National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report for Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches Report Number: CCEVS-VR-VID10567-2014 Dated: December 5, 2014 Version: 1.0 National Institute of Standards and Technology National Security Agency Information Technology Laboratory Information Assurance Directorate 100 Bureau Drive 9800 Savage Road STE 6940 Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6940 ® TM VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches ii Table of Contents 1 Executive Summary.............................................................................................................1 2 Identification........................................................................................................................4 2.1 Threats.........................................................................................................................5 2.2 Organizational Security Policies.................................................................................5 3 Architectural Information ....................................................................................................6 4 Assumptions.........................................................................................................................8 4.1 Clarification of Scope .................................................................................................8 5 Security Policy.....................................................................................................................9 5.1 Security Audit.............................................................................................................9 5.2 Cryptographic Support................................................................................................9 5.3 User Data Protection...................................................................................................9 5.4 Identification and Authentication ...............................................................................9 5.5 Security Management .................................................................................................9 5.6 Protection of the TSF..................................................................................................9 5.7 TOE Access ..............................................................................................................10 5.8 Trusted Path/Channels ..............................................................................................10 6 Documentation...................................................................................................................11 7 Independent Testing...........................................................................................................14 8 Evaluated Configuration....................................................................................................15 9 Results of the Evaluation ...................................................................................................16 10 Validator Comments/Recommendations ...........................................................................17 11 Annexes 18 12 Security Target...................................................................................................................19 13 Abbreviations and Acronyms ............................................................................................20 14 Bibliography ......................................................................................................................21 VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 1 List of Tables Table 1: Evaluation Details............................................................................................................. 2 Table 2: ST and TOE Identification................................................................................................ 4 VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 1 1 Executive Summary This report is intended to assist the end-user of this product and any security certification agent for that end-user in determining the suitability of this Information Technology (IT) product in their environment. End-users should review the Security Target (ST), which is where specific security claims are made, in conjunction with this Validation Report (VR), which describes how those security claims were evaluated and tested and any restrictions on the evaluated configuration. Prospective users should read carefully the Assumptions and Clarification of Scope in Section 4 and the Validator Comments in Section 10, where any restrictions on the evaluated configuration are highlighted. This report documents the National Information Assurance Partnership (NIAP) assessment of the evaluation Hewlett-Packard (HP) Company 5900 Series, and 5920 Series both running Comware V7.1.045 Release 2311 P03, HP 10500 Series running Comware V7.1.045 Release 2111 P05, and HP 12500 Series Switches running Comware 7.1.045, Release 7328 P03. It presents the evaluation results, their justifications, and the conformance results. This VR is