related functional capabilities of the product were not
covered by this evaluation.
4. This evaluation did not specifically search for, nor attempt to exploit, vulnerabilities that were not
“obvious” or vulnerabilities to objectives not claimed in the ST. The CEM defines an “obvious”
vulnerability as one that is easily exploited with a minimum of understanding of the TOE,
technical sophistication and resources.
5. The following specific product capabilities are excluded from use in the evaluated configuration:
a. Non-FIPS mode of operation—this mode of operation allows cryptographic operations
that are not FIPS-approved
6. The TOE can be configured to rely on and utilize a number of other components in its operational
environment:
a. Syslog server—to receive audit records when the TOE is configured to deliver them to an
external log server.
b. RADIUS and TACACS servers—the TOE can be configured to use external
authentication servers.
c. Management Workstation—the TOE supports remote access to the CLI over SSHv2. As
such, an administrator requires an SSHv2 client to access the CLI remotely.
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 9 of 21
5 Security Policy
The TOE enforces the following security policies as described in the ST.
Note: Much of the description of the security policy has been derived from the ST and the proprietary
Final ETR.
5.1 Security Audit
The TOE is able to generate audit records of security relevant events. The TOE can be configured to store
the audit records locally so they can be accessed by an administrator or alternately send the audit records
to a designated log server.
5.2 Cryptographic Support
The TOE includes NIST-validated cryptographic mechanisms that provide key management, random bit
generation, encryption/decryption, digital signature and secure hashing and key-hashing features in
support of higher level cryptographic protocols, including IPsec and SSHv2. Note that in the evaluated
configuration, the TOE must be configured in FIPS mode.
5.3 User Data Protection
The TOE performs network switching and routing functions, passing network traffic among its various
physical and logical network connections. The TOE implements mechanisms to ensure that it does not
inadvertently reuse data found in network traffic.
5.4 Identification and Authentication
The TOE requires administrators to be successfully identified and authenticated before they can access
any security management functions available in the TOE. The TOE offers both a locally connected
console and a network accessible interface (SSHv2) for interactive administrator sessions.
The TOE supports on device definition of administrators with usernames and passwords. Additionally,
the TOE can be configured to utilize the services of RADIUS and TACACS+ servers in the operational
environment to support, for example, centralized user administration. The TOE supports the use of text-
based pre-shared keys for IKE peer authentication.
5.5 Security Management
The TOE provides a CLI to access its security management functions. Security management commands
are limited to administrators and are available only after they have provided acceptable user identification
and authentication data to the TOE.
5.6 Protection of the TSF
The TOE implements a number of features designed to protect itself to ensure the reliability and integrity
of its security features.
It protects data such as stored passwords and cryptographic keys so that they are not accessible even by an
administrator. It also provides its own timing mechanism to ensure that reliable time information is
available (for example, for log accountability).
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 10 of 21
The TOE uses cryptographic means to protect communication with remote administrators. When the TOE
is configured to use the services of a syslog server or authentication servers in the operational
environment, the communication between the TOE and the operational environment component is
protected using encryption.
The TOE includes functions to perform self-tests so that it might detect when it is failing. It also includes
mechanisms so that the TOE itself can be updated while ensuring that the updates will not introduce
malicious or other unexpected changes in the TOE.
5.7 TOE Access
The TOE can be configured to display an informative banner that will appear prior to authentication when
accessing the TOE via the console or SSH interfaces. The TOE subsequently will enforce an
administrator-defined inactivity timeout value after which the inactive session will be terminated.
5.8 Trusted Path/Channels
The TOE protects interactive communication with administrators using SSHv2 for CLI access. Using
SSHv2, both integrity and disclosure protection is ensured.
The TOE protects communication with network peers, such as audit and authentication servers, using
IPsec connections to prevent unintended disclosure or modification of data.
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 11 of 21
6 Documentation
There are numerous documents that provide information and guidance for the deployment of the TOE.
Only those documents that were used to place the TOE into its evaluated configuration are considered to
be part of the evaluated TOE. Any additional customer documentation delivered with the TOE or made
available through electronic downloads should not be relied upon for using the TOE in its evaluated
configuration.
In particular, the following Common Criteria specific guides provide the security-related guidance
documentation for all devices in the evaluated configuration:
 Preparative Procedures for CC NDPP Evaluated HPE 7900 Series, 7500 Series, 5700 Series,
5510HI Series, 5130HI and 5130EI Series Switch Modules based on Comware V7.1, Version
1.01, 16 Feb 2016
 Command Reference for CC Supplement, Revision 1.05, 22 Jan 2016
 Configuration Guide for CC Supplement, Revision 1.6, 22 Jan 2016
 Comware V7 Platform System Log Messages, Revision 1.00, 21 Apr 2014.
