Brocade Communications Systems LLC Fabric OS Version 9.1.1b8 Running on Brocade Directors and Switches Security Target Version 1.7 August 31, 2025 Prepared for: Brocade Communications Systems LLC 1320 Ridder Park Drive, San Jose, CA 95131 Prepared By: www.gossamersec.com Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 2 of 60 TABLE OF CONTENTS 1. SECURITY TARGET INTRODUCTION........................................................................................................4 1.1 SECURITY TARGET REFERENCE......................................................................................................................5 1.2 TOE REFERENCE............................................................................................................................................5 1.3 TOE OVERVIEW .............................................................................................................................................5 1.3.1 Excluded Features .................................................................................................................................6 1.4 TOE DESCRIPTION .........................................................................................................................................6 1.4.1 TOE Architecture...................................................................................................................................8 1.4.2 TOE Documentation ............................................................................................................................13 2. CONFORMANCE CLAIMS............................................................................................................................15 2.1 CONFORMANCE RATIONALE.........................................................................................................................15 3. SECURITY PROBLEM DEFINITION ..........................................................................................................16 3.1 ASSETS .........................................................................................................................................................16 3.2 THREATS ......................................................................................................................................................16 3.3 ASSUMPTIONS ..............................................................................................................................................16 4. SECURITY OBJECTIVES ..............................................................................................................................18 4.1 SECURITY OBJECTIVES FOR THE TOE...........................................................................................................18 4.2 SECURITY OBJECTIVES FOR THE ENVIRONMENT...........................................................................................18 4.3 SECURITY OBJECTIVES RATIONALE..............................................................................................................19 4.3.1 Security Objectives Rationale for the TOE and Environment..............................................................19 5. EXTENDED COMPONENTS DEFINITION ................................................................................................23 6. SECURITY REQUIREMENTS.......................................................................................................................24 6.1 TOE SECURITY FUNCTIONAL REQUIREMENTS .............................................................................................24 6.1.1 Security audit (FAU)............................................................................................................................24 6.1.2 Cryptographic support (FCS)..............................................................................................................25 6.1.3 User data protection (FDP).................................................................................................................28 6.1.4 Identification and authentication (FIA) ...............................................................................................29 6.1.5 Security management (FMT) ...............................................................................................................30 6.1.6 TOE access (FTA)................................................................................................................................32 6.1.7 Trusted path (FTP) ..............................................................................................................................32 6.2 SECURITY FUNCTIONAL REQUIREMENTS RATIONALE ..................................................................................33 6.2.1 O.ACCESS ...........................................................................................................................................34 6.2.2 O.ADMIN_ROLE.................................................................................................................................34 6.2.3 O.AUDIT_GENERATION ...................................................................................................................34 6.2.4 O.MANAGE .........................................................................................................................................35 6.2.5 O.PROTECTED_COMM.....................................................................................................................35 6.2.6 O.USER_AUTHENTICATION.............................................................................................................36 6.2.7 O.USER_IDENTIFICATION...............................................................................................................36 6.3 TOE SECURITY ASSURANCE REQUIREMENTS...............................................................................................36 6.3.1 Development (ADV).............................................................................................................................37 6.3.2 Guidance documents (AGD)................................................................................................................38 6.3.3 Life-cycle support (ALC) .....................................................................................................................39 6.3.4 Tests (ATE) ..........................................................................................................................................41 6.3.5 Vulnerability assessment (AVA)...........................................................................................................42 6.4 SECURITY ASSURANCE REQUIREMENTS RATIONALE....................................................................................42 6.5 REQUIREMENT DEPENDENCY RATIONALE....................................................................................................43 7. TOE SUMMARY SPECIFICATION..............................................................................................................45 Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 3 of 60 7.1 SECURITY AUDIT ..........................................................................................................................................45 7.2 USER DATA PROTECTION ..............................................................................................................................46 7.3 IDENTIFICATION AND AUTHENTICATION.......................................................................................................49 7.4 SECURITY MANAGEMENT .............................................................................................................................50 7.5 TOE ACCESS.................................................................................................................................................51 7.6 TRUSTED PATH .............................................................................................................................................51 7.7 CRYPTOGRAPHIC MECHANISM DOCUMENTATION........................................................................................55 7.8 TOE ASSURANCE MEASURES.......................................................................................................................58 7.9 TOE SUMMARY SPECIFICATION RATIONALE................................................................................................59 LIST OF TABLES Table 1-1-1 Evaluated Models.......................................................................................................................................7 Table 1-1-2 Minimum configuration for X6 Directors (blades) ....................................................................................7 Table 1-1-3 Minimum configuration for X7 Directors (blades) ....................................................................................7 Table 4-1 Environment to Objective Correspondence.................................................................................................20 Table 6-1 TOE Security Functional Components........................................................................................................24 Table 6-2 Auditable Events .........................................................................................................................................25 Table 6-3 Key Generation ...........................................................................................................................................25 Table 6-4 Key Distribution..........................................................................................................................................25 Table 6-5 SSH and TLS Key Agreement / Derivation ................................................................................................26 Table 6-6 Objective to Requirement Correspondence.................................................................................................34 Table 6-7 EAL 2 augmented with ALC_FLR.2 Assurance Components....................................................................37 Table 6-8 Requirement Dependencies.........................................................................................................................44 Table 7-1 Requirement Component and Auditable event............................................................................................45 Table 7-2 Protocols / Cryptographic Algorithms and Standards / RFCs .....................................................................52 Table 7-3 Algorithms, Key Sizes, Standards and Certificate Numbers.......................................................................53 Table 7-4 Cipher Suites supported for TLS and SSHv2..............................................................................................53 Table 7-5 The cryptographic mechanisms (algorithms and communication protocols) ..............................................58 Table 7-6 The Security Assurance Requirements Measures .......................................................................................59 Table 7-7 Security Functions vs. Requirements Mapping...........................................................................................60 LIST OF FIGURES Figure 1-1: Host bus adapters can only access storage devices that are members of the same zone.............................8 Figure 1-2: The TOE Network IT environment.............................................................................................................9 Figure 1-3: TOE Structure...........................................................................................................................................10 Figure 7-1: TOE and environment audit record components.......................................................................................46 Figure 7-2: Sample Zones............................................................................................................................................48 Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 4 of 60 1. Security Target Introduction This section identifies the Security Target (ST) and Target of Evaluation (TOE) identification, ST conventions, ST acronyms and terminology, and the ST organization. The TOE is the Brocade Fabric OS Version 9.1.1b8 provided by Brocade Communications Systems LLC. The Fabric OS software runs on the Brocade Directors and Switches hardware appliances. These Brocade appliances implement what is called a “Storage Area Network” or “SAN”. SANs provide physical connections between servers that are located in the environment and storage devices such as disk storage systems and tape libraries that are also located in the environment. The Security Target contains the following additional sections: • Conformance Claims (Section 2) • Security Problem Definition (Section 3) • Security Objectives (Section 4) • Extended Components Definition (Section 5) • Security Requirements (Section 6) • TOE Summary Specification (Section 7) Conventions The following conventions have been applied in this document: • Security Functional Requirements – Part 2 of the CC defines the approved set of operations that may be applied to functional requirements: iteration, assignment, selection, and refinement. o Iteration: allows a component to be used more than once with varying operations. In the ST, iteration is indicated by a number enclosed in parenthesis placed at the end of the component. For example FDP_ACC.1 (1) and FDP_ACC.1 (2) indicate that the ST includes two iterations of the FDP_ACC.1 requirement, (1) and (2). o Assignment: allows the specification of an identified parameter. Assignments are indicated using bold and are surrounded by brackets (e.g., [assignment]). Note that an assignment within a selection would be identified in italics and with embedded bold brackets (e.g., [[selected-assignment]]). o Selection: allows the specification of one or more elements from a list. Selections are indicated using bold italics and are surrounded by brackets (e.g., [selection]). o Refinement: allows the addition of details. Refinements are indicated using bold, for additions, and strike-through, for deletions (e.g., “… all objects …” or “… some big things …”). • Other sections of the ST – Other sections of the ST use bolding to highlight text of special interest, such as captions. Acronyms and Terminology This following acronyms and terms are used throughout this document. FC Fibre Channel FCIP Fibre Channel over IP HBA Host Bus Adapter JBOD Stands for "Just a Bunch of Disks", and it a way of connecting together a series of hard drives, combining multiple drives and capacities, into one drive LUN Logical Unit Number, used to refer to a logical device within a chain. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 5 of 60 SAN Storage Area Network SSH Secure Shell protocol TLS Transport Layer Security protocol 1.1 Security Target Reference ST Title –Brocade Communications Systems LLC Fabric OS Version 9.1.1b8 Running on Brocade Directors and Switches Security Target ST Version – Version 1.7 ST Date – August 31, 2025 1.2 TOE Reference TOE Identification – Brocade Communications Systems LLC, Fabric OS Version 9.1.1b8 software TOE Guidance – Refer to section 1.4.2, “TOE Documentation” for applicable guidance documentation that are relevant to the evaluated configuration and use of the TOE. The evaluated versions of these documents are available at the TOE developer website (https://www.broadcom.com). TOE Developer – Brocade Communications Systems LLC 1.3 TOE Overview The Target of Evaluation (TOE) is the Brocade Fabric OS Version 9.1.1b8 running on Brocade Directors and Switches family of products configured as instructed by the preparatory documentation described in section 1.4.2 and provided by Brocade Communications Systems LLC. Brocade Fabric OS Version 9.1.1b8 runs on Brocade Directors and Switches, including the following series and models: • Gen 6 hardware (Gen6HW) o Switch Appliance Models: 7810, G620 and G630 o Director Models: X6-4, X6-8 o Director Blade Models: FC32-48, FC32-64, CPX6, CR32-4, CR32-8 and SX6 • Gen 7 hardware (Gen7HW) o Switch Appliance Models: G720 and G730 o Director Models: X7-4, X7-8 o Director Blade Models: FC32-X7-48, FC64-48, CPX7, CR64-4, CR64-8 and SX6 The TOE is the software that is pre-installed on these hardware platforms. Brocade Fabric OS Version 9.1.1b8 is a software solution utilizing hardware appliances that implement what is called a 'Storage Area Network' or 'SAN'. SANs provide physical connections between servers that are located in the environment and storage devices such as disk storage systems and tape libraries that are also located in the environment. Refer to section 1.4 and Figure 1-1 for an explanation of the basic concept of operation of a SAN with Fabric OS, including non-TOE components. Section 1.4.1 Figure 1-2 presents an explanation of non-TOE components including external components (e.g. Syslog, authentication). The TOE provides the following major security features: • auditing of user activity, • identification and authentication of users, Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 6 of 60 • management based upon user roles, • a SAN access policy, • restrictions upon TOE access, • encryption supporting communication with network peers, and • encryption supporting administrative trusted path. 1.3.1 Excluded Features In order to facilitate evaluation some features of the Brocade Fabric OS Version 9.1.1b8 software are not included in the scope of the TOE evaluation. The following is a list of product features that are excluded from the evaluation and must be disabled1 or not configured for use in the TOE configuration: • Redundancy or encryption provided by processing of user data by ASICs is not evaluated. • Fibre Channel over Ethernet (FCOE) cannot be configured to create SAN Ethernet Ports. • Fibre Channel over IP (FCIP) cannot be configured for use over SAN Ethernet Ports. • Web-based administrator console interfaces called the “Web Tools” cannot be used for administration of the TOE. • The SNMP administrative interface cannot be used and must be disabled. • Optional modem hardware for simulating a serial administration interface is not installed. • The TOE cannot be operated in Access Gateway mode. • Dynamic RBAC is not configured for use by administrators. • Insecure protocols such as FTP, HTTP and Telnet must not be used (or must be disabled) per instructions in guidance. • IPsec features have not been evaluated and must be disabled per guidance instructions. • Inflight encryption must be disabled. • Only PEAP-MSCHAPv2 extension authentication protocols needs to be configured for RADIUS authentication. • The REST API interface must not be used to access the TOE. REST interface must be disabled. Note that the SANnav and Brocade Network Advisor are management tools which utilizes the SNMP and web interfaces to communicate with the TOE. However, because both of those interfaces are excluded, then the SANnav and Brocade Network Advisor are also excluded. 