not an endorsement of the Target of Evaluation (TOE) by any agency of the U.S. Government and no warranty of the TOE is either expressed or implied. This VR applies only to the specific version and configuration of the product as evaluated and as documented in the ST. The evaluation of Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches was performed by Leidos (formerly Science Applications International Corporation (SAIC)) Common Criteria Testing Laboratory (CCTL) in Columbia, Maryland, in the United States and was completed in December 2014. The evaluation was conducted in accordance with the requirements of the Common Criteria and Common Methodology for IT Security Evaluation (CEM), version 3.1, revision 4 and assurance activities specified in Protection Profile for Network Devices, Version 1.1, 8 June 2012 and Security Requirements for Network Devices Errata #2. The evaluation was consistent with NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) policies and practices as described on their web site (www.niap-ccevs.org). The Leidos evaluation team determined that Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches is conformant to the claimed Protection Profile (PP) and, when installed, configured and operated as specified in the evaluated guidance documentation, satisfies all of the security functional requirements stated in the ST. The information in this VR is largely derived from the Assurance Activities Report (AAR) and associated test report produced by the Leidos evaluation team. The TOE is a hardware and software solution that consists of the Hewlett-Packard (HP) Company 5900 Series, and 5920 Series both running Comware V7.1.045 Release 2311 P03, HP 10500 Series running Comware V7.1.045 Release 2111 P05, and HP 12500 Series Switches running Comware 7.1.045, Release 7328 P03. The network on which it resides is considered part of the operational environment. Product Series Specific Devices HP 5900 HP 5900AF-48XG-4QSFP+ Switch HP 5900AF-48XGT-4QSFP+ Switch HP 5900AF-48G-4XG-2QSFP+ Switch HP 5920 HP 5920AF-24XG Switch VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 2 Product Series Specific Devices HP 10500 Series Chassis’ with HP 10500 Type A Main Processing Unit with Comware v7 Operating System (JG496A) HP 10504 Switch Chassis HP 10508 Switch Chassis HP 10508-V Switch Chassis HP 10512 Switch Chassis HP 12500 Series Chassis’ with HP 12500 Type A Main Processing Unit with Comware v7 Operating System (JG497A) HP 12504 (AC) Switch Chassis HP 12504 (DC) Switch Chassis HP 12508 (AC) Switch Chassis HP 12508 (DC) Switch Chassis HP 12518 (AC) Switch Chassis HP 12518 (DC) Switch Chassis The validation team monitored the activities of the evaluation team, examined evaluation evidence, provided guidance on technical issues and evaluation processes, and reviewed the evaluation results produced by the evaluation team. The validation team found that the evaluation results showed that all assurance activities specified in the claimed PPs had been completed successfully and that the product satisfies all of the security functional and assurance requirements stated in the ST. Therefore the validation team concludes that the testing laboratory’s findings are accurate, the conclusions justified, and the conformance results are correct. The conclusions of the testing laboratory in the evaluation technical report are consistent with the evidence produced. Table 1: Evaluation Details Item Identifier Evaluated Product Hewlett-Packard (HP) Company 5900 Series and 5920 Series both running Comware V7.1.045 Release 2311 P03, HP 10500 Series running Comware V7.1.045 Release 2111 P05, and HP 12500 Series Switches running Comware 7.1.045, Release 7328 P03. Sponsor & Developer Hewlett-Packard Development Company, L.P. 11445 Compaq Center Drive West Houston, Texas 77070 CCTL Leidos (formerly SAIC) Common Criteria Testing Laboratory 6841 Benjamin Franklin Drive Columbia, MD 21046 Completion Date December 2014 CC Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 4, September 2012 Interpretations There were no applicable interpretations used for this evaluation. VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 3 Item Identifier CEM Common Methodology for Information Technology Security Evaluation: Version 3.1, Revision 4, September 2012 PP Protection Profile for Network Devices, Version 1.1, 8 June 2012 Security Requirements for Network Devices Errata #2, 13 January 2013 Evaluation Class None Disclaimer The information contained in this Validation Report is not an endorsement of the Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches by any agency of the U.S. Government and no warranty of Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches is either expressed or implied. Evaluation Personnel Katie Sykes Chris Keenan Pascal Patin Greg Beaver Validation Personnel Patrick Mallett, PHD Jerome Myers, PHD VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 4 2 Identification The CCEVS is a joint National Security Agency (NSA) and National Institute of Standards and Technology (NIST) effort to establish commercial facilities to perform trusted product evaluations. Under