The links in Table 2 below for each series can be used to find the full set of documentation for each of the
evaluated router series. Note that only the documents listed above were examined during the course of the
evaluation, and are the approved documents for configuring and using the TOE in its evaluated
configuration.
Table 2: Product Documentation Links
Product Family HPE Website Link to Module Information
HPE 5130 EI Series
http://h20566.www2.hpe.com/portal/site/hpsc/public/psi/home/?sp4ts.oid
=7399420#manuals
HPE 5130 HI Series
http://h20566.www2.hpe.com/portal/site/hpsc/public/psi/home/?sp4ts.oid
=1008605458#manuals
HPE 5510 HI Series2
https://www.hpe.com/us/en/networking/campus-branch.html
HPE 5700 Series
http://h20566.www2.hpe.com/portal/site/hpsc/public/psi/home/?sp4ts.oid
=7268889#manuals
HPE 7500 Series
http://h20566.www2.hpe.com/portal/site/hpsc/public/psi/home/?sp4ts.oid
=4177519#manuals
HPE 7900 Series
http://h20566.www2.hpe.com/portal/site/hpsc/public/psi/home/?sp4ts.oid
=7074890#manuals
2
The HPE 5510 HI website is under development. The link provided is a starting point for the navigation to the
product documentation.
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 12 of 21
7 IT Product Testing
This section describes the testing efforts of the evaluation team. It is derived from information contained
in the proprietary document Evaluation Team Test Report for Hewlett Packard Enterprise 7900 Series,
7500 Series, 5700 Series, 5130 EI Series, 5130 HI Series, and 5510 HI Series Switches, Version 1.0, 16
February 2016, which was made available to NIAP and the validation team and as summarized in the
public document Assurance Activities Report for Hewlett Packard Enterprise 7900 Series, 7500 Series,
5700 Series, 5130 EI, 5130 HI and 5510 HI Series Switches, Version 1.0, 16 February 2016.
The purpose of this activity was to confirm the TOE behaves in accordance with the TOE security
functional requirements as specified in the ST for a product claiming conformance to the Protection
Profile for Network Devices, Version 1.1, 8 June 2012, as amended by Errata #3 dated 3 November 2014.
As such, the evaluation team devised a Test Plan based on the Testing Assurance Activities specified in
the PP.
The Test Plan described how each test activity was to be instantiated within the TOE test environment.
The evaluation team executed the tests specified in the Test Plan and documented the results in the Team
Test Report and summarized in the Assurance Activity report as identified above.
Testing took place at the Leidos facility in Columbia, Maryland from 21 December 2015 through 31
January 2016.
The evaluators received the TOE in the form that customers would receive it; installed and configured the
TOE in accordance with the provided guidance, and exercised the Team Test Plan on equipment
configured in the testing laboratory.
The configuration depicted in Figure 2 was used for testing.
Figure 2: Test Configuration
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 13 of 21
The following hardware and software components were included in the evaluated configuration during
testing:
 Hardware
o HPE 5130-24G-SFP-4SFP+ EI Switch (JG933A)
o HPE 5130 48G PoE+ 4SFP+ 1-slot HI Switch (JH326A)
o HPE 5510 24G 4SFP+ HI 1-slot Switch (JH145A)
o HPE FlexFabric 5700-32XGT-8XG-2QSFP+ Switch (JG898A)
o HP 7502 Switch Chassis with Main Processing Unit (JH208A)
o HP 7503 Switch Chassis with Main Processing Unit (JH207A)
o HPE FF 7910 Switch Chassis with Main Processing Unit (JH001A)
 Software
o HP Comware 7.1.045.
The following components are not part of the TOE but were included in the testing environment:
 Router
 Syslog - 3CDaemon Version 2.0 Revision 10 running on Windows Server 2008
 FreeRadius
 Tacacs.NET.
7.1 Penetration Testing
The evaluation team conducted a limited open source search for vulnerabilities in the product using
simple product related search terms via several known vulnerability tracking websites. The open source
search did not identify any obvious vulnerabilities applicable to the TOE in its evaluated configuration.
The search results and analysis are summarized in the Assurance Activities Report for Hewlett
Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5130 EI, 5130 HI and 5510 HI Series
Switches.
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 14 of 21
8 Evaluated Configuration
The TOE is the Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5130 EI Series, 5130
HI Series and 5510 HI Series Switches, which are installed and configured according to the product
installation guidance identified in Section 6. The TOE appliances are configured to operate in FIPS mode.