1.4 TOE Description The Target of Evaluation (TOE) is the Brocade Fabric OS Version 9.1.1b8 software configured as instructed by the preparatory documentation described in section 1.4.2. The TOE runs on Brocade Directors and Switches hardware appliances. The various models of the hardware supporting the TOE are mentioned in Section 1.2. These models differ in performance, form factor and number of ports. However, all models run the same Fabric OS Version 9.1.1b8 software. The Brocade Directors and Switches hardware appliances are available in two form factors: 1. A self-contained switch appliance device, or 2. A rack-mount Director chassis with a variable number of blades. 1 Some features are disabled by virtue of not being configured for use by TOE administrators. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 7 of 60 The evaluation includes nine models that implement all security features within software and do not rely upon hardware specific features. Model Hardware Generation CPU Architecture Form Factor2 G620 Gen6 NXP – Power Architecture® technology – T Series (quantity 2, e5500 cores) Power PC 1U switch G630 Gen6 NXP – Power Architecture® technology – T Series (quantity 4 x e5500 cores) Power PC 2U switch 7810 Gen6 NXP – Power Architecture® technology – T Series (quantity 2 x e5500 cores) Power PC 1U switch X6-4 Gen6 NXP – Power Architecture® technology – P Series (quantity 8 x e500mc cores) Power PC 9U switch, 4 slots Director X6-8 Gen6 NXP – Power Architecture® technology – P Series (quantity 8 x e500mc cores) Power PC 14U switch, 8 slots Director X7-4 Gen7 NXP – Power Architecture® technology – P Series (quantity 8 x e500mc cores) Power PC 9U switch, 4 slots Director X7-8 Gen7 NXP – Power Architecture® technology – P Series (quantity 8 x e500mc cores) Power PC 14U switch, 8 slots Director G720 Gen7 NXP – Power Architecture® technology – T Series (quantity 2, e5500 cores) Power PC 1U switch G730 Gen7 Intel Atom C3338R – C Series (quantity 2 Atom cores) Intel 2U switch Table 1-1-1 Evaluated Models Model CPX6 (CPU Blade) CR32-4 (Core Blade) CR32-8 (Core Blade) FC32‐48 / FC32‐64 (Fibre Channel blades) SX6 (Extension blade) X6‐4 Minimum quantity 2 Minimum quantity 2 Not Applicable Minimum quantity 1 Minimum quantity 0 X6‐8 Minimum quantity 2 Not Applicable Minimum quantity 2 Minimum quantity 1 Minimum quantity 0 Table 1-1-2 Minimum configuration for X6 Directors (blades) Model CPX7 (CPU Blade) CR64-4 (Core Blade) CR64-8 (Core Blade) FC32‐X7-48 / FC64‐48 (Fibre Channel blades) SX6 (Extension blade) X7‐4 Minimum quantity 2 Minimum quantity 2 Not Applicable Minimum quantity 1 Minimum quantity 0 X7‐8 Minimum quantity 2 Not Applicable Minimum quantity 2 Minimum quantity 1 Minimum quantity 0 Table 1-1-3 Minimum configuration for X7 Directors (blades) 2 Rack Unit … U = Unit of measurement for height of the platform based on (Electronic Industries Association) EIA-310 standard rack 1U (Width: 440.00 mm (17.32 in.) / Height: 43.90 mm (1.73 in.) / Depth: 355.60 mm (14.00 in.) 2U (Width: 440.00 mm (17.32 in.) / Height: 86.7 mm (3.41 in.) / Depth: 609.6 mm (24.00 in.) 9U (Height: 40.00 cm (15.75 in., 9U) / Width: 43.74 cm (17.23 in.) / Depth: 61.29 cm (24.09 in.) 14U (Height: 61.23 cm (24.11 in., 14U) / Width: 43.74 cm (17.23 in.) / Depth: 61.04 cm (24.04 in.) Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 8 of 60 All security features are implemented in software, the same software is compiled to execute on every model, therefore the same security features are provided in the same way on every model. The Director Model chassis must include two CP blade providing the primary processing for the chassis, two CR blade supporting communication between blades, and one FC blade providing Fibre channel connections. An SX blade is an optional feature supporting IP connectivity to the Storage Area Network. All management actions are performed through networking ports provided by the CP blade. Table 1-1-1 includes information about the processors and form factor for each model. Since all security features are implemented in software, and the same software is compiled to execute on every model, the same security features are provided in the same way on every model. The Linux kernel is never exposed to administrators, with only the Fabric OS CLI operations available to administrative users. The TOE running on the Brocade Directors and Switches implement what is called a “Storage Area Network” or “SAN”. SANs provide physical connections between machines in the environment containing a type of network card called a Host Bus Adapter (HBA) that are located in the environment and storage devices such as disk storage systems and tape libraries that are also located in the environment. The network connection between the storage devices in the environment, the hardware on which the TOE is running and the HBAs in the environment makes use of high- speed network hardware. SANs are optimized to transfer large blocks of data between HBAs and storage devices. SANs can be used to replace or supplement server-attached storage solutions, for example. The basic concept of operations for Fabric OS user data activity from a user’s perspective is depicted in Figure 1-1. Actual implementation may interconnect multiple instances of Brocade Directors and Switches running Fabric OS. Refer to Figure 1-2 for a depiction of the typical Fibre Channel (FC) and internet protocol (IP) network connections. Figure 1-1: Host bus adapters can only access storage devices that are members of the same zone HBAs communicate with the TOE using Fibre Channel (FC) protocol. Storage devices in turn are physically connected to the TOE using FC interfaces. When more than one instance of the TOE is interconnected (i.e. installed and configured to work together on multiple hardware platforms), they are referred to collectively as a “SAN fabric”. A zone is a specified group of fabric-connected devices (called zone members) that have access to one another. The following section summarizes the TOE place in a SAN architecture. 1.4.1 TOE Architecture A SAN provides the ability to centralize the location of storage devices in a network in the environment. Instead of attaching disks or tapes to individual hosts in the environment, or for example attaching a disk or tape directly to the network, storage devices can be physically attached to the hardware running the TOE. These Brocade Directors and Switches can then be physically attached to host bus adapters in the environment. Host bus adapters that are connected to the hardware running the TOE can then read from and write to storage devices that are attached to the hardware running the TOE according to TOE configuration. Storage devices in the environment appear to the operating system running on the machine that the host bus adapter is installed in as local (i.e. directly-attached) devices. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 9 of 60 More than one host bus adapter can share one or more storage devices that are attached to the hardware running the TOE according to TOE configuration. Scalability is achieved by interconnecting multiple instances of Brocade Directors and Switches, each running the TOE, to form a fabric that supports different numbers of host bus adapters and storage devices. Host bus adapters can access storage devices by communicating with the TOE. Switch appliances provide a fixed number of physical interfaces to other hosts and storage devices in the environment. Directors provide a configurable number of physical interfaces using a chassis architecture that supports the use of blades that can be installed in and removed from the director chassis according to administrator configuration. The same TOE (Fabric OS) runs on Brocade Switches and on Brocade Directors. There are administrative interfaces to manage TOE services that can be accessed using an Ethernet network, as well as interfaces that can be accessed using a directly-attached console as follows: • Ethernet network-based command-line administrator console interfaces – Provides command-line administrator console interfaces called the “Fabric OS Command Line Interface.” • Serial terminal-based command-line administrator console interfaces – Provides command-line administrator console interfaces called the “Fabric OS Command Line Interface.” There exists a modem hardware component that is optional to the product that can be used in a similar manner as a serial console port, but it is disabled by virtue of not being physically installed during initial installation and configuration in the evaluated configuration. Figure 1-2: The TOE Network IT environment The TOE can operate in either “Native Mode” or “Access Gateway Mode”. Only Native mode is supported in the evaluated configuration. Access Gateway mode makes a switch appliance function more like a “port aggregator” and in Access Gateway mode the product does not support the primary access control security functions (mainly zoning) claimed when operating in Native mode. The basic concept of operations from an administrator’s perspective is depicted below. While actual implementations may interconnect multiple instances of hardware running the TOE, each device running the TOE (i.e., instance of the TOE) is administered individually. • Separate appliance ports are relied on to physically separate connected HBAs. The appliance’s physical location between HBAs and storage devices is relied on to ensure the TOE cannot be bypassed. The TOE encrypts commands sent from terminal applications by administrators using SSHv2 for the command line interface. The TOE requires administrators to login after an SSHv2 connection has been established. Administration of the TOE occurs only on IP based networks or via the serial port. The exchange of user data between HBA, TOE and storage devices occurs only on Fibre Channel networks. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 10 of 60 Figure 1-3: TOE Structure Regarding the TOE internal architecture, the TOE is composed of two subsystems: Fabric OS Subsystem and Runtime Subsystem. The Runtime Subsystem provides an execution environment for the Fabric OS subsystem, logical representations of physical devices, and directly interacts with the physical hardware on which the TOE executes. Thus, the Runtime subsystem interacts with the physical devices (i.e., serial ports, Ethernet ports, and Fibre Channel ports) to facilitate use of those devices by the Fabric OS Subsystem. As an example, the Fabric OS subsystem defines and controls the network protocols used to communicate with administrator stations, and other management servers, while the Runtime subsystem provides the services that support the use of the physical connections on the Brocade Directors and Switches. Figure 1-3 is a logical representation of the TOE software and its interaction with its own hardware platform and network IT environment. Excluded Functionality represented in this diagram are identified in section 1.3.1. 1.4.1.1 Physical Boundaries The TOE is the Brocade Fabric OS 9.1.1b8 operating system configured as instructed by the preparatory documentation described in section 1.4.2 and running on Brocade Switch and Director Appliances. These components are further described as follows. Brocade Fabric OS operating system The Fabric OS is an operating system that runs on Brocade switches and directors with origins from Linux. Fabric OS is comprised of user-space programs, kernel daemons and kernel modules loaded as proprietary components. Some base features of Linux were duplicated in Fabric OS when Fabric OS was created. These base features of Fabric Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 11 of 60 OS include the file system, memory management, processor and I/O support infrastructure for Fabric OS user-space programs, daemons, and kernel modules. Inter-process communication is handled through commonly mapped memory or shared PCI memory and semaphores as well as IOCTL parameter passing. Fabric OS provides access to memory or to make a standard IOCTL call, and all the contents of the buffers and IOCTL message blocks or other message blocks are proprietary to the Fabric OS user-space programs, kernel modules and daemons in the same manner as Linux. The Fabric OS operating system includes the OpenSSL3 crypto engine as internal functionality supporting TOE operation. All parts of Fabric OS are considered TOE except that software directly supporting excluded functionality identified in section 1.3.1. Brocade Switch and Director Appliances One or more of each type of hardware appliance are supported in the evaluated configuration. The evaluated configuration also supports one or more blades per director, depending on the number supported by a given director model. These appliances are not the TOE, but rather are part of the TOE environment. They provide physical connections to a SAN which the TOE utilizes. In its most basic form, the TOE in its intended environment is depicted in the Figure 1-2. The intended environment of the TOE can be described in terms of the following components: • Host – A system in the environment that uses TOE SAN services. • Host Bus Adapters (HBAs) – Provides physical network interfaces from host machines in the environment to the TOE. HBA drivers provide operating system interfaces on host machines in the environment to storage devices in the environment. Storage devices in the environment appear to the host operating system as local (i.e. directly-attached) devices. • Storage device – A device used to store data (e.g. a disk or tape) that is connected to the TOE using a FC connection and is accessed by a host using the TOE. • Terminal application – Provides a runtime environment for console-based (e.g., SSHv2) client administrator console interfaces. • Syslog server – Provides logging to record auditable event information generated by the TOE. The syslog server is expected to store audit information sent to it by the TOE and make that data available to administrators of the TOE. • RADIUS/LDAP Server – An optional component that can perform authentication based on user credentials passed to it by the TOE. The TOE then enforces the authentication result returned by the RADIUS or LDAP Server. • Certificate Authority (CA) – Provides digital certificates for TLS-based interfaces that are installed during initial TOE configuration. After installation, the CA no longer needs to be on the network for operation. The external entities which the TOE communicate with are an audit server (i.e., syslog server), an authentication server (i.e., RADIUS server LDAP Server), and Certificate Authorities. The TOE relies on a syslog server in the environment to store and protect audit records that are generated by the TOE. The TOE can be configured to use a RADIUS or LDAP Server for authentication. The TOE relies upon a certificate authority to generate certificates that are used by the TOE for host authentication. The TOE does not rely on any other components in the environment to provide security-related services. The TOE is interoperable with any adapter or device that is interoperable with one or more of the following standards: • FC-AL-2 INCITS 332: 1999 • FC-GS-5 ANSI INCITS 427:2006 (includes the following.) o FC-GS-4 ANSI INCITS 387: 2004 • FC-IFR revision 1 • FC-SW-4 INCITS 418:2006 (includes the following) o FC-SW-3 INCITS 384: 2004 • FC-VI INCITS 357: 2002 3 The TOE uses OpenSSL version 1.1.1d and the Known Answer Test code from OpenSSL version 1.1.1d. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 12 of 60 • FC-TAPE INCITS TR-24: 1999 • FC-DA INCITS TR-36: 2004 (includes the following) o FC-FLA INCITS TR-20: 1998 o FC-PLDA INCIT S TR-19: 1998 • FC-MI-2 ANSI/INCITS TR-39-2005 • FC-PI INCITS 352: 2002 • FC-PI-2 INCITS 404: 2005 • FC-FS-2 ANSI/INCITS 424:2006 (includes the following) o FC-FS INCITS 373: 2003 • FC-LS revision 1.51 (under development) • FC-BB-3 INCITS 414: 2006 (includes the following) o FC-BB-2 INCITS 372: 2003 • FC-SB-3 INCITS 374: 2003 (replaces FC-SB ANSI X3.271: 1996; FC-SB-2 INCITS 374: 2001) • FCP-2 INCITS 350: 2003 (replaces FCP ANSI X3.269: 1996) • SNIA Storage Management Initiative Specification (SMI-S) Version 1.2 (includes the following) o SNIA Storage Management Initiative Specification (SMI-S) Version 1.02 (ANSI INCITS 388: 2004) o SNIA Storage Management Initiative Specification (SMI-S) Version 1.1.0 1.4.1.2 Logical Boundaries This section summarizes the security functions provided by the TOE: • Security audit • User data protection • Identification and authentication • Security management • TOE Access • Trusted path Protection of the TSF is provided primarily by virtue of the fact that the TOE is running within a hardware appliance that is physically protected in the environment. The TOE does not encrypt data written to or read from storage devices by host bus adapters. The TOE relies instead on the environment to physically protect the network between the HBA and the TOE, and between the TOE and the storage device. Separate appliance ports are relied on to physically separate connected HBAs. The appliance’s physical location between HBAs and storage devices is relied on to ensure TOE interfaces cannot be bypassed. The TOE encrypts commands sent from terminal applications by administrators using SSHv2. Further, TOE requires administrators to login after an SSHv2 connection has been established. The TOE utilizes a reliable time stamp for audit records that is provided by the real time clock in the Brocade Directors and Switches hardware appliances. 