this program, security evaluations are conducted by commercial testing laboratories called Common Criteria Testing Laboratories (CCTLs) in accordance with National Voluntary Laboratory Assessment Program (NVLAP) accreditation. The NIAP Validation Body assigns Validators to monitor the CCTLs to ensure quality and consistency across evaluations. Developers of information technology products desiring a security evaluation contract with a CCTL and pay a fee for their product’s evaluation. Upon successful completion of the evaluation, the product is added to NIAP’s Product Compliant List (PCL). The following table identifies the evaluated Security Target and TOE. Table 2: ST and TOE Identification Name Description ST Title Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches Security Target ST Version 1.0 Publication Date October 28, 2014 Vendor Hewlett-Packard Company ST Author Leidos (formerly SAIC) TOE Reference Hewlett-Packard (HP) Company 5900 Series and 5920 Series both running Comware V7.1.045 Release 2311 P03, HP 10500 Series running Comware V7.1.045 Release 2111 P05, and HP 12500 Series Switches running Comware 7.1.045, Release 7328 P03. TOE Hardware Models HP 5900AF-48XG-4QSFP+ Switch HP 5900AF-48XGT-4QSFP+ Switch HP 5900AF-48G-4XG-2QSFP+ Switch HP 5920AF-24XG Switch HP 10504 Switch Chassis HP 10508 Switch Chassis HP 10508-V Switch Chassis HP 10512 Switch Chassis HP 12504 (AC) Switch Chassis HP 12504 (DC) Switch Chassis HP 12508 (AC) Switch Chassis HP 12508 (DC) Switch Chassis HP 12518 (AC) Switch Chassis HP 12518 (DC) Switch Chassis TOE Software Version Comware V7.1.045 Release 2311 P03 (5900 Series and 5920 Series), Comware V7.1.045 Release 2111 P05 (10500 Series) Comware 7.1.045, Release 7328 P03(12500 Series) Keywords Switch, Layer 2, Layer 3 VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 5 2.1 Threats The ST identifies the following threats that the TOE and its operational environment are intended to counter: • An administrator may unintentionally install or configure the TOE incorrectly, resulting in ineffective security mechanisms. • Security mechanisms of the TOE may fail, leading to a compromise of the TSF. • A user may gain unauthorized access to the TOE data and TOE executable code. A malicious user, process, or external IT entity may masquerade as an authorized entity in order to gain unauthorized access to data or TOE resources. A malicious user, process, or external IT entity may misrepresent itself as the TOE to obtain identification and authentication data. • A malicious party attempts to supply the end user with an update to the product that may compromise the security features of the TOE. • Malicious remote users or external IT entities may take actions that adversely affect the security of the TOE. These actions may remain undetected and thus their effects cannot be effectively mitigated. • User data may be inadvertently sent to a destination not intended by the original sender. 2.2 Organizational Security Policies The ST identifies the following organizational security policy that the TOE and its operational environment are intended to fulfill: • The TOE shall display an initial banner describing restrictions of use, legal agreements, or any other appropriate information to which users consent by accessing the TOE. VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 6 3 Architectural Information The Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches comprising the TOE share a common software code base, called Comware. Comware is special purpose appliance system software that implements various networking technologies, including: IPv4/IPv6 dual- stacks; a data link layer; layer 2 and 3 routing; Ethernet switching; VLANs; IRF routing; and Quality of Service (QoS). The evaluated version of Comware is V7.1. It should be noted that although Comware can run on a variety of underlying architectures but the only underlying architecture evaluated is Linux. Comware V7.1 implements full modularization and multi-process applications, and provides the following benefits: • Full modularization—Brings improvements in system availability, virtualization, multi-core multi-CPU applications, distributed computing, and dynamic loading and upgrading. • Openness—Comware V7.1 is a generic, open system based on Linux. • Improved operations—Comware V7.1 improves some detailed operations. For example, it uses preemptive scheduling to improve real-time performance. Comware V7.1 optimizes the following functions: • Virtualization—Supports N:1 virtualization. • In Service Support Updates (ISSU)—Supports ISSU for line cards. • Auxiliary CPU and OAA—Improves scalability for devices. In addition, Comware V7.1 supports new technologies for data centers, including TRILL and EVB. Comware V7.1 comprises four planes: management; control; data; and infrastructure. Figure 1: Comware V7.1 Architecture • Infrastructure—the infrastructure plane provides basic Linux services and Comware support functions. Basic Linux services comprise basic Linux functions, C language library functions, VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 7 data structure operations, and