The specific devices and software included in the evaluated configuration are identified in the following
table.
Table 3: Evaluated Configuration Identification
Series Software Identification Hardware Identification
HP 7900 Comware V7.1.045 R2138 P02 HP FlexFabric 7904 Switch Chassis (JG682A)
HP FlexFabric 7910 Switch Chassis (JG841A) with one or
both of the following modules:
1. HP FlexFabric 7910 – 7.2Tbps Fabric / Main
Processing Unit (JG842A)
2. HP FlexFabric 7910 -- 2.4Tbps Fabric / Main
Processing Unit (JH001A)
HP 7500 Comware V7.1.045 R7170 HP 7502 Switch Chassis (JD242C) with HP 7502 Main
Processing Unit (JH208A)
HP 7503 Switch Chassis (JD240C)
HP 7506 Switch Chassis (JD239C)
HP 7510 Switch Chassis (JD238C)
The 7503, 7506, 7506-V and 7510 require one of the
following:
 HP 7500 1.2Tbps Fabric w/ 2-port 40GbE for IRF-
Only Main Processing Unit (JH207A), or
 HP 7500 2.4Tbps Fabric w/ 8-port GbE/10GbE and
2-port 40GbE User Ports Main Processing Unit
(JH209A)
HP 5700 Comware V7.1.045 R2423 HP FlexFabric 5700-40XG-2QSFP+Switch (JG896A)
HP FlexFabric 5700-48G-4XG-2QSFP+Switch (JG894A)
HP FlexFabric 5700-32XGT-8XG-2QSFP+ Switch (JG898A)
HP FlexFabric 5700-40XG-2QSFP+TAA-Compliant Switch
(JG697A)
HP FlexFabric 5700-48G-4XG-2QSFP+TAA-Compliant
Switch (JG895A)
HP FlexFabric 5700-32XGT-8XG-2QSFP+TAA-Compliant
Switch (JG899A)
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 15 of 21
Series Software Identification Hardware Identification
HP 5130 EI Comware V7.1.045 R3109 P16 HP 5130-24G-4SFP+ EI Switch (JG932A)
HP 5130-24G-SFP-4SFP+ EI Switch (JG933A)
HP 5130-48G-4SFP+ EI Switch (JG934A)
HP 5130-24G-PoE+-4SFP+ (370W) EI Switch (JG936A)
HP 5130-48G-PoE+-4SFP+ (370W) EI Switch (JG937A)
HP 5130-24G-4SFP+ EI TAA-compliant Switch ( JG942A)
HP 5130-24G-SFP-4SFP+ EI TAA-compliant Switch
(JG943A)
HP 5130-48G-4SFP+ EI TAA-compliant Switch (JG944A)
HP 5130-24G-PoE+-4SFP+ (370W) EI TAA-compliant
Switch (JG946A)
HP 5130-48G-PoE+-4SFP+ (370W) EI TAA-compliant
Switch (JG947A)
HP 5130 HI Comware V7.1.045 R1116 HP 5130-24G-4SFP+ HI Switch with 1 Slot (JH323A)
HP 5130-48G-4SFP+ HI Switch with 1 Slot (JH324A)
HP 5130-24G-PoE+-4SFP+ HI Switch with 1 Slot (JH325A)
HP 5130-48G-PoE+-4SFP+ HI Switch with 1 Slot (JH326A)
HP 5510 HI Comware V7.1.045 R1118 HPE 5510 24G 4SFP+ HI 1-slot Switch (JH145A)
HPE 5510 24G PoE+ 4SFP+ HI 1-slot Switch (JH147A)
HPE 5510 24G SFP 4SFP+ HI 1-slot Switch (JH149A)
HPE 5510 48G 4SFP+ HI 1-slot Switch (JH146A)
HPE 5510 48G PoE+ 4SFP+ HI 1-slot Switch (JH148A)
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 16 of 21
9 Results of the Evaluation
The evaluation was conducted based upon the assurance activities specified in Protection Profile for
Network Devices, Version 1.1, 8 June 2012, as amended by Errata #3 dated 3 November 2014 (including
the following optional SFRs: FCS_IPSEC_EXT.1; FCS_SSH_EXT.1; and FIA_PSK_EXT.1), in
conjunction with version 3.1, revision 4 of the CC and the CEM. A verdict for an assurance component is
determined by the resulting verdicts assigned to the corresponding evaluator action elements.
The validation team’s assessment of the evidence provided by the evaluation team is that it demonstrates
that the evaluation team performed the assurance activities in the claimed PP, and correctly verified that
the product meets the claims in the ST.