1.4.1.2.1 Security audit The TOE generates audit events for numerous activities including policy enforcement, system management and authentication. A syslog server in the environment is relied on to store audit records generated by the TOE. The TOE generates a complete audit record including the IP address of the TOE, the event details, and the time the event occurred. The time stamp is provided by the TOE appliance hardware. TOE generated audit includes a message and timestamp. This is then sent to an external syslog server in the environment using the ‘syslog protocol’. 1.4.1.2.2 User data protection Host bus adapters can only access storage devices that are members of the same zone. The TOE enforces an access control policy called the SAN Fabric SFP to accomplish this. The SAN Fabric SFP is implemented using hardware- enforced zoning (also called “hard zoning” or simply “zoning”) that prevents a host bus adapter from accessing a Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 13 of 60 device the host bus adapter is not authorized to access. A zone is a region within the fabric where a specified group of fabric-connected devices (called zone members) have access to one another. Zone members do not have access to any devices outside the zone and devices outside the zone do not have access to devices inside the zone. 1.4.1.2.3 Identification and authentication The TOE authenticates administrative users. In order for an administrative user to access the TOE, a user account including a user name and password must be created for the user, and an administrative role must be assigned. Either the TOE performs the validation of the login credentials or the information is passed to a RADIUS or LDAP Server to perform the validation and the TOE enforces the decision. The administrator cannot configure the order in which the external authentication provider and the local credentials are checked. The TOE always check the external authentication provider followed by a check of local credentials. The TOE also can authenticate hosts acting as network peers that provide syslog, RADIUS or LDAP services. This authentication occurs using digital signature verifications based up certificates stored within the TOE and used during TLS session establishment. 1.4.1.2.4 Security management The TOE provides both serial terminal- and Ethernet network-based management interfaces. Each of these types of interfaces provides equivalent management functionality. The TOE provides administrative interfaces to configure hard zoning, configure administrative interfaces, as well as to set and reset administrator passwords. By default, host bus adapters do not have access to storage devices. 1.4.1.2.5 TOE access The TOE provides an IP Filter policy that is a set of rules applied to the IP management interfaces. These rules provide the ability to control how and to whom the TOE exposes the management services hosted on a switch. They cannot affect the management traffic that is initiated from a switch. The TOE limits the number of concurrent login sessions for users, such that the number of simultaneous login sessions for each role is limited. 1.4.1.2.6 Trusted path The TOE enforces a trusted path between the TOE administrators and the TOE using SSHv2 connections for Ethernet connections from the Administrator terminal to the TOE. The TOE encrypts commands sent from terminal applications by administrators using SSHv2 for the command line interface. The TOE also enforces a trusted channel between the TOE and configured network peers that are providing syslog, RADIUS or LDAP services. This trusted channel utilizes TLSv1.2 to protect syslog and LDAP communications. The communication between the TOE and a RADIUS server utilizes TLS within the context of the RADIUS protocol. Fabric OS supports a REST interface. REST interface is disabled in the evaluation. The TOE contains FIPS-certified cryptographic implementations that provide random bit generation, encryption/decryption, digital signature, secure hashing and key-hashing features in support of higher level cryptographic protocols including SSHv2 and TLSv1.24 . 1.4.2 TOE Documentation 4 The Brocade® Fabric OS® Common Criteria EAL2 User Guide, 9.1.1b8 describes the configuration and features that are included and available for use in a Common Criteria evaluated configuration of the TOE. This ST focuses on those features that are included for use in an evaluated configuration. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 14 of 60 Brocade offers a guidance document that describes the procedure that the end user should follow to setup the TOE in the evaluated configuration according to the Common Criteria. The administrator is expected to configure the TOE as directed by this documentation. • Brocade® Fabric OS® Common Criteria EAL2 User Guide, 9.1.1b8 FOS-91x-CCEAL2-UG100, August 31, 2025 Brocade also offers a series of documents that describe the installation and operation instructions for the TOE. • Brocade® Fabric OS® Administration Guide, 9.1.x Administration Guide, FOS-91x-Admin-AG104, January 11, 2024 • Brocade® Fabric OS® Command Reference Manual, 9.1.x Reference Manual FOS-91x-Command-RM103, January 11, 2024 • Brocade® Fabric OS® Message Reference Manual, 9.1.x Technical Reference Manual FOS-91x-Message-RM102, January 11, 2024 Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 15 of 60 2. Conformance Claims This TOE is conformant to the following CC specifications: • Common Criteria for Information Technology Security Evaluation Part 2: Security functional components, Version 3.1, Revision 5, April 2017. • Part 2 Extended • Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components, Version 3.1 Revision 5, April 2017. • Part 3 Conformant • Package Claims: • Assurance Level: EAL 2 augmented with ALC_FLR.2 2.1 Conformance Rationale There is no Protection Profile claim. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 16 of 60 3. Security Problem Definition This section summarizes the threats addressed by the TOE and assumptions about the intended environment of the TOE. Note that while the identified threats are mitigated by the security functions implemented in the TOE, the overall assurance level (EAL-2) also serves as an indicator of whether the TOE would be suitable for a given environment. 3.1 Assets Security Mechanisms All mechanisms providing functionality that satisfy the security functional requirements. Data Information processed by or passing through the TOE belonging to either the TOE or users. TOE Resource anything useable or consumable in the TOE. (CC Part 1) Configuration data TOE data maintained by the TOE which specifies the behavior of the TOE. Storage device Device within the storage area network use to store user data. 3.2 Threats T.ACCOUNTABILITY A user may not be held accountable for their actions. T.ADMIN_ERROR An authorized administrator may incorrectly install or configure the TOE resulting in ineffective security mechanisms. T.MASQUERADE An unauthorized user, process, or external IT entity may masquerade as an authorized entity to gain access to data or TOE resources. T.TSF_COMPROMISE A malicious user may cause configuration data to be inappropriately accessed (viewed, modified or deleted). T.UNAUTH_ACCESS A user may gain unauthorized access (view, modify, delete) to a storage device. 3.3 Assumptions A.ADMIN An administrator should be a trustworthy and qualified person with sufficient administration skills. A.AUDIT The environment will provide a Syslog server and a means to present a readable view of the audit data. A.AUTH_SVR The authentication server will be capable of offering a password policy that requires password length, password strength and a restriction of failed login attempts that is consistent with the requirements of this Security Target. A.LOCATE The TOE will be located within controlled access facilities, which will prevent unauthorized physical access. A.MGMT_NET The SSHv2 administration workstation, syslog server, and (when utilized) the authentication servers that are connected to the management network must be operated in a secure environment. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 17 of 60 A.NETWORK The environment will physically protect network communication to and from the TOE from unauthorized disclosure or modification. A.NO_EVIL The TOE will be installed, configured, managed and maintained in accordance with its guidance documentation. A.HARDWARE The TOE is assumed to run on models of Brocade Directors and Switches that are listed in section 1.2. It is assumed that the following functionality is available to the TOE: a) Hardware real time clock b) A trustworthy bootloader A.ORG_SUPPORT The organization in which the TOE operates provides an appropriate cryptographic support infrastructure (e.g., PKI) that is configured in a manner appropriate for the data processed by the TOE. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 18 of 60 4. Security Objectives This section summarizes the security objectives for the TOE and its environment. 4.1 Security Objectives for the TOE O.ACCESS The TOE will ensure that users gain only authorized access to the TOE and to the resources that the TOE controls. O.ADMIN_ROLE The TOE will provide authorized administrator roles to isolate administrative actions thus limiting the scope of errors that an administrator may cause. O.AUDIT_GENERATION The TOE will provide the capability to create records of security relevant events associated with users. O.MANAGE The TOE will allow administrators to effectively manage the TOE and its security functions, must ensure that only authorized administrators are able to access such functionality, and that communication between the TOE and the administrator is protected. O.PROTECTED_COMM The TOE will provide protected communication channels for administrators and authorized IT entities5. O.USER_AUTHENTICATION The TOE will verify the claimed identity of users. O.USER_IDENTIFICATION The TOE will uniquely identify users. 4.2 Security Objectives for the Environment OE.ADMIN The environment will ensure that the administrators of the system are trustworthy and qualified personnel with sufficient administration skills. OE.AUDIT The environment will provide a Syslog server and a means to present a readable view of the audit data. OE.AUTH_SVR The authentication server will offer a password policy that requires password length, password strength and a restriction of failed login attempts that is consistent with the requirements of this Security Target. OE.PKI The PKI associated with the trusted root certificates that are installed into the TOE utilize cryptographic algorithms and methods appropriate for the protection of the data processed by the TOE. 5 IT entities that a TOE is capable of communicating with are a syslog server, RADIUS server or LDAP server, as noted for FTP_ITC.1 application notes. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 19 of 60 OE.NETWORK The Environment will physically protect network communication to and from the TOE from unauthorized disclosure or modification. OE.MGMT_NET The SSHv2 administration workstation, syslog server, and (when utilized) the authentication servers that are connected to the management network are operated in a secure environment. OE.CONFIG The TOE will be installed, configured, managed and maintained in accordance with its guidance documentation. OE.PHYCAL The TOE, HBA and storage devices will be located within controlled access facilities, which will prevent unauthorized physical access. OE.HARDWARE The TOE is assumed to run on models of Brocade Directors and Switches that are listed in section 1.2. In particular it is assumed that the following functionality is available to the TOE: a) Hardware real time clock b) A trustworthy bootloader 4.3 Security Objectives Rationale This section shows that all secure usage assumptions, and threats are completely covered by security objectives. In addition, each objective counters or addresses at least one assumption or threat. 4.3.1 Security Objectives Rationale for the TOE and Environment This section provides evidence demonstrating the coverage of threats and usage assumptions by the security objectives. T.ACCOUNTABILITY T.ADMIN_ERROR T.MASQUERADE T.TSF_COMPROMISE T.UNAUTH_ACCESS A.ADMIN A.AUDIT A. AUTH_SVR A.LOCATE A.NETWORK A.MGMT_NET A.NO_EVIL A.HARDWARE A.ORG_SUPPORT O.ACCESS X O.ADMIN_ROLE X O.AUDIT_GENERATION X O.MANAGE X X O.PROTECTED_COMM X X O.USER_AUTHENTICATION X O.USER_IDENTIFICATION X OE.ADMIN X OE.AUDIT X OE.AUTH_SVR X OE.PKI X OE.CONFIG X OE.NETWORK X OE.MGMT_NET X Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 20 of 60 T.ACCOUNTABILITY T.ADMIN_ERROR T.MASQUERADE T.TSF_COMPROMISE T.UNAUTH_ACCESS A.ADMIN A.AUDIT A. AUTH_SVR A.LOCATE A.NETWORK A.MGMT_NET A.NO_EVIL A.HARDWARE A.ORG_SUPPORT OE.PHYCAL X OE.HARDWARE X Table 4-1 Environment to Objective Correspondence 4.3.1.1 T.ACCOUNTABILITY A user may not be held accountable for their actions. This Threat is satisfied by ensuring that: • O.AUDIT_GENERATION: The TOE will provide the capability to create records of security relevant events associated with users. 4.3.1.2 T.ADMIN_ERROR An authorized administrator may incorrectly install or configure the TOE resulting in ineffective security mechanisms. This Threat is countered by ensuring that: • O.ADMIN_ROLE: The TOE will provide authorized administrator roles to isolate administrative actions thus limiting the scope of errors that an administrator may cause. • O.MANAGE: The TOE will allow administrators to effectively manage the TOE and its security functions, must ensure that only authorized administrators are able to access such functionality, and that communication between the TOE and the administrator is protected. 4.3.1.3 T.MASQUERADE An unauthorized user, process, or external IT entity may masquerade as an authorized entity to gain access to data or TOE resources. This Threat is countered by ensuring that: • O.USER_AUTHENTICATION: The TOE will verify the claimed identity of users. • O.USER_IDENTIFICATION: The TOE will uniquely identify users. • O.PROTECTED_COMM: The TOE will provide protected communication channels for administrators and authorized IT entities. 4.3.1.4 T.TSF_COMPROMISE A malicious user may cause configuration data to be inappropriately accessed (viewed, modified or deleted). This Threat is countered by ensuring that: Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 21 of 60 • O.MANAGE: The TOE will allow administrators to effectively manage the TOE and its security functions, must ensure that only authorized administrators are able to access such functionality, and that communication between the TOE and the administrator is protected. • O.PROTECTED_COMM: The TOE will provide protected communication channels for administrators and authorized IT entities. 4.3.1.5 T.UNAUTH_ACCESS A user may gain unauthorized access (view, modify, delete) to a storage device. This Threat is countered by ensuring that: • O.ACCESS: The TOE will ensure that users gain only authorized access to the TOE and to the resources that the TOE controls. 4.3.1.6 A.ADMIN An administrator should be a trustworthy and qualified person with sufficient administration skills. This Assumption is satisfied by ensuring that: • OE.ADMIN: The environment will ensure that the administrators of the system are trustworthy and qualified personnel with sufficient administration skills. 4.3.1.7 A.AUDIT The environment will provide a Syslog server and a means to present a readable view of the audit data. This Assumption is satisfied by ensuring that: • OE.AUDIT: The environment will provide a Syslog server and a means to present a readable view of the audit data. 4.3.1.8 A.AUTH_SVR The authentication server will be capable of offering a password policy that requires password length, password strength and a restriction of failed login attempts that is consistent with the requirements of this Security Target. This Assumption is satisfied by ensuring that: • OE.AUTH_SVR The authentication server will offer a password policy that requires password length, password strength and a restriction of failed login attempts that is consistent with the requirements of this Security Target. 4.3.1.9 A.LOCATE The TOE will be located within controlled access facilities, which will prevent unauthorized physical access. This Assumption is satisfied by ensuring that: • OE.PHYCAL: The TOE will be located within controlled access facilities, which will prevent unauthorized physical access. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 22 of 60 4.3.1.10 A.NETWORK The Environment will physically protect network communication to and from the TOE from unauthorized disclosure or modification. This Assumption is satisfied by ensuring that: • OE.NETWORK: The Environment will physically protect network communication to and from the TOE from unauthorized disclosure or modification. 4.3.1.11 A.MGMT_NET The SSHv2 administration workstation, syslog server, and (when utilized) the authentication servers that are connected to the management network must be operated in a secure environment. This Assumption is satisfied by ensuring that: • OE.MGMT_NETThe SSHv2 administration workstation, syslog server, and (when utilized) the authentication servers (i.e., RADIUS or LDAP) that are connected to the management network are operated in a secure environment. 4.3.1.12 A.NO_EVIL The TOE will be installed, configured, managed and maintained in accordance with its guidance documentation. This Assumption is satisfied by ensuring that: • OE.CONFIG: The TOE will be installed, configured, managed and maintained in accordance with its guidance documentation 4.3.1.13 A.HARDWARE The TOE is assumed to run on models of Brocade Directors and Switches that are listed in section 1.2. In particular it is assumed that the following functionality is available to the TOE: a) Hardware real time clock b) A trustworthy bootloader. This Assumption is satisfied by ensuring that: • OE.HARDWARE implements A.HARDWARE directly. 4.3.1.14 A.ORG_SUPPORT The organization in which the TOE operates provides an appropriate cryptographic support infrastructure that is configured in a manner appropriate for the data processed by the TOE. This Assumption is satisfied by ensuring that: • OE.PKI: The PKI associated with the trusted root certificates that are installed into the TOE utilize cryptographic algorithms and methods appropriate for the protection of the data processed by the TOE. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 23 of 60 5. Extended Components Definition The iterations of the component FCS_RNG_EXT.1 is an extended component. This extended component is identical to and uses the same rational as the FCS_RNG.1 component which is part of the BSI scheme document AIS 20/31: • Wolfgang Killmann , W. Schindler, “A Proposal for Functionality classes for random number generators”, Version 2.0, September 18, 2011. The component FCS_RNG_EXT.1 is simply a renaming of FCS_RNG.1 from the above Family definition. This ST also includes the extended component FCS_CKM_EXT.5. This extended component is identical to the FCS_CKM.5 component defined in • Common Criteria for Information Technology Security Evaluation Part 2: Security functional components, CC:2022 Revision 1, November 2022. • The component FCS_CKM_EXT.5 is simply a renaming of FCS_CKM.5 from the above Family definition. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 24 of 60 6. Security Requirements This section defines the Security Functional Requirements (SFRs) and Security Assurance Requirements (SARs) that serve to represent the security functional claims for the Target of Evaluation (TOE) and to scope the evaluation effort. This section also contains rationale for the SFRs and SARs. Finally, this section contains an analysis showing that all dependencies for the requirements included in the security target have been satisfied. 6.1 TOE Security Functional Requirements The following table identifies the SFRs that are satisfied by the Fabric OS Version 9.1.1b8 TOE running on the Brocade Directors and Switches. Requirement Class Requirement Component FAU: Security audit FAU_GEN.1: Audit data generation FCS: Cryptographic support FCS_CKM.1: Cryptographic Key Generation FCS_CKM.2: Cryptographic Key Distribution FCS_CKM.4: Cryptographic Key Destruction FCS_COP.1(1): Cryptographic operation for Data Encryption FCS_COP.1(2): Cryptographic Operation for Hashing FCS_COP.1(3): Cryptographic Operations for Keyed-Hashing FCS_COP.1(4): Cryptographic Operations for RSA Signature Services FCS_COP.1(5): Cryptographic Operations for ECDSA Signature Services FCS_CKM_EXT.5: Cryptographic Key Derivation FCS_RNG_EXT.1: Random number generation for OpenSSL & OpenSSH (Class DRG.2) FDP: User data protection FDP_ACC.1: Subset access control FDP_ACF.1: Security attribute based access control FIA: Identification and authentication FIA_AFL.1: Authentication failure handling FIA_ATD.1(1): User attribute definition: Administrators FIA_ATD.1(2): User attribute definition: IT Entities FIA_SOS.1: Verification of secrets FIA_UAU.2: User authentication before any action FIA_UAU.5: Multiple authentication mechanisms FIA_UID.2: User identification before any action FMT: Security management FMT_MSA.1: Management of security attributes for SAN Fabric Policy FMT_MSA.3: Static attribute initialisation for SAN Fabric Policy FMT_MTD.1(1): Management of TSF data FMT_MTD.1(2): Management of TSF data for a user password FMT_MTD.1(3): Management of TSF data for importing certificates FMT_SMF.1: Specification of Management Functions FMT_SMR.1: Security roles FTA: TOE access FTA_MCS.1: Basic limitation on multiple concurrent sessions FTA_TSE.1: TOE session establishment FTP: Trusted path FTP_ITC.1: Trusted Channel FTP_TRP.1: Trusted path Table 6-1 TOE Security Functional Components 6.1.1 Security audit (FAU) 6.1.1.1 Audit data generation (FAU_GEN.1) FAU_GEN.1.1 The TSF shall be able to generate an audit record of the following auditable events: a) Start-up and Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 25 of 60 shutdown of the audit functions; b) All auditable events for the [not specified] level of audit; and c) [the events listed in Table 6-2]. FAU_GEN.1.2 The TSF shall record within each audit record at least the following information: a) Date and time of the event, type of event, subject identity (if applicable), and the outcome (success or failure) of the event; and b) For each audit event type, based on the auditable event definitions of the functional components included in the PP/ST, [no additional details]. Requirement Component Auditable event FAU_GEN.1 start-up and shutdown of the audit functions (specifically, of the TOE) FIA_AFL.1 Locking and unlocking of an account as a result of exceeding the maximum number of failed logons. FIA_UAU.5 unsuccessful use of the authentication mechanism FIA_UID.2 unsuccessful use of the user identification mechanism, including the user identity provided FMT_SMF.1 use of the management functions (specifically, zone configuration, password management configuration, authentication attempts maximum configuration, TOE access filtering configuration, and setting user attributes) FMT_SMR.1 modifications to the group of users that are part of a role Table 6-2 Auditable Events 6.1.2 Cryptographic support (FCS) 6.1.2.1 Cryptographic Key Generation (FCS_CKM.1) FCS_CKM.1.1 The TSF shall generate cryptographic keys in accordance with a specified cryptographic key generation algorithm [ RSA, ECDSA, FFC Schemes w/ safe-prime DH Group 16 ] and specified cryptographic key sizes [ see Table 6-3 ] that meet the following: [see Table 6-3 ]. Table 6-3 Key Generation Key Type Key Size Standard RSA 2048 FIPS PUB 186-4, 'Digital Signature Standard (DSS)', Appendix B.3 ECDSA 256, 384, 521 FIPS PUB 186-4, 'Digital Signature Standard (DSS)', Appendix B.4 FFC Scheme w/ Safe- Prime group 16 4096 NIST Special Publication 800-56A Revision 3, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” and diffie-hellman-group16-sha512 per RFC 3526 Application note The TOE generates RSA 2048-bit keys for use with SSH. 6.1.2.2 Cryptographic Key Distribution (FCS_CKM.2) FCS_CKM.2.1 The TSF shall distribute cryptographic keys in accordance with a specified cryptographic key distribution method [Diffie-Hellman key establishment, EC Diffie-Hellman key establishment] that meets the following: [list of standard described in following table]. Table 6-4 Key Distribution Key Distribution Method Standard of Implementation Key Size in bits Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 26 of 60 Diffie-Hellman key establishment diffie-hellman-group16-sha512 per RFC 8268 modulus length = 4096 EC Diffie-Hellman key establishment with ecdh-sha2-nistp256 from RFC5656 curve length = 256 with ecdh-sha2-nistp384 from RFC5656 curve length = 384 with ecdh-sha2-nistp521 from RFC5656 curve length = 521 6.1.2.3 Cryptographic Key Destruction (FCS_CKM.4) FCS_CKM.4.1 The TSF shall destroy cryptographic keys in accordance with a specified cryptographic key destruction method [zeroize] that meets the following: [none] when no longer needed. 6.1.2.4 Cryptographic key derivation (FCS_CKM_EXT.5) FCS_CKM_EXT.5.1 The TSF shall derive cryptographic keys [described in Table 6-5] from [described in Table 6-5] in accordance with a specified key derivation algorithm [described in Table 6-5] and specified cryptographic key sizes [described in Table 6-5] that meet the following: [described in Table 6-5]. Table 6-5 SSH and TLS Key Agreement / Derivation Key Type Input Parameters Algorithm Standard of Implementation Key Size in bits SSH Session Key Shared secret and nonce SSH: PRF based on SHA-512 (diffie-hellman- group16-sha512) [FIPS SP800-135r1] (PRF), [FIPS180-4] (SHA), [RFC8268] (SSH v2.0) |K| = variable Shared secret and nonce SSH: PRF based on SHA-256 (ecdh-sha2- nistp256) [FIPS SP800-135r1] (PRF), [FIPS 180-4] (SHA), [RFC5656] (SSH v2.0) |K| = variable Shared secret and nonce SSH: PRF based on SHA-384 (ecdh-sha2- nistp384) [FIPS SP800-135r1] (PRF), [FIPS 180-4] (SHA), [RFC5656] (SSH v2.0) |K| = variable Shared secret and nonce SSH: PRF based on SHA-512 (ecdh-sha2- nistp521) [FIPS SP800-135r1] (PRF), [FIPS 180-4] (SHA), [RFC5656] (SSH v2.0) |K| = variable TLS Session Key Premaster Secret TLSv1.2: PRF based on HMAC with SHA- 256 (tls_prf_sha256)6 [FIPS SP800-135r1] (PRF), [FIPS180-4] (SHA), [RFC2104] (HMAC), [RFC5246] (TLS v1.2) |K| = variable Premaster Secret TLSv1.2: PRF based on HMAC with SHA- 384 [FIPS SP800-135r1] (PRF), [FIPS180-4] (SHA), [RFC2104] (HMAC), [RFC5246] (TLS v1.2) |K| = variable Application Note: FCS_RNG_EXT.1 delivers the input for the key derivation function. 6 The default TLS 1.2 Pseudorandom Function (PRF) Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 27 of 60 Application Note: This component FCS_CKM_EXT.5 is an extended component. The component FCS_CKM_EXT.5 is simply a renaming of FCS_CKM.5 from the FAMILY FCS_CKM defined in Common Criteria for Information Technology Security Evaluation Part 2: Security functional components, CC:2022 Revision 1, November 2022. 6.1.2.5 Cryptographic Operation for Data Encryption (FCS_COP.1(1)) FCS_COP.1(1).1: The TSF shall perform [ encryption/decryption ] in accordance with a specified cryptographic algorithm [ AES CBC, AES CTR, AES GCM ] and cryptographic key sizes [ 128 bits, 256 bits] that meet the following: [ AES as specified in ISO 18033-3, CBC as specified in ISO 10116, CTR as specified in ISO 10116, GCM as specified in ISO 19772 ]. 6.1.2.6 Cryptographic Operation for Hashing (FCS_COP.1(2)) FCS_COP.1(2).1: The TSF shall perform [ cryptographic hashing ] in accordance with a specified cryptographic algorithm AES used in [SHA-256, SHA-384, SHA-512 ] and cryptographic key sizes [ 256, 384, 512 ] that meet the following: [ ISO/IEC 10118-3:2004 ]. 6.1.2.7 Cryptographic Operation for Keyed-Hashing (FCS_COP.1(3)) FCS_COP.1(3).1: The TSF shall perform [ keyed-hash message authentication ] in accordance with a specified cryptographic algorithm [ HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 ] and cryptographic key sizes [ 256, 384, 512 ] that meet the following: [ ISO/IEC 9797-2:2011, Section 7 'MAC Algorithm 2' ]. 6.1.2.8 Cryptographic Operation for RSA Signature Services (FCS_COP.1(4)) FCS_COP.1(4).1: The TSF shall perform [ cryptographic signature services (generation and verification) ] in accordance with a specified cryptographic algorithm [ RSA Digital Signature Algorithm ] and cryptographic key sizes [ 2048 bits ] that meet the following: [FIPS PUB 186-4, 'Digital Signature Standard (DSS)', Section 5.5, using PKCS #1 v2.1 Signature Schemes RSASSA- PKCS1v1_5 ]. 6.1.2.9 Cryptographic Operation for ECDSA Signature Services (FCS_COP.1(5)) FCS_COP.1(5).1: The TSF shall perform [ cryptographic signature services (generation and verification) ] in accordance with a specified cryptographic algorithm [ Elliptic Curve Digital Signature Algorithm ] and cryptographic key sizes [ 256, 384, 521 ] that meet the following: [ FIPS PUB 186-4, 'Digital Signature Standard (DSS)', Section 6 and Appendix D, Implementing 'NIST curves' P-256, P-384, P-521; ISO/IEC 14888-3, Section 6.4 ]. 6.1.2.10 Random Number Generation for OpenSSL & OpenSSH (Class DRG.2) (FCS_RNG_EXT.1) FCS_RNG_EXT.1.1 For use by OpenSSH and OpenSSL, the TSF shall provide a [ deterministic ] random number generator that implements: (DRG.2.1) If initialized with a random seed [ [ that is provided by jitter RNG library version 3.3.1 ] ], the internal state of the RNG shall [ have [at least 100 bits of min- entropy] ]. (DRG.2.2) The DRNG provides forward secrecy. (DRG.2.3) The DRNG provides backward secrecy. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 28 of 60 FCS_RNG_EXT.1.2 The TSF shall provide random numbers that meet (DRG.2.4) The RNG, initialized with a random seed [having at least 100 bits of entropy on the first request to CTR_DRBG using AES-256], generates output for which [at least 234 ] strings of bit length 128 are mutually different with probability [greater than or equal to 1 minus 2-16 ]. (DRG.2.5) Statistical test suites cannot practically distinguish the random numbers from output sequences of an ideal RNG. The random numbers must pass test procedure A. Application Note: The deterministic random number generator is CTR_DRBG with/using AES-256. The internal state of the RNG has a length of 384 bits. Application Note: This requirement is intended to describe the random number generation associated with the generation of TLS and SSH keys by the TOE. That is, the RNG is the deterministic random number generator used by OpenSSL and OpenSSH. Application Note: This component FCS_RNG_EXT.1 is an extended component. The component FCS_RNG_EXT.1 is simply a renaming of FCS_RNG.1 from the FAMILY FCS_RNG defined in the following document which is part of the BSI scheme document AIS 20/31: Wolfgang Killmann , W. Schindler, “A proposal for: Functionality classes for random number generators”, Version 2.0, September, 2011. 6.1.3 User data protection (FDP) 6.1.3.1 Subset access control (FDP_ACC.1) FDP_ACC.1.1 The TSF shall enforce the [SAN Fabric SFP] on [ a.) subjects: host bus adapters b.) objects: storage devices c.) operations: block-read and block-write ]. Application Note: The subjects in the TOE are host bus adapters and the objects are storage devices. Operations mediated by the TOE are block-reads and block-writes. The TOE utilizes port number and zone membership of a host bus adapter as well as the storage device address and zone membership of the storage devices when enforcing its SAN Fabric SFP. 6.1.3.2 Security attribute based access control (FDP_ACF.1) FDP_ACF.1.1 The TSF shall enforce the [SAN Fabric SFP] to objects based on the following: [ a.) subject security attributes: 1. port number; 2. zone membership b.) storage device security attributes: 3. storage device address; 4. zone membership ]. FDP_ACF.1.2 The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [for any zone, if the subject port is a member of that zone and the device address is a member of that zone, then the operation is allowed]. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 29 of 60 FDP_ACF.1.3 The TSF shall explicitly authorize access of subjects to objects based on the following additional rules: [no additional rules]. FDP_ACF.1.4 The TSF shall explicitly deny access of subjects to objects based on the following additional rules: [no additional rules]. 6.1.4 Identification and authentication (FIA) 6.1.4.1 Authentication failure handling (FIA_AFL.1) FIA_AFL.1.1 The TSF shall detect when [an administrator configurable positive integer within [1 to 999]] unsuccessful authentication attempts occur related to [user logon]. FIA_AFL.1.2 When the defined number of unsuccessful authentication attempts has been [met or surpassed], the TSF shall [lockout the account for an administrator configured time period]. 6.1.4.2 User attribute definition: Administrators (FIA_ATD.1(1)) FIA_ATD.1(1).1 The TSF shall maintain the following list of security attributes belonging to individual users:[ a.) the security attributes of users possessing administrative roles: • user identity • password • role ]. Application Note: Human user authentication occurs only in the context of an SSH administrative session. Network Peer authentication can occur only over TLS protected communication pathways. FIA_UID.2 and FIA_UAU.2 use the generic term “user” to encompass both human users and network peers as users. The two iterations of FIA_ATD.1 define the different data stored by the TOE for these two types of user. 6.1.4.3 User attribute definition: IT Entities (FIA_ATD.1(2)) FIA_ATD.1(2).1 The TSF shall maintain the following list of security attributes belonging to individual TLS network peer users: [ a) Network address/identifier of the TLS network peer; and b) Public certificate of the TLS network peer. ] Application Note: This requirement applies to users of the TOE that are actually IT Entities providing services to the TOE. Application Note: The TOE may store either a network address or a DNS name for the network peer. Application Note: Rather than storing certificates for individual peers, the TOE can store a trusted root certificate for an authority trusted that can sign peer certificates. A network peer may then be identified by virtue of the TOE verifying the root of a trust chain for the certificate of a network peer. Application Note: See also the application note for FIA_ATD.1(1). Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 30 of 60 6.1.4.4 Verification of secrets (FIA_SOS.1) FIA_SOS.1.1 The TSF shall provide a mechanism to verify that secrets meet [an administrator specified overall minimum length and have a minimum number of specified character types]. Application Note: These limitations apply only for local identification and authentication. The limits may be different when using a RADIUS or LDAP server for identification and authentication 6.1.4.5 User authentication before any action (FIA_UAU.2) FIA_UAU.2.1 The TSF shall require each user to be successfully authenticated before allowing any other TSF- actions on behalf of that user. 6.1.4.6 Multiple authentication mechanisms (FIA_UAU.5) FIA_UAU.5.1 The TSF shall provide [local authentication, authentication by a third-party RADIUS and authentication by a third-party LDAP server] to support user authentication. FIA_UAU.5.2 The TSF shall authenticate any user's claimed identity according to the [following: • Human users are authenticated using the administrator configured order of authentication providers; and • Network Peers are authenticated locally using certificates]. 6.1.4.7 User identification before any action (FIA_UID.2) FIA_UID.2.1 The TSF shall require each user to be successfully identified before allowing any other TSF- mediated actions on behalf of that user. 6.1.5 Security management (FMT) 6.1.5.1 Management of security attributes for SAN Fabric Policy (FMT_MSA.1) FMT_MSA.1.1 The TSF shall enforce the [SAN Fabric SFP] to restrict the ability to [[add or remove members of a zone using]] the security attributes [host bus adapter port number; storage device port number; zone membership of a host bus adapter and zone membership of a storage device] to [users possessing one of the following administrative roles: admin, zoneAdmin, fabricAdmin]. Application note: Host bus adapters and storage devices are referred to as members of a zone when they are added to a zone. 6.1.5.2 Static attribute initialization for SAN Fabric Policy (FMT_MSA.3) FMT_MSA.3.1 The TSF shall enforce the [SAN Fabric SFP] to provide [restrictive] default values for security attributes that are used to enforce the SFP. FMT_MSA.3.2 The TSF shall allow the [admin role] to specify alternative initial values to override the default values when an object or information is created. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 31 of 60 6.1.5.3 Management of TSF data (FMT_MTD.1(1)) FMT_MTD.1(1).1 The TSF shall restrict the ability to [query, modify, delete, [and assign]] the [ • user identity, • user role, • minimum password length and minimum number of specified character types used in a password, • number of unsuccessful authentication attempts that cause accounts to be locked, • locked status of an account, • order in which authentication providers are checked, • presumed source address and service permitted from which remote users connect to the TOE, • identity of network syslog, RADIUS and/or LDAP peers, • cryptographic values associated with network peers, • cryptographic values associated identifying the TOE. ] to [users possessing one of the following administrative roles: admin, SecurityAdmin]. Application note: The cryptographic values referenced above are those associated with the FCS_CKM.1, FCS_CKM.2, FCS_COP.1(*), FCS_CKM_EXT.5 and FIA_ATD.1(2) requirements. 6.1.5.4 Management of TSF data for a user password (FMT_MTD.1(2)) FMT_MTD.1(2).1 The TSF shall restrict the ability to [set] the [passwords] to [the administrative user associated with the password, and users possessing one of the following administrative roles: admin, SecurityAdmin]. 6.1.5.5 Management of TSF data for importing certificates (FMT_MTD.1(3)) FMT_MTD.1(3).1 The TSF shall restrict the ability to [import] the [TLS switch certificate and root CA Certificates] to [users possessing one of the following administrative roles: admin, SecurityAdmin]. 6.1.5.6 Specification of Management Functions (FMT_SMF.1) FMT_SMF.1.1 The TSF shall be capable of performing the following security management functions:[ • add or remove members of a zone; • manage the minimum password length and minimum number of specified character types used in a password, • manage the number of unsuccessful authentication attempts that cause accounts to be locked, • manage the locked status of an account, • specify the order in which authentication providers are checked, • generate RSA and ECDSA Host Key pairs for use with SSH, • export SSH public keys used to authenticate outbound SSH connections, • import public keys to authenticate SSH users, • import certificates for use with TLS, • specify the presumed source address and service permitted from which remote users connect to the TOE; query, modify, delete, and assign the user identity and role; and set and reset passwords of users possessing administrative roles. ]. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 32 of 60 6.1.5.7 Security roles (FMT_SMR.1) FMT_SMR.1.1 The TSF shall maintain the roles [the following administrative roles: • admin • switchAdmin • operator • zoneAdmin • fabricAdmin • securityAdmin • basicSwitchAdmin • maintenance • user ]. FMT_SMR.1.2 The TSF shall be able to associate users with roles. Application note: Other than being able to log into TOE management interfaces and change their own passwords, users possessing the user administrative role can only access interfaces that provide the ability to monitor TOE performance. 6.1.6 TOE access (FTA) 6.1.6.1 Basic limitation on multiple concurrent sessions (FTA_MCS.1) FTA_MCS.1.1 The TSF shall restrict the maximum number of concurrent sessions that belong to the same user. FTA_MCS.1.2 The TSF shall enforce, by default, a limit of [Four (4)] sessions per user. Application Note: These limitations apply only for locally defined accounts undergoing identification and authentication. The limits may be different when using accounts defined under a RADIUS or LDAP server for identification and authentication 6.1.6.2 TOE session establishment (FTA_TSE.1) FTA_TSE.1.1 The TSF shall be able to deny session establishment based on [authentication data expiration, presumed source address of the remote user and service being requested]. 6.1.7 Trusted path (FTP) 6.1.7.1 Trusted Channels to network peers (FTP_ITC.1) FTP_ITC.1.1 The TSF shall provide a communication channel between itself and another trusted IT product that is logically distinct from other communication channels and provides assured identification of its end points and protection of the channel data from modification or and disclosure using TLSv1.2. FTP_ITC.1.2 The TSF shall permit [the TSF] to initiate communication via the trusted channel. FTP_ITC.1.3 The TSF shall initiate communication via the trusted channel for [transfer of audit records, verification of user identity via remote authentication server]. Application Note: The TOE supports trusted channels to IT Entities acting as a syslog server, RADIUS server or LDAP server. All such trusted channels are based upon TLS. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 33 of 60 Application Note: The TOE is always the initiator of a TLS session (for syslog, RADIUS and LDAP). The TOE authenticates the remote TLS endpoint using the certificate associated with the target network peer (FIA_ATD.1(2)). Application Note: The TOE authenticates itself to the syslog server, RADIUS server and LDAP server via a certificate provided in the TLS exchange. . 6.1.7.2 Trusted path (FTP_TRP.1) FTP_TRP.1.1 The TSF shall provide a communication path between itself and [remote] users that is logically distinct from other communication paths and provides assured identification of its end points and protection of the communicated data from [disclosure, modification]. FTP_TRP.1.2 The TSF shall permit [remote users] to initiate communication via the trusted path. FTP_TRP.1.3 The TSF shall require the use of the trusted path for [[administrator access of the TOE via Ethernet using SSH]]. 6.2 Security Functional Requirements Rationale All Security Functional Requirements (SFR) identified in this Security Target are fully addressed in this section and each SFR is mapped to the objective for which it is intended to satisfy. O.ACCESS O.ADMIN_ROLE O.AUDIT_GENERATION O.MANAGE O.PROTECTED_COMM O.USER_AUTHENTICATION O.USER_IDENTIFICATION FAU_GEN.1 X FCS_CKM.1 X X FCS_CKM.2 X X FCS_CKM.4 X X FCS_COP.1(1) X X FCS_COP.1(2) X X FCS_COP.1(3) X X FCS_COP.1(4) X X FCS_COP.1(5) X X FCS_CKM_EXT.5 X X FCS_RNG_EXT.1 X X FDP_ACC.1 X FDP_ACF.1 X FIA_AFL.1 X FIA_ATD.1(1) X X FIA_ATD.1(2) X FIA_SOS.1 X FIA_UAU.2 X FIA_UAU.5 X FIA_UID.2 X Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 34 of 60 O.ACCESS O.ADMIN_ROLE O.AUDIT_GENERATION O.MANAGE O.PROTECTED_COMM O.USER_AUTHENTICATION O.USER_IDENTIFICATION FMT_MSA.1 X FMT_MSA.3 X FMT_MTD.1(1) X FMT_MTD.1(2) X FMT_MTD.1(3) X FMT_SMF.1 X FMT_SMR.1 X X FTA_MCS.1 X FTA_TSE.1 X FTP_ITC.1 X FTP_TRP.1 X Table 6-6 Objective to Requirement Correspondence 6.2.1 O.ACCESS The TOE will ensure that users gain only authorized access to the TOE and to the resources that the TOE controls. This TOE Security Objective is satisfied by ensuring that: • FDP_ACC.1, FDP_ACF.1: The TOE provides the ability to restrict block-read and block-write operations to connected storage devices that are initiated by host bus adapters. Host bus adapter can only access storage devices that are members of the same zone. 6.2.2 O.ADMIN_ROLE The TOE will provide authorized administrator roles to isolate administrative actions thus limiting the scope of errors that an administrator may cause. This TOE Security Objective is satisfied by ensuring that: • FMT_SMR.1: The TOE maintains only administrative roles. 6.2.3 O.AUDIT_GENERATION The TOE will provide the capability create records of security relevant events associated with users. This TOE Security Objective is satisfied by ensuring that: • FAU_GEN.1: The TOE generates audit events for the not specified level of audit. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 35 of 60 6.2.4 O.MANAGE The TOE will allow administrators to effectively manage the TOE and its security functions, must ensure that only authorized administrators are able to access such functionality, and that communication between the TOE and the administrator is protected. This TOE Security Objective is satisfied by ensuring that: • FMT_MSA.1: The ability to modify host bus adapters and storage devices zone membership is limited to users possessing the admin, zoneAdmin, or fabricAdmin, roles. • FMT_MSA.3: Once the TOE has been properly configured, host bus adapters do not have default access to storage devices. Only accounts with the admin role can specify the zone for new storage devices or HBAs. • FMT_MTD.1(1): The ability to query, modify, delete, and assign administrative user security attributes is limited to users possessing one of the following administrative roles: admin, SecurityAdmin. • FMT_MTD.1(2): Administrators can set their own passwords. The administrative roles admin and SecurityAdmin may set any account’s password. • FMT_MTD.1(3): Administrators can issue commands to import a certificate for use as the TOE certificate or import certificates for use as root CA certificates. • FMT_SMF.1: The TOE provides administrative interfaces to modify and query host bus adapters and storage device zone membership, as well as to set and reset administrator passwords. • FMT_SMR.1: The TOE maintains administrative user roles. • FTA_MCS.1: The TOE limits the number of concurrent sessions a user can have based upon the user’s role. This limitation applies only for local identification and authentication. The limits may be different when using a RADIUS or LDAP server for identification and authentication. • FTA_TSE.1: The TOE limits the locations and services through which administrators can establish remote administrative sessions based upon the presumed source network location. • FTP_TRP.1: The TOE provides a trusted path between itself and remote administrative users. • FCS_COP.1(all iterations): The TOE utilizes cryptography to as part of the trusted path mechanism that protects communications during administrative sessions. • FCS_CKM.1: The TOE generates keys for use with the trusted path mechanism. • FCS_CKM.2: The TOE distributes cryptographic keys in the context of a negotiation of SSH symmetric session keys. • FCS_CKM.4: The TOE zeroizes keys used in for the trusted path mechanism when the key is no longer needed. • FCS_CKM_EXT.5: The TOE performs key derivation as part of SSH session establishment. The TOE utilizes random numbers generated in accordance with FCS_RNG_EXT.1 as input parameters. For SSH, these input parameters are used in accordance with FIPS 180-4, RFC 8268 and RFC 5656 with PRF based on diffie-hellman- group16-sha512 using key size of 4096-bits, ecdh-sha2-nistp256 using keysize of 256 bits, ecdh-sha2-nistp384 using keysize of 384 bits and ecdh-sha2-nistp521 using keysize of 521 bits. • FCS_RNG_EXT.1: The TOE generates random numbers for use in key generation by OpenSSH that is associated with the trusted path mechanism. 6.2.5 O.PROTECTED_COMM The TOE will provide protected communication channels for administrators and authorized IT entities. This TOE Security Objective is satisfied by ensuring that: Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 36 of 60 • FIA_ATD.1: The TOE maintains security attributes for authenticating network peers that act as a syslog server, RADIUS server or LDAP server. • FTP_ITC.1: The TOE provides a trusted communication channel that utilizes TLS. This channel protects communication between the TOE itself and network peers providing syslog, RADIUS and LDAP services. • FCS_COP.1(all iterations): The TOE utilizes cryptography to as part of the trusted channel mechanism that protects communication with network peers (i.e., syslog servers, RADIUS servers and LDAP servers). • FCS_CKM.1: The TOE generates keys for use with the trusted channel mechanism. • FCS_CKM.2: The TOE distributes cryptographic keys in the context of a TLS handshake. • FCS_CKM.4: The TOE zeroizes keys used in for the trusted channel mechanism when the key is no longer needed. • FCS_CKM_EXT.5: The TOE performs key derivation as part of TLS session establishment. The TOE utilizes random numbers generated in accordance with FCS_RNG_EXT.1 as input parameters. For TLS, these input parameters are used in accordance with FIPS 180-4, RFC 2104 and RFC 5246 for TLS, with PRF based on HMAC with SHA-256 or SHA-384, using keys sizes of 256 or 384 respectively. • FCS_RNG_EXT.1: The TOE generates random numbers for use in key generation by OpenSSL that is associated with the trusted channel and trusted path mechanisms. 6.2.6 O.USER_AUTHENTICATION The TOE will verify the claimed identity of users. This TOE Security Objective is satisfied by ensuring that: • FIA_AFL.1: The TOE locks user accounts as a result of too many failed logon attempts. • FIA_ATD.1: The TOE maintains security attributes for administrative users. • FIA_SOS.1: The TOE provides administratively defined constraints on user passwords. These constraints apply only for local identification and authentication. The constraints may be different when using a RADIUS or LDAP server for identification and authentication • FIA_UAU.2: The TOE performs user authentication before allowing any other actions. • FIA_UAU.5: The TOE supports the authentication of users via a local database of user accounts, via third- party RADIUS servers or via third-party LDAP servers. 6.2.7 O.USER_IDENTIFICATION The TOE will uniquely identify users. This TOE Security Objective is satisfied by ensuring that: • FIA_ATD.1: The TOE maintains security attributes for administrative users. • FIA_UID.2: The TOE offers no TSF-mediated functions until the user is identified. Administrative users are identified using user identifiers. 6.3 TOE Security Assurance Requirements The SARs for the TOE are the EAL 2 augmented with ALC_FLR.2 components as specified in Part 3 of the Common Criteria. No operations are applied to the assurance components. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 37 of 60 Requirement Class Requirement Component ADV: Development ADV_ARC.1: Security architecture description ADV_FSP.2: Security-enforcing functional specification ADV_TDS.1: Basic design AGD: Guidance documents AGD_OPE.1: Operational user guidance AGD_PRE.1: Preparative procedures ALC: Life-cycle support ALC_CMC.2: Use of a CM system ALC_CMS.2: Parts of the TOE CM coverage ALC_DEL.1: Delivery procedures ALC_FLR.2: Flaw reporting procedures ATE: Tests ATE_COV.1: Evidence of coverage ATE_FUN.1: Functional testing ATE_IND.2: Independent testing - sample AVA: Vulnerability assessment AVA_VAN.2: Vulnerability analysis Table 6-7 EAL 2 augmented with ALC_FLR.2 Assurance Components 6.3.1 Development (ADV) 6.3.1.1 Security architecture description (ADV_ARC.1) ADV_ARC.1.1d The developer shall design and implement the TOE so that the security features of the TSF cannot be bypassed. ADV_ARC.1.2d The developer shall design and implement the TSF so that it is able to protect itself from tampering by untrusted active entities. ADV_ARC.1.3d The developer shall provide a security architecture description of the TSF. ADV_ARC.1.1c The security architecture description shall be at a level of detail commensurate with the description of the SFR-enforcing abstractions described in the TOE design document. ADV_ARC.1.2c The security architecture description shall describe the security domains maintained by the TSF consistently with the SFRs. ADV_ARC.1.3c The security architecture description shall describe how the TSF initialisation process is secure. ADV_ARC.1.4c The security architecture description shall demonstrate that the TSF protects itself from tampering. ADV_ARC.1.5c The security architecture description shall demonstrate that the TSF prevents bypass of the SFR- enforcing functionality. ADV_ARC.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 6.3.1.2 Security-enforcing functional specification (ADV_FSP.2) ADV_FSP.2.1d The developer shall provide a functional specification. ADV_FSP.2.2d The developer shall provide a tracing from the functional specification to the SFRs. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 38 of 60 ADV_FSP.2.1c The functional specification shall completely represent the TSF. ADV_FSP.2.2c The functional specification shall describe the purpose and method of use for all TSFI. ADV_FSP.2.3c The functional specification shall identify and describe all parameters associated with each TSFI. ADV_FSP.2.4c For each SFR-enforcing TSFI, the functional specification shall describe the SFR-enforcing actions associated with the TSFI. ADV_FSP.2.5c For each SFR-enforcing TSFI, the functional specification shall describe direct error messages resulting from processing associated with the SFR-enforcing actions. ADV_FSP.2.6c The tracing shall demonstrate that the SFRs trace to TSFIs in the functional specification. ADV_FSP.2.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ADV_FSP.2.2e The evaluator shall determine that the functional specification is an accurate and complete instantiation of the SFRs. 6.3.1.3 Basic design (ADV_TDS.1) ADV_TDS.1.1d The developer shall provide the design of the TOE. ADV_TDS.1.2d The developer shall provide a mapping from the TSFI of the functional specification to the lowest level of decomposition available in the TOE design. ADV_TDS.1.1c The design shall describe the structure of the TOE in terms of subsystems. ADV_TDS.1.2c The design shall identify all subsystems of the TSF. ADV_TDS.1.3c The design shall describe the behaviour of each SFR-supporting or SFR-non-interfering TSF subsystem in sufficient detail to determine that it is not SFR-enforcing. ADV_TDS.1.4c The design shall summarise the SFR-enforcing behaviour of the SFR-enforcing subsystems. ADV_TDS.1.5c The design shall provide a description of the interactions among SFR-enforcing subsystems of the TSF, and between the SFR-enforcing subsystems of the TSF and other subsystems of the TSF. ADV_TDS.1.6c The mapping shall demonstrate that all TSFIs trace to the behaviour described in the TOE design that they invoke. ADV_TDS.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ADV_TDS.1.2e The evaluator shall determine that the design is an accurate and complete instantiation of all security functional requirements. 6.3.2 Guidance documents (AGD) 6.3.2.1 Operational user guidance (AGD_OPE.1) AGD_OPE.1.1d The developer shall provide operational user guidance. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 39 of 60 AGD_OPE.1.1c The operational user guidance shall describe, for each user role, the user-accessible functions and privileges that should be controlled in a secure processing environment, including appropriate warnings. AGD_OPE.1.2c The operational user guidance shall describe, for each user role, how to use the available interfaces provided by the TOE in a secure manner. AGD_OPE.1.3c The operational user guidance shall describe, for each user role, the available functions and interfaces, in particular all security parameters under the control of the user, indicating secure values as appropriate. AGD_OPE.1.4c The operational user guidance shall, for each user role, clearly present each type of security- relevant event relative to the user-accessible functions that need to be performed, including changing the security characteristics of entities under the control of the TSF. AGD_OPE.1.5c The operational user guidance shall identify all possible modes of operation of the TOE (including operation following failure or operational error), their consequences and implications for maintaining secure operation. AGD_OPE.1.6c The operational user guidance shall, for each user role, describe the security measures to be followed in order to fulfil the security objectives for the operational environment as described in the ST. AGD_OPE.1.7c The operational user guidance shall be clear and reasonable. AGD_OPE.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 6.3.2.2 Preparative procedures (AGD_PRE.1) AGD_PRE.1.1d The developer shall provide the TOE including its preparative procedures. AGD_PRE.1.1c The preparative procedures shall describe all the steps necessary for secure acceptance of the delivered TOE in accordance with the developer's delivery procedures. AGD_PRE.1.2c The preparative procedures shall describe all the steps necessary for secure installation of the TOE and for the secure preparation of the operational environment in accordance with the security objectives for the operational environment as described in the ST. AGD_PRE.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AGD_PRE.1.2e The evaluator shall apply the preparative procedures to confirm that the TOE can be prepared securely for operation. 6.3.3 Life-cycle support (ALC) 6.3.3.1 Use of a CM system (ALC_CMC.2) ALC_CMC.2.1d The developer shall provide the TOE and a reference for the TOE. ALC_CMC.2.2d The developer shall provide the CM documentation. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 40 of 60 ALC_CMC.2.3d The developer shall use a CM system. ALC_CMC.2.1c The TOE shall be labelled with its unique reference. ALC_CMC.2.2c The CM documentation shall describe the method used to uniquely identify the configuration items. ALC_CMC.2.3c The CM system shall uniquely identify all configuration items. ALC_CMC.2.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 6.3.3.2 Parts of the TOE CM coverage (ALC_CMS.2) ALC_CMS.2.1d The developer shall provide a configuration list for the TOE. ALC_CMS.2.1c The configuration list shall include the following: the TOE itself; the evaluation evidence required by the SARs; and the parts that comprise the TOE. ALC_CMS.2.2c The configuration list shall uniquely identify the configuration items. ALC_CMS.2.3c For each TSF relevant configuration item, the configuration list shall indicate the developer of the item. ALC_CMS.2.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 6.3.3.3 Delivery procedures (ALC_DEL.1) ALC_DEL.1.1d The developer shall document and provide procedures for delivery of the TOE or parts of it to the consumer. ALC_DEL.1.2d The developer shall use the delivery procedures. ALC_DEL.1.1c The delivery documentation shall describe all procedures that are necessary to maintain security when distributing versions of the TOE to the consumer. ALC_DEL.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 6.3.3.4 Flaw reporting procedures (ALC_FLR.2) ALC_FLR.2.1d The developer shall document and provide flaw remediation procedures addressed to TOE developers. ALC_FLR.2.2d The developer shall establish a procedure for accepting and acting upon all reports of security flaws and requests for corrections to those flaws. ALC_FLR.2.3d The developer shall provide flaw remediation guidance addressed to TOE users. ALC_FLR.2.1c The flaw remediation procedures documentation shall describe the procedures used to track all reported security flaws in each release of the TOE. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 41 of 60 ALC_FLR.2.2c The flaw remediation procedures shall require that a description of the nature and effect of each security flaw be provided, as well as the status of finding a correction to that flaw. ALC_FLR.2.3c The flaw remediation procedures shall require that corrective actions be identified for each of the security flaws. ALC_FLR.2.4c The flaw remediation procedures documentation shall describe the methods used to provide flaw information, corrections and guidance on corrective actions to TOE users. ALC_FLR.2.5c The flaw remediation procedures shall describe a means by which the developer receives from TOE users reports and enquiries of suspected security flaws in the TOE. ALC_FLR.2.6c The procedures for processing reported security flaws shall ensure that any reported flaws are remediated and the remediation procedures issued to TOE users. ALC_FLR.2.7c The procedures for processing reported security flaws shall provide safeguards that any corrections to these security flaws do not introduce any new flaws. ALC_FLR.2.8c The flaw remediation guidance shall describe a means by which TOE users report to the developer any suspected security flaws in the TOE. ALC_FLR.2.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 6.3.4 Tests (ATE) 6.3.4.1 Evidence of coverage (ATE_COV.1) ATE_COV.1.1d The developer shall provide evidence of the test coverage. ATE_COV.1.1c The evidence of the test coverage shall show the correspondence between the tests in the test documentation and the TSFIs in the functional specification. ATE_COV.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 6.3.4.2 Functional testing (ATE_FUN.1) ATE_FUN.1.1d The developer shall test the TSF and document the results. ATE_FUN.1.2d The developer shall provide test documentation. ATE_FUN.1.1c The test documentation shall consist of test plans, expected test results and actual test results. ATE_FUN.1.2c The test plans shall identify the tests to be performed and describe the scenarios for performing each test. These scenarios shall include any ordering dependencies on the results of other tests. ATE_FUN.1.3c The expected test results shall show the anticipated outputs from a successful execution of the tests. ATE_FUN.1.4c The actual test results shall be consistent with the expected test results. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 42 of 60 ATE_FUN.1.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. 6.3.4.3 Independent testing - sample (ATE_IND.2) ATE_IND.2.1d The developer shall provide the TOE for testing. ATE_IND.2.1c The TOE shall be suitable for testing. ATE_IND.2.2c The developer shall provide an equivalent set of resources to those that were used in the developer's functional testing of the TSF. ATE_IND.2.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. ATE_IND.2.2e The evaluator shall execute a sample of tests in the test documentation to verify the developer test results. ATE_IND.2.3e The evaluator shall test a subset of the TSF to confirm that the TSF operates as specified. 6.3.5 Vulnerability assessment (AVA) 6.3.5.1 Vulnerability analysis (AVA_VAN.2) AVA_VAN.2.1d The developer shall provide the TOE for testing. AVA_VAN.2.1c The TOE shall be suitable for testing. AVA_VAN.2.1e The evaluator shall confirm that the information provided meets all requirements for content and presentation of evidence. AVA_VAN.2.2e The evaluator shall perform a search of public domain sources to identify potential vulnerabilities in the TOE. AVA_VAN.2.3e The evaluator shall perform an independent vulnerability analysis of the TOE using the guidance documentation, functional specification, TOE design and security architecture description to identify potential vulnerabilities in the TOE. AVA_VAN.2.4e The evaluator shall conduct penetration testing, based on the identified potential vulnerabilities, to determine that the TOE is resistant to attacks performed by an attacker possessing Basic attack potential. 6.4 Security Assurance Requirements Rationale EAL-2 augmented was selected as the assurance level because the TOE is a commercial product whose users require a low to moderate level of independently assured security in the absence of ready availability of the complete development record. ALC_FLR.2 was selected to exceed EAL-2 assurance objectives in order to ensure that identified flaws are addressed. The TOE is targeted at a relatively benign environment with good physical access security and competent administrators. Within such environments it is assumed that attackers will have a basic attack potential. As such, EAL-2 is appropriate to provide the assurance necessary to counter the basic potential for attack. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 43 of 60 6.5 Requirement Dependency Rationale The following table demonstrates that all dependencies among the claimed security requirements are satisfied and therefore the requirements work together to accomplish the overall objectives defined for the TOE. The one additional assurance requirement beyond EAL-2 (i.e., ALC_FLR.2) that has been added for this product has been included in this analysis. ST Requirement CC Dependencies ST Dependencies FAU_GEN.1 FPT_STM.1 OE.Hardware FCS_COP.1(1) (FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1) and FCS_CKM.4 FCS_CKM.1 and FCS_CKM.4 FCS_COP.1(2) (FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1) and FCS_CKM.4 FCS_CKM.1 and FCS_CKM.4 FCS_COP.1(3) (FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1) and FCS_CKM.4 FCS_CKM.1 and FCS_CKM.4 FCS_COP.1(4) (FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1) and FCS_CKM.4 FCS_CKM.1 and FCS_CKM.4 FCS_COP.1(5) (FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1) and FCS_CKM.4 FCS_CKM.1 and FCS_CKM.4 FCS_CKM_EXT.5 (FCS_CKM.2 or FCS_COP.1) and FCS_CKM.6 FCS_CKM.2, FCS_COP.1(1), and FCS_CKM.4 FCS_CKM.1 (FCS_CKM.2 or FCS_COP.1) and FCS_CKM.4 FCS_CKM.2, FCS_CKM_EXT.5 and FCS_CKM.4 FCS_CKM.2 (FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1) and FCS_CKM.4 FCS_CKM.1 and FCS_CKM.4 FCS_CKM.4 (FDP_ITC.1 or FDP_ITC.2 or FCS_CKM.1) FCS_CKM.1 FCS_RNG_EXT.1 None None FDP_ACC.1 FDP_ACF.1 FDP_ACF.1 FDP_ACF.1 FDP_ACC.1 and FMT_MSA.3 FDP_ACC.1 and FMT_MSA.3 FIA_AFL.1 FIA_UAU.1 FIA_UAU.2 FIA_ATD.1(1) none none FIA_ATD.1(2) none none FIA_SOS.1 none none FIA_UAU.2 FIA_UID.1 FIA_UID.2 FIA_UAU.5 none none FIA_UID.2 none none FMT_MSA.1 FMT_SMR.1 and FMT_SMF.1 and (FDP_ACC.1 or FDP_IFC.1) FMT_SMR.1 and FMT_SMF.1 and FDP_ACC.1 FMT_MSA.3 FMT_MSA.1 and FMT_SMR.1 FMT_MSA.1, and FMT_SMR.1 FMT_MTD.1(1), FMT_MTD.1(2), and FMT_MTD.1(3) FMT_SMR.1 and FMT_SMF.1 FMT_SMR.1 and FMT_SMF.1 FMT_SMF.1 none none FMT_SMR.1 FIA_UID.1 FIA_UID.2 FTA_MCS.1 FIA_UID.1 FIA_UID.2 FTA_TSE.1 none none FTP_ITC.1 none none FTP_TRP.1 none none ADV_ARC.1 ADV_FSP.1 and ADV_TDS.1 ADV_FSP.2 and ADV_TDS.1 ADV_FSP.2 ADV_TDS.1 ADV_TDS.1 ADV_TDS.1 ADV_FSP.2 ADV_FSP.2 AGD_OPE.1 ADV_FSP.1 ADV_FSP.2 AGD_PRE.1 none none ALC_CMC.2 ALC_CMS.1 ALC_CMS.2 Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 44 of 60 ST Requirement CC Dependencies ST Dependencies ALC_CMS.2 none none ALC_DEL.1 none none ALC_FLR.2 none none ATE_COV.1 ADV_FSP.2 and ATE_FUN.1 ADV_FSP.2 and ATE_FUN.1 ATE_FUN.1 ATE_COV.1 ATE_COV.1 ATE_IND.2 ADV_FSP.2 and AGD_OPE.1 and AGD_PRE.1 and ATE_COV.1 and ATE_FUN.1 ADV_FSP.2 and AGD_OPE.1 and AGD_PRE.1 and ATE_COV.1 and ATE_FUN.1 AVA_VAN.2 ADV_ARC.1 and ADV_FSP.2 and ADV_TDS.1 and AGD_OPE.1 and AGD_PRE.1 ADV_ARC.1 and ADV_FSP.2 and ADV_TDS.1 and AGD_OPE.1 and AGD_PRE.1 Table 6-8 Requirement Dependencies The TOE is assumed to run on models of Brocade Directors and Switches that are listed in section 1.2. In particular, it is assumed that a hardware real time clock is available to the TOE. While FCS_CKM_EXT.5 has a dependency upon FCS_CKM.6, the destruction of keying material required by FCS_CKM.6 is already addressed by the destruction of keys required by the refined FCS_CKM.4 requirement. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 45 of 60 7. TOE Summary Specification This chapter describes the security functions: • Security audit • User data protection • Identification and authentication • Security management • TOE access • Trusted path This chapter also includes Cryptographic mechanism references summary and covers the topics of TSF protection, identifies TOE assurance measures and provides TSS rationale mapping TOE security functions to requirements. 7.1 Security audit The TOE generates audit records for start-up and shutdown of the TOE, and for an unspecified level of audit. Audit records include date and time of the event, type of event, user identity that caused the event to be generated, and the outcome of the event. The TOE sends audit records to a syslog server in the environment. The environment is relied on to provide interfaces to read from the audit trail. The auditable events include: Requirement Component Auditable event FAU_GEN.1 start-up and shutdown of the audit functions (specifically, of the TOE); The TOE auditing capability of the TOE is operational whenever the TOE is running. Thus, starting and stopping audit occurs only with the starting and stopping of the TOE. For controlled system shutdown/reloads, audits are generated indicating the planned action. When most system crashes occur, audits cannot be generated for the shutdown of auditing. Regardless of how the system stopped (planned shutdown or crash) an audit is generated indicating that the system is starting. FIA_AFL.1 Locking and unlocking of an account as a result of exceeding the maximum number of failed logons. FIA_UAU.2 Unsuccessful use of the authentication mechanism FIA_UID.2 Unsuccessful use of the user identification mechanism, including the user identity provided FMT_SMF.1 Use of the management functions (specifically, zone configuration, data encryption configuration, password management configuration, authentication attempts maximum configuration, TOE access filtering configuration, and setting user attributes) FMT_SMR.1 Modifications to the group of users that are part of a role Table 7-1 Requirement Component and Auditable event Syslog protocol messages containing audit records have three parts. The first part is called the PRI, the second part is the HEADER, and the third part is the MSG. The TOE generates syslog audit records as follows: • The TOE generates a complete audit record including the IP address of the TOE, the event details, and the time the event occurred. The time stamp is provided by the underlying TOE appliance hardware. Each audit record contains the following fields: AUDIT, , , , , ////, /, , For example: Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 46 of 60 AUDIT, 2023/03/01-01:54:03 (GMT), [SEC-1000], WARNING, SECURITY, JohnSmith/admin/192.168.132.10/Telnet/CLI, Domain A/JohnsSwitch, , Incorrect password during login attempt • The audit record is packaged into a syslog protocol message. The complete audit record is packaged into the syslog MSG part. The PRI and HEADER are then added. • A network connection is established with the syslog server in the environment and the audit record is sent. When the syslog server writes the audit record to the audit trail, it applies its own time stamp, placing the entire TOE- generated syslog protocol message MSG contents into an encapsulating syslog record, as depicted below. Figure 7-1: TOE and environment audit record components. Since the time stamp applied by the TOE was included as part of the event details, the time stamp in the event details can be used to determine the order in which events occurred on the TOE. Similarly, the instance of the TOE that generated the record can be determined by examining the field containing the IP address of the TOE. For example: 2023/03/01-21:01:41 (GMT), [SEC-3021], INFO, SECURITY, JohnSmith/None/remoteserver.domain/ssh/CLI,NA/G720/FID 3, , Event: login, Status: failed, Info: Failed login attempt via REMOTE, IP Addr: remoteserver.domain. The Audit protection function is designed to satisfy the following security functional requirements: • FAU_GEN.1: The TOE generates audit events for the not specified level of audit. A syslog server in the environment is relied on to store audit records generated by the TOE. 7.2 User data protection The evaluated configuration supports only interconnected TOE instances operated in a Native Mode. The TOE defines host bus adapters in terms of port number and zone membership. The “port number” attribute that specifies a particular HBA host is semantically equivalent to the host address used to determine connectivity. The “port number” specifies the specific physical port to which the HBA is connected. The unique host address obtained from the TOE when the HBA connects to the fabric also specifies the physical port to which the HBA is connected. The first thing a host bus adapter must do is establish connectivity with at least one storage device located in the fabric. In order for a host bus adapter to access a storage device using the TOE, a port must be configured by an administrator to be a member of a zone of which a target storage device is already a member. After establishing a physical connection with the TOE, the HBA acquires what is called a SAN fabric address from the TOE, which is a 24-bit Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 47 of 60 address format. Upon receiving an address, the HBA next registers itself with the TOE. The HBA then initiates FC7 - protocol commands to establish connectivity with one or more targets located within the fabric. The TOE then determines whether or not to allow access to the storage device by comparing zone memberships. The TOE implements the SAN Fabric SFP to restrict block-read and block-write operations to an HBA that is a member of the same zone as the object storage device. Host bus adapters can only access storage devices that are members of the same zone. Hardware-enforced zoning (also called “hard zoning” or simply “zoning”) prevents a host bus adapter from accessing a device the host bus adapter is not authorized to access. The product also includes what is called soft zoning. Soft zoning does not