standard algorithms. Comware support functions provide software and service infrastructure for Comware processes, including all basic functions. • Data—the data plane provides data forwarding for local packets and received IPv4 and IPv6 packets at different layers. • Control—the control plane comprises all routing, signaling, and control protocols, such as MPLS, OSPF, and security control protocols. It generates forwarding tables for the data plane. • Management—the management plane provides a management interface for operators to configure, monitor, and manage Comware V7.1. The management interface comprises a Command Line Interface (CLI) accessed using SSH. The Comware V7.1 software is further decomposed into subsystems designed to implement applicable functions. For example, there are subsystems dedicated to the security management interface. There are also subsystems dedicated to the IPv4 and IPv6 network stacks as well as the applicable network protocols and forwarding, routing, etc. From a security perspective, the TOE implements NIST-validated cryptographic algorithms that support the IPsec and SSH protocols as well as digital signature services that support the secure update capabilities of the TOE. Otherwise, the TOE implements various network switching protocols and functions. The various TOE devices include the same security functions. The salient differences between the devices are the available ports and port adapters, primarily representing differences in numbers, types, and speeds of available network connections. VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 8 4 Assumptions The ST identifies the following assumptions about the use of the product: • It is assumed that there are no general-purpose computing capabilities (e.g., compilers or user applications) available on the TOE, other than those services necessary for the operation, administration and support of the TOE. • Physical security, commensurate with the value of the TOE and the data it contains, is assumed to be provided by the environment. • TOE Administrators are trusted to follow and apply all administrator guidance in a trusted manner. 4.1 Clarification of Scope All evaluations (and all products) have limitations, as well as potential misconceptions that need clarifying. This text covers some of the more important limitations and clarifications of this evaluation. Note that: 1. As with any evaluation, this evaluation only shows that the evaluated configuration meets the security claims made, with a certain level of assurance (the assurance activities specified in the claimed PPs and performed by the evaluation team). 2. This evaluation covers only the specific device models and software version identified in this document, and not any earlier or later versions released or in process. 3. The evaluation of security functionality of the product was limited to the functionality specified in the claimed PPs. Any additional security related functional capabilities of the product were not covered by this evaluation. 4. This evaluation did not specifically search for, nor attempt to exploit, vulnerabilities that were not “obvious” or vulnerabilities to objectives not claimed in the ST. The CEM defines an “obvious” vulnerability as one that is easily exploited with a minimum of understanding of the TOE, technical sophistication and resources. 5. The following specific product capabilities are excluded from use in the evaluated configuration: a. Non-FIPS 140-2 mode of operation—this mode of operation allows cryptographic operations that are not FIPS-approved 6. The TOE can be configured to rely on and utilize a number of other components in its operational environment: a. Syslog server—to receive audit records when the TOE is configured to deliver them to an external log server. b. RADIUS and TACACS servers—the TOE can be configured to use external authentication servers. c. Management Workstation—the TOE supports remote access to the CLI over SSHv2. As such, an administrator requires an SSHv2 client to access the CLI remotely. VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 9 5 Security Policy The TOE enforces the following security policies as described in the ST. Note: Much of the description of the security policy has been derived from the ST and the Final ETR. 5.1 Security Audit The TOE is able to generate audit records of security relevant events. The TOE can be configured to store the audit records locally so they can be accessed by an administrator or alternately to send the audit records to a designated log server. 5.2 Cryptographic Support The TOE includes NIST-validated cryptographic mechanisms that provide key management, random bit generation, encryption/decryption, digital signature and secure hashing and key-hashing features in support of higher level cryptographic protocols, including IPsec and SSHv2. Note that to be in the evaluated configuration, the TOE must be configured in FIPS mode, which ensures the TOE’s configuration is consistent with the FIPS 140-2 standard. 