The details of the evaluation are recorded in the Evaluation Technical Report (ETR), which is controlled
by the Leidos CCTL. The security assurance requirements are listed in the following table.
Table 4: TOE Security Assurance Requirements
Assurance Component ID Assurance Component Name
ADV_FSP.1 Basic functional specification
AGD_OPE.1 Operational user guidance
AGD_PRE.1 Preparative procedures
ALC_CMC.1 Labeling of the TOE
ALC_CMS.1 TOE CM coverage
ATE_IND.1 Independent testing - conformance
AVA_VAN.1 Vulnerability survey
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 17 of 21
10 Validator Comments/Recommendations
The evaluated configuration may include non-security relevant product features and hardware modules
that were not assessed, such as IRF, MDC, ISSU, TRILL and OAA which are addressed in the Security
Target and elsewhere. The consumer should be aware that no further conclusions can be drawn about
their effectiveness as the claimed capabilities of those items were not exercised as part of the security
testing.
The TOE supports both IPv4 and IPv6 networks; however, IPv6 was not exercised during the
performance of the assurance activities. Note that audit records are not buffered for transmission to the
syslog server, therefore the administrator is advised to ensure additional audit destinations are configured
so that audit logs are not lost in the event of the loss of connectivity to a single syslog server.
The validation team notes that the evaluated configuration is dependent upon the TOE being configured
for FIPS operation. Furthermore, the consumer is cautioned that that the FIPS mode cannot be enabled if
a High Encryption license has not been installed. HPE ships the MSR router series with a High
Encryption License.
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 18 of 21
11 Annexes
Not applicable.
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 19 of 21
12 Security Target
 Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5130 EI Series, 5130 HI Series
and 5510 HI Series Switches Security Target, Version 1.0, 16 February 2016
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 20 of 21
13 Abbreviations and Acronyms
AAR Assurance Activities Report
CC Common Criteria for Information Technology Security Evaluation
CCEVS Common Criteria Evaluation and Validation Scheme
CM Configuration Management
CLI Command Line Interface
ETR Evaluation Technical Report
FIPS Federal Information Processing Standard
IKE Internet Key Exchange
IP Internet Protocol
IPsec Internet Protocol Security
ISSU In Service Software Upgrades
IT Information Technology
MPLS Multiprotocol Label Switching
NDPP Protection Profile for Network Devices
NIAP National Information Assurance Partnership
NIST National Institute of Standards and Technology
OAA Open Application Architecture
OSPF Open Shortest Path First
PP Protection Profile
QoS Quality of Service
RADIUS Remote Authentication Dial In User Service
SFP Small Form-factor Pluggable
SFR Security Functional Requirement
SSH Secure Shell
ST Security Target
TACACS+ Terminal Access Controller Access Control System Plus
TOE Target of Evaluation
TRILL Transparent Interconnection of Lots of Links
TSF TOE Security Functions
VLAN Virtual Local Area Network
VR Validation Report
VALIDATION REPORT
Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5510 HI Series, 5130 HI Series and
5130 EI Series Switches
Page 21 of 21
14 Bibliography
The Validation Team used the following documents to produce this Validation Report:
[1] Common Criteria for Information Technology Security Evaluation Part 1: Introduction, Version
3.1, Revision 4, September 2012.
[2] Common Criteria for Information Technology Security Evaluation Part 2: Security Functional
Requirements, Version 3.1 Revision 4, September 2012.
[3] Common Criteria for Information Technology Security Evaluation Part 3: Security assurance
components, Version 3.1 Revision 4, September 2012.
[4] Common Methodology for Information Technology Security Evaluation, Evaluation
Methodology, Version 3.1, Revision 4, September 2012.
[5] Protection Profile for Network Devices, Version 1.1, 8 June 2012, as amended by Errata #3
dated 3 November 2014.
[6] Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700 Series, 5130 EI Series, 5130 HI
Series and 5510 HI Series Switches Security Target, Version 1.0, 16 February 2016
[7] Common Criteria Evaluation and Validation Scheme - Guidance to CCEVS Approved
Common Criteria Testing Laboratories, Version 2.0, 8 Sep 2008.
[8] Evaluation Technical Report for Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700
Series, 5130 EI, 5130 HI and 5510 HI Series Switches, Version 1.0, 16 February 2016.
[9] Assurance Activities Report for Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700
Series, 5130 EI, 5130 HI and 5510 HI Series Switches, Version 1.0, 16 February 2016.
[10] Evaluation Team Test Report for Hewlett Packard Enterprise 7900 Series, 7500 Series, 5700
Series, 5130 EI, 5130 HI and 5510 HI Series Switches, Version 1.0, 16 February 2016.