restrict access to connected storage devices. If a host bus adapter has knowledge of the network address of a target device, the host bus adapter can read and write to it. That is why soft zoning is not supported in the evaluated configuration. Administrative guidance is relied on to warn against the use of soft zoning and it is not otherwise enabled by default in the evaluated configuration. A host bus adapter must be a member of a zone under hard zoning, configured by an administrator, before a host bus adapter can access a storage device. Zoning works by checking each frame before it is delivered to a zone member and discarding it if there is a zone mismatch. The TOE monitors HBA communications and blocks any frames that do not comply with the zone configuration. Zoning prevents users from even discovering the existence of unauthorized target devices. A zone is a region within the fabric where a specified group of fabric-connected devices (called zone members) have access to one another. Storage devices not explicitly defined in a zone are isolated, and host bus adapters in the zoned fabric do not have access to them. • A group of one or more zones is called a zone configuration. • The complete set of all zone members defined in a fabric is called the defined zone configuration. • Zoning configuration procedures change zone objects in the defined configuration. When a configuration is enabled by an administrator, it becomes the effective zone configuration. The effective zone configuration is restored after a TOE reboot. This is also known as the active zone configuration. • A copy of the defined zone configuration (plus the name of the effective zone configuration) can be saved by an administrator. The resulting saved zone configuration is restored after a switch reboot. If an administrator makes changes to the defined zone configuration but does not save them, there will be differences between the defined zone configuration and the saved zone configuration. • A default zone is a zone that contains all ports that are not members of any zone in the active zone set. A zone object is either an HBA or a disk. Any zone object connected to the fabric can be included in one or more zones. Zone objects can communicate only with other objects in the same zone. For example, consider the figure below, which shows: • Three zones are configured, named Red, Green, and Blue. • Server 1 can communicate only with the Loop 1 devices. • Server 2 can communicate only with the RAID and Blue zone devices. • Server 3 can communicate with the RAID device and the Loop1 device. • The Loop 2 JBODs are not assigned to a zone; no other zoned fabric device can access them. 7 Note that use of the FC over IP (FCIP) protocol is not included in an evaluated configuration. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 48 of 60 Figure 7-2: Sample Zones The TOE determines whether or not to allow an HBA access to a storage device by comparing zone memberships. If access is permitted, the HBA is subsequently permitted to issue FC-protocol commands that correspond to disk read and write operations. If access is not permitted, a rejection command is returned to the HBA and any subsequent read or write operations from that HBA are discarded by the TOE. When a host bus adapter performs a read or a write after the HBA has established a connection with a storage device using the TOE according to the SAN Fabric SFP, the HBA either breaks data blocks up into multiple data frames (in the case of a block-write operation) before sending the information to the TOE, or reassembles data frames into blocks (in the case of a block-read operation). When a write operation is performed, the storage device after the operation has completed transmits a single frame back through the TOE to the HBA to acknowledge that all data was received and written to the storage device. When a host bus adapter performs a read to a target device for which it has established a connection, the HBA first issues the appropriate FC protocol command to the target at its defined 24-bit address. Next, the TOE inspects the user’s HBA’s Host address and target address within the frame to verify that connectivity is allowed via the current zoning configuration. • If connectivity is allowed, then no further action is taken by the TOE besides ensuring that all of the frames are properly routed to their assigned destination based on their 24-bit destination address. • If connectivity is not allowed, then the TOE sends a rejection command to the HBA and any subsequent read operations are rejected by the TOE. Finally, the HBA collects all data frames and combines the data into the requested block for the host. When a host bus adapter performs a write to a target device for which it has established a connection, the HBA first issues the appropriate FC protocol command to the target at its defined 24-bit address. Next, the TOE inspects the user’s HBA’s Host address and target address within the frame to verify that connectivity is allowed via the current zoning configuration. • If connectivity is allowed, then no further action is taken by the TOE besides ensuring that all of the frames are properly routed to their assigned destination based on their 24-bit destination address. • If connectivity is not allowed, then the TOE sends a rejection command to the HBA and any subsequent write operations are rejected by the TOE.. Next the HBA breaks up the data block to be written into multiple data frames, and transmits each one to the target. The TOE inspects the 24-bit address of each data frame, either allowing it to route properly, or rejecting it depending on the current zoning configuration. Finally, the storage device transmits back a single frame acknowledging that all data was received and written to the storage media. The User data protection function is designed to satisfy the following security functional requirements: Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 49 of 60 • FDP_ACC.1, FDP_ACF.1: The TOE provides the ability to restrict block-read and block-write operations to connected storage devices that are initiated by host bus adapters. Host bus adapter can only access storage devices that are members of the same zone. 7.3 Identification and authentication The TOE defines administrative users in terms of: • user identity; and • password; and • role. Role permissions determine the functions that administrators may perform. Nine roles, each with a fixed set of permissions, are supported: Maintenance, Admin, FabricAdmin, SecurityAdmin, SwitchAdmin, BasicSwitchAdmin, ZoneAdmin, Operator and User. There are three pre-defined administrator accounts called “maintenance”, “admin” and “user”, each of which is assigned the respective role of the same name, e.g. the “admin” account is assigned the Admin role. Note that neither the account called “user” nor any account that is assigned the User role, corresponds to a host bus adapter that is attempting to access a storage device, rather a User-role account corresponds to an administrative user that can view but not change configuration settings. The TOE authenticates administrative users using either its own authentication mechanism or a RADIUS or LDAP Server. The TOE provides its own password authentication mechanism to authenticate administrative users. In order for an administrative user to access the TOE, a user account including a user name and password must be created for the user, and an administrative role must be assigned. The TOE password authentication mechanism enforces password composition rules. Passwords must be between 8 and 40 characters; they must begin with an alphabetical character; they can include numeric characters, the dot (.), and the underscore ( _ ); they are case-sensitive. In the case of RADIUS or LDAP Server authentication, the TOE passes the login credentials supplied to the RADIUS or LDAP Server for validation. If the RADIUS or LDAP Server returns a success value, the TOE matches the user name to a user name stored internally. The administrator can configure the order in which the external authentication provider and the local credentials are checked. The TOE supports several password policies which apply only to accounts defined within the local user database. Password Strength The password strength policy is enforced across all user accounts, and enforces a set of format rules to which new passwords must adhere. The password strength policy is enforced only when a new password is defined. The administrator can specify the number of lowercase, uppercase, digits, and punctuation that are required. The password strength policy can also specify the minimum length of a password. Password History The password history policy prevents users from recycling recently used passwords, and is enforced across all user accounts when users are setting their own passwords. The password history policy is enforced only when a new password is defined. Specify the number of past password values that are disallowed when setting a new password. Account Lockout The account lockout policy disables a user account when that user exceeds a specified number of failed login attempts, and is enforced across all user accounts. Administrators configure this policy to either keep the account locked until explicit administrative action is taken to unlock it, or the locked account can be automatically unlocked after a specified period. Administrators can unlock a locked account at any time. A failed login attempt counter is maintained for each user. The counters for all user accounts are reset to zero when the account lockout policy is enabled. The counter for an individual account is reset to zero when the account is unlocked after a lockout duration period expires. The Identification and authentication function is designed to satisfy the following security functional requirements: Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 50 of 60 • FIA_AFL.1: The TOE locks an account when the number of failed logon attempts exceeds an administrator specified value. The account cannot be used until it is unlocked by an administrator or after an administrator specified time period has elapsed. • FIA_ATD.1(1): The TOE maintains security attributes for administrative users. • FIA_ATD.1(2): The TOE maintains configuration information for each syslog server peer, RADIUS server peer, and LDAP server peer. This information contains and identifier for the network peer. In most cases, the TOE does not store a certificate for each peer, but instead saves a set of root-certificates belonging to trusted CA’s. If the certificate presented by a peer through TLS negotiation matches the stored network identifier and has been signed by a trusted CA, then the authentication is considered valid. • FIA_SOS.1: TOE supports several password policies that place constraints (see above) upon a user’s selection of a password. • FIA_UAU.2: The TOE offers no TSF-mediated functions until the user is authenticated. • FIA_UAU.5: The TOE provides a password-based user authentication mechanism and also permits user authentication to occur using a third-party RADIUS or LDAP Server. The order in which these authentication providers are checked is determined by an administrator. Network peers are authenticated based upon the certificates that the TOE stores for the remote entities configured as syslog, RADIUS or LDAP servers. • FIA_UID.2: The TOE offers no TSF-mediated functions until the user is identified. Administrative users are identified using user identifiers. 7.4 Security management The TOE defines the following administrative roles: • admin – can perform all administrative commands • switchAdmin – can perform administrative commands except for those related to user management and zoning configuration commands • operator – can perform administrative commands that do not affect security settings • zoneAdmin – can perform administrative commands that only affect zoning configuration • fabricAdmin – can perform administrative commands except for those related to user management • basicSwitchAdmin – can be used to monitor system activity • SecurityAdmin – can perform security-related configuration including user management and security policy configuration • Maintenance – this is a role for Brocade service personnel and is meant for maintenance and debugging purposes only. • user – can view but not change configuration settings The TOE administrative interfaces consist of an Ethernet network-based interface and a serial terminal-based interface. Ethernet interfaces use a command-line interface called the “Fabric OS Command Line Interface”. The Fabric OS Command Line Interface is reached using SSHv2 or a terminal connected to a serial port. Both network-based and terminal-based interfaces provide equivalent management functionality. The Ethernet (i.e., SSHv2) and serial terminal interfaces support the same command-line interface commands after a session has been established. The Security management function is designed to satisfy the following security functional requirements: • FMT_MSA.1: The ability to modify host bus adapters and storage devices zone membership is limited to users possessing the admin, zoneAdmin, or fabricAdmin roles. Zone membership is defined by the default zone and zone configuration. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 51 of 60 • FMT_MSA.3: By default, host bus adapters do not have access to storage devices. However, a device control policy can be used to specify alternate access permissions when new storage devices are connected to the TOE. The accounts with the admin role are allowed to specify device control policies. • FMT_MTD.1(1): The ability to query, modify, delete, and assign administrative user, network peer and TOE security attributes is limited to users possessing one of the following administrative roles: admin or SecurityAdmin. • FMT_MTD.1(2): Administrators can set their own passwords. The administrative roles admin and Security Admin may set any account’s password. • FMT_MTD.1(3): Administrators can issue commands to import a certificate for use as the TLS Switch certificate or import certificates for use as root CA certificates. • FMT_SMF.1: The TOE provides administrative interfaces to modify host bus adapters and storage device zone membership, to generate RSA Host Key pairs for use with SSH, to export SSH public keys and to import certificates for use with TLS as well as to set and reset administrator passwords. • FMT_SMR.1: The TOE maintains administrative user roles. 7.5 TOE access The IP Filter policy is a set of rules applied to the IP management interfaces as a packet filtering firewall. The IP Filter policy permits or denies traffic to go through the IP management interfaces according to the policy rules. The TOE’s password expiration policy forces expiration of a password after a configurable period of time, and is enforced across all user accounts. When a user’s password expires, that user must change the password to complete the authentication process and open a new session. Password expiration does not disable or lock out the account. The management channel is the communication established between the management workstation and the TOE. The TOE restricts user logon based upon the number of simultaneous login sessions allowed for each role when authenticated locally. The maximum number of simultaneous sessions for the admin role and all other roles is four8 (4). The TOE access function is designed to satisfy the following security functional requirements: • FTA_MCS.1: The TOE restricts a user’s concurrent sessions based upon the user’s role using the limits stated in this section. • FTA_TSE.1: The TOE restricts administrators from connecting based upon the source IP address and service (e.g., SSHv2) being used to establish the connection. The TOE also denies logon when authentication credentials have expired. 7.6 Trusted path The TOE provides a trusted path for its remote administrative users accessing the TOE via the management ethernet ports provided on the Brocade Directors and Switches using the command line interface using SSHv2. Note that local administrator access via the serial port is also allowed for command line access; however this access is protected by physical protection of the serial interface along with the TOE itself. The TOE uses TLSv1.2 as described below to protect the trusted channel between itself and external servers (i.e., syslog, LDAP and RADIUS). 8 When using RADIUS/LDAP for authentication the number of administrative sessions for each role is lifted, but due to the implementation, the TOE is still only able to support a total count of 32 sessions. This is a functional limitation, and not a security feature. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 52 of 60 The TOE implements the following protocols and cryptographic features meeting the identified standards and RFCs. Protocol or Cryptographic Algorithm Standard or RFC SSHv2 RFCs 4251, 4252 and 4253 TLS TLSv1.2 (defined by RFC 5246). AES AES as specified in ISO 18033-3, CBC as specified in ISO 10116, CTR as specified in ISO 10116, GCM as specified in ISO 19772 SHA-256, SHA-384 and SHA-512 ISO/IEC 10118-3:2004 HMAC-SHA-256, HMAC-SHA-384 and HMAC-SHA-512 FIPS 180-2; meet ISO/IEC 9797-2:2011, Section 7 'MAC Algorithm 2'. RSA FIPS PUB 186-4 and X.509v3 FIPS PUB 186-4, 'Digital Signature Standard (DSS)', Section 5.5, using PKCS #1 v2.1 Signature Schemes RSASSA-PKCS1v1_5 ECDSA FIPS PUB 186-4 and X.509v3 FIPS PUB 186-4, 'Digital Signature Standard (DSS)', Section 6 and Appendix D, Implementing 'NIST curves' P-256, P-384, P-521; ISO/IEC 14888-3, Section 6.4 Table 7-2 Protocols / Cryptographic Algorithms and Standards / RFCs The TOE utilizes certificates for TLS host authentication when TLSv1.2 is used to protect LDAP, RADIUS or Syslog communications. All certificates used by the TOE for this TLS host authentication must be imported into the TOE using the command-line interfaces. The lifetime of a key is determined solely by the frequency with which a site chooses to rekey. The private key is stored in persistent memory in the clear (the TOE will be located within controlled access facilities, which will prevent unauthorized physical access). The TOE uses the OpenSSL crypto engine to perform all cryptographic operations. There are also CLI commands to import an issuing CA’s certificate rather than individual certificates for each server. The TOE clears keys associated with TLS and SSHv2 functions from internal memory when the key is no longer needed. The lifetime of a certificate is determined by the validity period for the certificate issued by the certifying authority. The validity period of the certificate used by the TOE for TLS is left to administrative discretion. During TOE installation, RSA and ECDSA Host key pairs are generated for SSH. The RSA Host key pair is composed of a public 2048 bit key and a private 2048 bit key. The ECDSA Host key pair created during TOE installation is composed of a public 256 bit key and a private 256 bit key. These key pairs are used until the administrators choose to replace the key. ECDSA host keys regenerated by administrators is composed of a public 521 bit key and a private 521 bit key. For TLS certificates, guidance instructs the administrator to install certificates created entirely9 with: • RSA >= 2048-bit key sizes and SHA2 hashing (SHA256, SHA384 or SHA512) • ECDSA 256-bit, 384-bit or 521-bit key sizes and SHA2 hashing (SHA256, SHA384 or SHA512) TLS session keys are used as long as the session remains open. Rekeying a TLS session requires closing one session and opening another by the administrator. SSH will rekey every 900 seconds or 945MB transferred, whichever comes first. All Brocade switch products share the same underlying code base and implement a common set of cryptographic mechanisms to support trusted path. The algorithms available to support trusted path are shown in Table 7-3. The TOE zeroizes keys used in for the trusted path mechanism when the key is no longer needed. 9 That is, the same algorithm, hash and key size should be used for the certificate and for any CA key that signs the certificate. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 53 of 60 The following table correlates algorithms, key lengths and standards for the algorithms used to support SSHv2 and TLS. Algorithm Key Sizes Standards Certificate # HMAC-SHA-256 256 bit FIPS 180-2 A 2604 HMAC-SHA-384 384bit FIPS 180-2 A 2604 HMAC-SHA-512 512 bit FIPS 180-2 A 2604 AES128-CBC 128 bit FIPS 197 A 2604 AES256-CBC 256 bit FIPS 197 A 2604 AES-CTR 128, 256 bit FIPS 197 A 2604 AES-GCM 128, 256 bit FIPS 197 A 2604 TLS/AES128 128 bit FIPS 197 A 2604 RSA 2048 bit FIPS 186-4 A 2604 ECDSA P-256, P-384, P-521 FIPS 186-4 A 2604 Table 7-3 Algorithms, Key Sizes, Standards and Certificate Numbers The TOE supports SSHv2 with AES (CTR) 128 or 256 bit ciphers, AES (CBC) 128 or 256 bit ciphers and AES (GCM) 128 or 256 bit ciphers, in conjunction with HMAC-SHA2-256, and HMAC-SHA2-512 and RSA and ECDSA using the diffie-hellman-group16-sha512, ecdh-sha2-nistp256, ecdh-sha2-nistp384 and ecdh-sha2-nistp521 key exchange methods. The TOE provides TLSv1.2 and permits configuration using any of the following cipher suites: LDAP, RADIUS and SYSLOG TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289 The TOE provides SSHv2 using the following cipher suites: aes128-cbc aes256-cbc aes128-ctr aes256-ctr aes128-gcm aes256-gcm Table 7-4 Cipher Suites supported for TLS and SSHv2 The application must be configured with the same issuing CA certificate in order to build a path and to verify the switch certificate’s signature to establish the secure connection. The Trusted path function is designed to satisfy the following security functional requirements: Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 54 of 60 • FCS_CKM.1: The TOE generates 2048-bit RSA keys for use as SSH host keys. The TOE can also generate a 2048-bit or 4096-bit key for use in a CSR. These keys are generated per FIPS PUB 186-4, Appendix B.3. The TOE can also generate 521-bit ECDSA keys with curve P-521 for use as SSH host keys and 384-bit ECDSA keys with curve P-384 for use in a CSR. These ECDSA keys are generated per FIPS PUB 186-4, Appendix B.4. The TOE can import and use as part of TLS key exchange an RSA certificate with either 2048-bit or 4096- bit keys. The TOE can import and use as part of TLS key exchange an ECDSA certificate based on curves P-256, P-384, or P-521. The TOE generates keys in the context of an SSH key exchange using diffie-hellman-group16-sha512, ecdh- sha2-nistp256, ecdh-sha2-nistp384 and ecdh-sha2-nistp521 key exchange methods. • FCS_CKM.2: The TOE distributes cryptographic keys in the context of a TLS handshake that is protected by RSA or ECDSA, and in the context of negotiation of SSH symmetric session keys using Diffie-Hellman (DH) or Elliptic-Curve Diffie-Hellman (ECDH) key agreement. The TOE distribution methods meet the standards and key sizes shown in Table 6-4 Key Distribution. • FCS_CKM.4: The TOE clears keys associated with TLS and SSHv2 functions from internal memory when the key is no longer needed. • FCS_CKM_EXT.5: The TOE derives keys for SSH and TLS sessions using the algorithms and key sizes shown in Table 6-5 SSH and TLS Key Agreement / Derivation while meeting the standards show in this table. • FCS_COP.1(1): The TOE supports encryption and decryption of data using AES CBC, AES CTR and AES GCM algorithms, with key sizes of either 128 or 256 bits in the context of TLS and SSH using the ciphers identified in Table 7-4. • FCS_COP.1(2): The TOE supports cryptographic hashing using SHA-256, SHA-384 and SHA-512, with key sizes of 256, 384 and 512 that meet ISO/IEC 10118-3:2004. • FCS_COP.1(3): The TOE supports keyed-hash message authentication using HMAC-SHA-256, HMAC- SHA-384 and HMAC-SHA-512, with 256, 384 or 512 keys that meet ISO/IEC 9797-2:2011, Section 7 'MAC Algorithm 2'. • FCS_COP.1(4): The TOE supports RSA signature generation and signature verification using 2048-bit signatures that meet FIPS PUB 186-4, ‘Digital Signature Standard (DSS)’, Section 5.5, using PKCS #1 v2.1 Signature Schemes RSASSA-PSS. • FCS_COP.1(5): The TOE supports ECDSA signature generation and signature verification with key sizes 256, 384 and 521, while using curves P-256, P-384 and P-521. These operations meet FIPS PUB 186-4, 'Digital Signature Standard (DSS)', Section 6 and Appendix D, Implementing 'NIST curves' P-256, P-384, P-521; ISO/IEC 14888-3, Section 6.4. • FCS_RNG_EXT.1: A deterministic random number generator is implemented by the TSF. This RNG satisfies CTR_DRBG (AES) 256-bit DRNG and is used by OpenSSL for all random numbers needed for key generation supporting TLSv1.2. This same deterministic random number generator is used for all random numbers needed for key generation supporting SSHv2. The TOE uses an SP 800-90A AES-256 CTR_DRBG. AES-256 is used in conjunction with a minimum of 256 bits of entropy accumulated from CPU jitter. • FTP_ITC.1: The TOE uses TLSv1.2 to provide protected communication pathways between the TOE and network peers that are providing Syslog, RADIUS and LDAP services. During TLS negotiation with a syslog, LDAP or RADIUS server, the TOE authenticates itself to the syslog server by presenting a certificate • FTP_TRP.1: The TOE uses SSHv2 to provide a trusted path to its terminal-based management interfaces to protect the communication from disclosure and modification. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 55 of 60 7.7 Cryptographic Mechanism Documentation The TOE maintains a security domain using appliance hardware. The use of a hardware appliance protects the TOE from external physical interference or tampering, including providing separate physical interfaces to separate hosts and storage devices. The TOE also relies upon being properly configured by administrators in accordance with the Common Criteria specific configuration guidance in Brocade® Fabric OS® Common Criteria EAL2 User Guide, 9.1.1b8 Fabric OS. The TOE does not encrypt data written to or read from storage devices by host bus adapters. The TOE relies instead on the environment to physically protect the network between the HBA and the TOE, and between the TOE and the storage device. Separate appliance ports are relied on to physically separate connected HBAs. The appliance’s physical location between HBAs and storage devices is relied on to ensure TOE interfaces cannot be bypassed. The TOE does encrypt commands sent from terminal applications by administrators using SSHv2. Further, TOE requires administrators to login after an SSHv2 connection has been established. Administrators cannot bypass TOE functions because they are required to log in before the requested operation is allowed. When an administrator attempts to login using SSHv2, the SSH Host Key is used to authenticate the host and generate the session keys that are presented to the calling application in the environment and is used to encrypt/decrypt traffic. The application must be configured with the same issuing CA certificate in order to build a path and to verify the switch certificate’s signature to establish the secure connection. The TOE utilizes the reliable time stamp values obtained from the Brocade Directors and Switches hardware appliances. Table listed below captures the cryptographic mechanisms (algorithms and communication protocols). # Purpose Cryptographic Mechanism Standard of Implementation Key Size in Bits Standard of Application Comments 1 Authenticity RSA signature generation / verification for TLS RSASSA-PKCS1- v1_5 SHA256, SHA384, SHA512 [PKCS#1 v2.1], [FIPS180-4] (SHA), [RFC5246] (TLS v1.2) modulus length = 2048, 4096 bit TLSv1.2 (RADIUS, LDAP, Syslog), FCS_COP.1(4).1 2 ECDSA signature generation / verification using curve P- 256, P-384, P- 521 for TLS SHA256, SHA384, SHA512 [FIPS186-4] (ECDSA), [FIPS180-4] (SHA), [RFC5289] (TLS v1.2) curve length = 256, 384, 521 TLSv1.2 (RADIUS, LDAP, Syslog), FCS_COP.1(5).1 Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 56 of 60 # Purpose Cryptographic Mechanism Standard of Implementation Key Size in Bits Standard of Application Comments 3 RSA signature generation / verification for SSH RSASSA-PKCS1- v1_5 (Authentication of SSH Host) [PKCS#1 v2.1], [FIPS180-4] (SHA), [RFC4252] (SSH- AUTH) modulus length = 2048 bit SSH FCS_COP.1(4).1 4 ECDSA signature generation / verification using curve P- 521 for SSH (Authentication of SSH Host) [FIPS186-4] (ECDSA), [FIPS180-4] (SHA) [RFC5656] (ECC for SSH) curve length = 521 SSH FCS_COP.1(5).1 5 Authentication based on user name and password for SSH ch. 5 of [RFC4252] (SSH- AUTH) Guess success probability ε ≤ 10-8 SSH FCS_COP.1(3).1 6 Key Agreement Diffie-Hellman key agreement for SSH (Diffie- Hellman- group16- sha512) DH KEX with Diffie-Hellman- group16-sha512 MODP from [RFC8268], SSH v2.0 KEX from [RFC8268] plength = 4096 SSH FCS_CKM.2.1, FCS_CKM_EXT.5 7 ECDH key agreement for SSH (ecdh- sha2-nistp256, ecdh-sha2- nistp384, ecdh- sha2-nistp521) DH ([HaC]) curve length = 256,384,52 1 SSH FCS_CKM.2.1, FCS_CKM_EXT.5 9 encrypted exchange of pre-master secret for TLS TLS_ECDHE ECDHE (TLS_ECDHE) from [RFC5289] (TLS v1.2) curve length = 256, 384, 521 TLSv1.2 (RADIUS, LDAP, syslog) FCS_CKM.2.1, FCS_CKM_EXT.5 Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 57 of 60 # Purpose Cryptographic Mechanism Standard of Implementation Key Size in Bits Standard of Application Comments 10 HMAC value generation for TLS (PRF) HMAC with SHA-256, SHA- 384 [FIPS180-4] (SHA), [RFC2104] (HMAC), [RFC5246] (TLS v1.2) 256 bit and 384 bit TLSv1.2 (RADIUS, LDAP, syslog) FCS_CKM_EXT.5 Pseudo-Random-Function (PRF) for key derivation tls_prf_sha256 tls_prf_sha384 11 Integrity HMAC value generation and verification for SSH HMAC with SHA-256, SHA- 512 [FIPS180-4] (SHA), [RFC2104] (HMAC), [RFC4253] (SSH v2.0), [RFC6668] (SHA- 2 for SSH) 256 bit and 512 bit SSH FCS_COP.1(2).1 SHA-256, SHA-384, SHA-512 FCS_COP.1(3).1 hmac-sha2-256 hmac-sha2-512 12 HMAC value generation and verification for TLS HMAC with SHA-256, SHA- 384 [FIPS180-4] (SHA), [RFC2104] (HMAC), [RFC5246] (TLS v1.2) 256 bit, and 384 bit TLSv1.2 (RADIUS, LDAP, syslog) FCS_COP.1(2).1 FCS_COP.1(3).1 13 Confidentiality symmetric encryption and decryption for SSH AES in CBC mode AES in CTR mode AES in GCM mode [FIPS-197] (AES), [SP 800-38A] (CBC), [SP 800- 38A] (CTR), [SP 800-38A] (GCM), [RFC4253] (SSH v2.0) 128 bit and 256 bit SSH FCS_COP.1(1).1 aes128-cbc aes256-cbc aes128-ctr aes256-ctr aes128-gcm aes256-gcm 14 symmetric encryption and decryption for TLS AES in CBC mode AES in GCM mode [FIPS-197] (AES), [SP 800-38A] (CBC), [SP 800- 38D] (GCM), [RFC5246] (TLS v1.2) 128 bit and 256 bit TLSv1.2 (RADIUS, LDAP, syslog) FCS_COP.1(1).1 Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 58 of 60 # Purpose Cryptographic Mechanism Standard of Implementation Key Size in Bits Standard of Application Comments 15 Trusted Channel SSHv2 [RFC4253] - SSH FTP_ITC.1, FCS_COP.1(1).1 using the cipher suites aes128-cbc aes256-cbc aes128-ctr aes256-ctr aes128-gcm aes256-gcm 16 TLS v1.210 [RFC5246] - TLSv1.2 (RADIUS, LDAP, Syslog), FTP_ITC.1, FCS_COP.1(*) using the cipher suites TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SH A256 (number C023) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SH A384 (number C024) TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SH A256 (number C02B) TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SH A384 (number C02C) TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA2 56 (number C02F) TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA3 84 (number C030) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA2 56 (number C027) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA3 84 (number C028) 17 Cryptographic Primitive Deterministic RNG DRG.2 w/ 384-bit seed AIS 20/31 RNG DRG.2 - TLSv1.2 (RADIUS, LDAP, Syslog), SSH FCS_RNG_EXT.1 Table 7-5 The cryptographic mechanisms (algorithms and communication protocols) 7.8 TOE Assurance Measures The assurance measures provided by Brocade to meet the TOE Security Assurance Requirements defined within section 6.3 are identified in the following table. 10 TLS v1.2 is using STARTTLS. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 59 of 60 SAR Assurance Measure ADV_ARC.1 The architecture is described in the document entitled, “Fabric OS running on Brocade Directors and Switches Security Architecture Document”. This document describes the protection functionality provide by the TOE and the operational environment in which the TOE is intended to operate. In addition the initialization process for the TOE is described. ADV_FSP.2 The functional specification, which described all TSFI, for the TOE is described in the document entitled, “Fabric OS running on Brocade Directors and Switches Functional Specification”. This document also traces functional specification to SFRs. ADV_TDS.1 The TOE design specification is contained within the document entitled, “Fabric OS running on Brocade Directors and Switches TOE Design Specification”. This document describes the TOE structure. AGD_OPE.1 A number of documents exist that provide operational guidance for the TOE system administrators. This includes guides that identify and explain the administration commands and parameters. These documents are enumerated in section 1.4.2. AGD_PRE.1 A guide describing preparative procedures for configuring the TOE in a manner that is consistent with this Security Target is available. This preparative document is identified in section 1.4.2. ALC_CMC.2 ALC_CMS.2 ALC_FLR.2 Brocade provided the document entitled, “Brocade Configuration Management Plan”. This document identifies the TOE and describes the configuration management system used by Brocade to tracks hardware, software and document development. This document also contains a configuration item list. A chapter within this document is dedicated to bug tracking and resolution. ALC_DEL.1 The TOE and the hardware platforms identified in this Security Target are delivered through sales channels controlled by Brocade. The TOE software is preinstalled upon the hardware. ATE_COV.1 Brocade provided a test plan describing test cases that exercise the TOE security features described throughout this Security Target. ATE_FUN.1 Testing has been performed upon the TOE as described in this Security Target. The tests and test results are documented and provided to the evaluation team. ATE_IND.2 All of the required resources to perform the tests will be provided to the evaluation facility to perform testing. The evaluation facility will perform and document the tests they have created and performed as part of the evaluation technical report for testing. Due to the complexity of the test environment, testing will be performed using equipment at Brocade facilities. AVA_VAN.2 Brocade provided equipment for testing and vulnerability analysis in support of the evaluation team’s testing effort. Table 7-6 The Security Assurance Requirements Measures 7.9 TOE Summary Specification Rationale Each subsection in Section 7, the TOE Summary Specification, describes a security function of the TOE. Each description is followed with rationale that indicates which requirements are satisfied by aspects of the corresponding security function. The set of security functions work together to satisfy all of the security functions and assurance requirements. Furthermore, all of the security functions are necessary in order for the TSF to provide the required security functionality. Brocade Fabric OS Version 9.1.1b8 running on Version 1.7, August 31, 2025 Brocade Directors and Switches Security Target Page 60 of 60 This Section in conjunction with Section 6, the TOE Summary Specification, provides evidence that the security functions are suitable to meet the TOE security requirements. The collection of security functions work together to provide all of the security requirements. The security functions described in the TOE summary specification are all necessary for the required security functionality in the TSF. Table 7-7 Security Functions vs. Requirements Mapping demonstrates the relationship between security requirements and security functions. Security audit User data protection Identification and authentication Security management TOE access Trusted path FAU_GEN.1 X FCS_CKM.1 X FCS_CKM.2 X FCS_CKM.4 X FCS_COP.1(1) X FCS_COP.1(2) X FCS_COP.1(3) X FCS_COP.1(4) X FCS_COP.1(5) X FCS_CKM_EXT.5 X FCS_RNG_EXT.1 X FDP_ACC.1 X FDP_ACF.1 X FIA_AFL.1 X FIA_ATD.1(1) X FIA_ATD.1(2) X FIA_SOS.1 X FIA_UAU.2 X FIA_UAU.5 X FIA_UID.2 X FMT_MSA.1 X FMT_MSA.3 X FMT_MTD.1 X FMT_MTD.1(2) X FMT_SMF.1 X FMT_SMR.1 X FTA_MCS.1 X FTA_TSE.1 X FTP_ITC.1 X FTP_TRP.1 X Table 7-7 Security Functions vs. Requirements Mapping