5.3 User Data Protection The TOE performs network switching and routing functions, passing network traffic among its various physical and logical (e.g., VLAN) network connections. While implementing applicable network protocols associated with network traffic forwarding, the TOE is designed to ensure that it does not inadvertently reuse data found in network traffic. 5.4 Identification and Authentication The TOE requires users (i.e., administrators) to be successfully identified and authenticated before they can access any security management functions available in the TOE. The TOE offers both a locally connected console and a network accessible interface (SSHv2) for interactive administrator sessions. The TOE supports the local (i.e., on device) definition of administrators with usernames and passwords. Additionally, the TOE can be configured to use the services of trusted RADIUS and TACACS servers in the operational environment to support, for example, centralized user administration. 5.5 Security Management The TOE provides a CLI to access its security management functions. Security management commands are limited to administrators and are available only after they have provided acceptable user identification and authentication data to the TOE. 5.6 Protection of the TSF The TOE implements a number of features designed to protect itself to ensure the reliability and integrity of its security features. It protects particularly sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for log accountability). The TOE uses cryptographic means to protect communication with remote administrators. When the TOE is configured to use the services of a Syslog server or authentication servers in the operational VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 10 environment, the communication between the TOE and the operational environment component is protected using encryption. The TOE includes functions to perform self-tests so that it might detect when it is failing. It also includes mechanisms so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE. 5.7 TOE Access The TOE can be configured to display an informative banner that will appear prior to authentication when accessing the TOE via the console or SSH interfaces. The TOE subsequently will enforce an administrator-defined inactivity timeout value after which the inactive session will be terminated. 5.8 Trusted Path/Channels The TOE protects interactive communication with administrators using SSHv2 for CLI access. Using SSHv2, both integrity and disclosure protection is ensured. The TOE protects communication with external IT entities, including audit and authentication servers, using IPsec connections, which prevent unintended disclosure or modification of data. VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 11 6 Documentation There are numerous documents that provide information and guidance for the deployment of the TOE. In particular, the following Common Criteria specific guides reference the security-related guidance material for all devices in the evaluated configuration: Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches Security Target, Version 1.0, 28 October 2014 Preparative Procedures for CC NDPP Evaluated Hewlett-Packard 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches on Comware V7, V1.06, dated 12/2/2014 Command Reference for CC Supplement, Revision 1.2, dated 10/14/2014 Configuration Guide for CC Supplement, Revision 1.3, dated 10/14/2014 Comware V7.1 Platform System Log Messages, Revision .25, dated 4/21/2014. The links in Appendix A for the Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches Security Target can be used to find the full set of documentation for the evaluated switch series. The following documents were specifically examined during the evaluation: • ACL and QoS Command Reference • ACL and QoS Configuration Guide • Fundamentals Command Reference • Fundamentals Configuration Guide • High Availability Command Reference • High Availability Configuration Guide • Installation Guide • IP Multicast Command Reference • IP Multicast Configuration Guide • IRF Command Reference • IRF Configuration Guide • Layer-2 LAN Switching Command Reference • Layer-2 LAN Switching Configuration Guide • Layer-3 IP Routing Command Reference • Layer-3 IP Routing Configuration Guide • Layer-3 IP Services Command Reference • Layer-3 IP Services Configuration Guide • Network Management and Monitoring Command Reference • Network Management and Monitoring Configuration Guide • Security Command Reference • Security Configuration Guide VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 12 On-line documentation for the TOE devices can be found via the following URLs: 5900/5920 Switch Series The following documents for the 5900/5920 Switch series can be found under the General Reference section of the 5900 Switch Series documentation page on the HP Web site. The link is provided below. • R2307-HP 5900 Security Command Reference, 17 Jan 2014 • R2307-HP 5900 Fundamentals Command Reference 17 Jan 2014 • R2307-HP 5900 ACL and QoS Command Reference, 17 Jan 2014 • R2307-HP 5900 Layer-3 IP Services Command Reference, 17 Jan 2014 The following documents for the 5900/5920 Switch series can be found under the Setup and Install section of the 5900 Switch Series documentation page on the HP Web site. The link is provided below. • R2307-HP 5900 Security Configuration Guide, 17 Jan 2014 • R2307-HP 5900 Fundamentals Configuration Guide, 17 Jan 2014 • R2307-HP 5900 Network Management and Monitoring Configuration Guide, 17 Jan 2014 • HP 5900/5920 Switch Series Installation Guide, 12 Feb 2014 http://h20566.www2.hp.com/portal/site/hpsc/public/psi/home/?sp4ts.oid=5221896#manuals 10500 Switch Series The following documents for the 10500 Switch series can be found under the General Reference section of the 10500 Switch Series documentation page on the HP Web site. The link is provided below. • R211x-HP 10500 Switch Series Security Command Reference, 17 Aug 2014 • R211x-HP 10500 Switch Series Fundamentals Command Reference, 17 Aug 2014 • R211x-HP 10500 Switch Series ACL and QoS Command Reference, 17 Aug 2014 • R211x-HP 10500 Switch Series Layer-3 IP Services Command Reference, 17 Aug 2014 The following documents for the 10500 Switch series can be found under the Setup and Install section of the 10500 Switch Series documentation page on the HP Web site. The link is provided below. • R211x-HP 10500 Switch Series Security Configuration Guide, 18 Aug 2014 • R211x-HP 10500 Switch Series Fundamentals Configuration Guide, 18 Aug 2014 • R211x-HP 10500 Switch Series Network Management and Monitoring Configuration Guide, 18 Aug 2014 • HP 10500 Switch Series Installation Guide, 20 Aug 2014 http://h20566.www2.hp.com/portal/site/hpsc/public/psi/home/?sp4ts.oid=5117468#manuals 12500 Switch Series The following documents for the 12500 Switch series can be found under the General Reference section of the 12500 Switch Series documentation page on the HP Web site. The link is provided below. • R1825P01-HP 12500 Switch Series Security Command Reference, 2 Apr 2013 VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 13 • R1825P01-HP 12500 Switch Series Fundamentals Command Reference 2 Apr 2013 • R1825P01-HP 12500 Switch Series ACL and QoS Command Reference, 2 Apr 2013 • R1825P01-HP 12500 Switch Series Layer-3 IP Services Command Reference, 2 Apr 2013 The following documents for the 12500 Switch series can be found under the Setup and Install section of the 12500 Switch Series documentation page on the HP Web site. The link is provided below. • R1825P01-HP 12500 Switch Series Security Configuration Guide, 2 Apr 2013 • R1825P01-HP 12500 Switch Series Fundamentals Configuration Guide, 2 Apr 2013 • R7128-HP 12500 Switch Series Network Management and Monitoring Configuration Guide, 30 Nov 2012 • HP FlexFabric 12500E Switch Series Installation Guide, 25 Sep 2014 http://h20566.www2.hp.com/portal/site/hpsc/public/psi/manualsResults/?sp4ts.oid=4177453&ac.admitted =1413205932488.876444892.199480143 Supporting TOE Guidance Documentation Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches Security Target, Version 1.0, 28 October 2014 VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 14 7 Independent Testing This section describes the testing efforts of the evaluation team. It is derived from information contained in the following: • Evaluation Team Test Report for Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches, Version 2.0, December 11, 2014 The purpose of this activity was to confirm the TOE behaves in accordance with the TOE security functional requirements as specified in the ST for a product claiming conformance to Protection Profile for Network Devices, Version 1.1, 8 June 2012 and Security Requirements for Network Devices Errata #2. The evaluation team devised a Test Plan based on the Testing Assurance Activities specified in NDPPv1.1 and Security Requirements for Network Devices Errata #2. The Test Plan described how each test activity was to be instantiated within the TOE test environment. The evaluation team executed the tests specified in the Test Plan and documented the results in the team test report listed above. Independent testing took place at the developer facility and via Virtual Rooms in four separate sessions. Testing took place in four sessions: • Session 1: August 18-22, 2014 at the Hewlett Packard facility in Boston, MA. August 2014 at Leidos facility in Columbia MD • Session 2: September 29 – October 3, 2014 at the Hewlett Packard facility in Boston, MA • Session 3: October 2014 at the Leidos facility in Columbia, MD • Session 4: October 2014 –Virtual Rooms The evaluators received the TOE in the form that normal customers would receive it, installed and configured the TOE in accordance with the provided guidance, and exercised the Team Test Plan on equipment configured in the testing laboratory. Given the complete set of test results from the test procedures exercised by the evaluators, the testing requirements for NDPPv1.1 and Security Requirements for Network Devices Errata #2 are fulfilled. VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 15 8 Evaluated Configuration The evaluated version of the TOE is Hewlett-Packard Company 5900 Series, and 5920 Series both running Comware V7.1.045 Release 2311 P03, 10500 Series running Comware V7.1.045 Release 2111 P05, and 12500 Series Switches running Comware 7.1.045, Release 7328 P03, as installed and configured according to the Preparative Procedures for CC NDPP Evaluated Hewlett-Packard 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches on Comware V7 as well as the supporting guidance documentation identified in Section 6. VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 16 9 Results of the Evaluation The evaluation was conducted based upon the assurance activities specified in Protection Profile for Network Devices, Version 1.1, 8 June 2012 and Security Requirements for Network Devices Errata #2, in conjunction with version 3.1, revision 4 of the CC and the CEM. A verdict for an assurance component is determined by the resulting verdicts assigned to the corresponding evaluator action elements. The validation team’s assessment of the evidence provided by the evaluation team is that it demonstrates that the evaluation team performed the assurance activities in the claimed PPs, and correctly verified that the product meets the claims in the ST. The details of the evaluation are recorded in the Evaluation Technical Report (ETR), which is controlled by the Leidos CCTL. The security assurance requirements are listed in the following table. Table 4: TOE Security Assurance Requirements Assurance Component ID Assurance Component Name ADV_FSP.1 Basic functional specification AGD_OPE.1 Operational user guidance AGD_PRE.1 Preparative procedures ALC_CMC.1 Labeling of the TOE ALC_CMS.1 TOE CM coverage ATE_IND.1 Independent testing - conformance AVA_VAN.1 Vulnerability survey VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 17 10 Validator Comments/Recommendations Administrators are cautioned to pay particular attention to the Common Criteria preparative procedures when configuring the devices. Administrators should plan for the fact that log records are not buffered for transmission to the syslog server. Therefore, if the connection to the syslog server goes down, generated log records are not queued and will not be transmitted to the syslog server when the connection is re- established. The document, Preparative Procedures for CC NDPP Evaluated Hewlett-Packard 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches on Comware V7, v1.06, December 2, 2014, provides several configuration options that help reduce the risk that audit records will be lost. VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 18 11 Annexes Not applicable. VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 19 12 Security Target Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches Security Target, Version 1.0, October 28, 2014 VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 20 13 Abbreviations and Acronyms AAA Authentication, Authorization and Accounting AAR Assurance Activities Report CAVP Cryptographic Algorithm Validation Program CC Common Criteria CCEVS Common Criteria Evaluation and Validation Scheme CCTL CC Testing Laboratory CEM Common Methodology for IT Security Evaluation CLI Command Line Interface EP Extended Package ESP Encapsulating Security Payload ETR Evaluation Technical Report FIPS Federal Information Processing Standard IKE Internet Key Exchange IPsec Internet Protocol security IT Information Technology LAN Local Area Network NDPP Network Device Protection Profile NIAP National Information Assurance Partnership NIST National Institute of Standards and Technology NSA National Security Agency NTP Network Time Protocol NVLAP National Voluntary Laboratory Assessment Program OS Operating System PCL Product Compliant List PP Protection Profile RADIUS Remote Authentication Dial In User Service RFC Request For Comment SA Security Association SAR Security Assurance Requirement SFP Small Form-factor Pluggable SFR Security Functional Requirement SNMP Simple Network Management Protocol SSHv2 Secure Shell version 2 ST Security Target TACACS+ Terminal Access Controller Access-Control System Plus TOE Target of Evaluation TSF TOE Security Functions TSS TOE Summary Specification VPN Virtual Private Network VR Validation Report WAN Wide Area Network VALIDATION REPORT HP 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches 21 14 Bibliography The Validation Team used the following documents to produce this Validation Report: [1] Common Criteria for Information Technology Security Evaluation Part 1: Introduction, Version 3.1, Revision 4, September 2012. [2] Common Criteria for Information Technology Security Evaluation Part 2: Security Functional Requirements, Version 3.1 Revision 4, September 2012. [3] Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components, Version 3.1 Revision 4, September 2012. [4] Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 4, September 2012. [5] Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches Security Target, v1.0, October 28, 2014 [6] Common Criteria Evaluation and Validation Scheme - Guidance to CCEVS Approved Common Criteria Testing Laboratories, Version 2.0, 8 Sep 2008. [7] Evaluation Technical Report For Hewlett-Packard Company 5900 Series, 5920 Series, 10500 Series, and 12500 Series Switches, parts 1 and 2 (and associated AAR and test report), version 2.0, December 11, 2014.