1
Australian Information Security
Evaluation Program
Certification Report
Juniper Junos OS 22.3R1 for ACX5448-M,
EX4400-24T, EX4400-24P, EX4400-24MP,
EX4400-48T, EX4400-48P, EX4400-48F,
EX4400-48MP and QFX5120-48YM
Version 1.0, 12 April 2024
Document reference: AISEP-CC-CR-2024-EFT-T032-CR-V1.0
(Certification expires five years from certification report date)
2
Table of contents
Executive summary 4
Introduction 5
Overview 5
Purpose 5
Identification 5
Target of Evaluation 7
Overview 7
Description of the TOE 7
TOE Functionality 7
TOE physical boundary 7
Architecture 8
Clarification of scope 9
Evaluated functionality 9
Non-TOE hardware/software/firmware 9
Non-evaluated functionality and services 9
Security 10
Usage 10
Evaluated configuration 10
Secure delivery 10
Installation of the TOE 11
Version verification 11
Documentation and guidance 11
Secure usage 11
Evaluation 13
Overview 13
Evaluation procedures 13
3
Functional testing 13
Entropy testing 13
Penetration testing 13
Certification 14
Overview 14
Assurance 14
Certification result 14
Recommendations 14
Annex A – References and abbreviations 16
References 16
Abbreviations 17
4
Executive summary
This report describes the findings of the IT security evaluation of Juniper Networks Junos OS 22.3R1
for ACX5448-M, EX4400-24T, EX4400-24P, EX4400-24MP, EX4400-48T, EX4400-48P, EX4400-48F,
EX4400-48MP and QFX5120-48YM against approved Protection Profiles (PPs).
This report concludes that the Target of Evaluation (TOE) has complied with the following PPs [4]:
 collaborative Protection Profile for Network Devices, version 2.2e, 23 March 2020 (NDcPP)
 Network Device collaborative Protection Profile (NDcPP) Extended Package MACsec Ethernet
Encryption, Version 1.2, 10 May 2016 (MACSECEP)
The evaluation was conducted in accordance with the Common Criteria and the requirements of the
Australian Information Security Evaluation Program (AISEP). The evaluation was performed by Teron
Labs with the final Evaluation Technical Report (ETR) submitted on 15 March 2024.
With regard to the secure operation of the TOE, the Australian Certification Authority recommends
that administrators:
 ensure that the TOE is operated in the evaluated configuration and that assumptions concerning
the TOE security environment are understood
 configure and operate the TOE according to the vendor’s product administrator guidance and
pay attention to all security warnings
 maintain the underlying environment in a secure manner so that the integrity of the TOE
Security Function is preserved
 verify the hash of any downloaded software, as present on the Juniper website
 have a system auditor review the audit trail generated and exported by the TOE periodically.
Potential purchasers of the TOE should review the intended operational environment and ensure that
they are comfortable that the stated security objectives for the operational environment can be
suitably addressed.
This report includes information about the underlying security policies and architecture of the TOE,
and information regarding the conduct of the evaluation.
It is the responsibility of the user to ensure that the TOE meets their requirements. For this reason, it
is recommended that a prospective user of the TOE refer to the Security Target and read this
Certification Report prior to deciding whether to purchase the product.
5
Introduction
Overview
This chapter contains information about the purpose of this document and how to identify the Target
of Evaluation (TOE).
Purpose
The purpose of this Certification Report is to:
 report the certification of results of the IT security evaluation of the TOE against the
requirements of the Common Criteria and Protection Profiles [4]
 provide a source of detailed security information about the TOE for any interested parties.
This report should be read in conjunction with the TOE’s Security Target [7] which provides a full
description of the security requirements and specifications that were used as the basis of the
evaluation.
Identification
The TOE is Junos OS 22.3R1 for ACX5448-M, EX4400-24T, EX4400-24P, EX4400-24MP, EX4400-48T,
EX4400-48P, EX4400-48F, EX4400-48MP and QFX5120-48YM
Description Version
Evaluation scheme Australian Information Security Evaluation Program
TOE Junos OS 22.3R1 for ACX5448-M, EX4400-24T, EX4400-24P,
EX4400-24MP, EX4400-48T, EX4400-48P, EX4400-48F, EX4400-
48MP and QFX5120-48YM
Software version 22.3R1
Hardware platform ACX5448-M, EX4400-24T, EX4400-24P, EX4400-24MP, EX4400-
48T, EX4400-48P, EX4400-48F, EX4400-48MP and QFX5120-
48YM
Security Target Security Target Junos OS 22.3R1 for ACX5448-M, EX4400-24T,
EX4400-24P, EX4400-24MP, EX4400-48T, EX4400-48P, EX4400-
48F, EX4400-48MP and QFX5120-48YM Version 1.0, 29
February 2024
Evaluation Technical Report Evaluation Technical Report 1.0, dated 15 March 2024
Document reference EFT-T032-ETR 1.0
Criteria Common Criteria for Information Technology Security
Evaluation Part 2 Extended and Part 3 Conformant, April 2017,
Version 3.1 Rev 5
Methodology Common Methodology for Information Technology Security,
April 2017 Version 3.1 Rev 5
6
Conformance Network Device collaborative Protection Profile version 2.2e,
23 March 2020 (NDcPP)
Extended Package MACsec Ethernet Encryption, Version 1.2,
10 May 2016 (MACSECEP)
Developer Juniper Networks, Inc. 1133 Innovation Way, Sunnyvale
California 94089 United States of America
Evaluation facility Teron Labs
Unit 3, 10 Geils Court
Deakin ACT 2600
Australia
7
Target of Evaluation
Overview
This chapter contains information about the Target of Evaluation (TOE), including a description of
functionality provided, its architectural components, the scope of evaluation, its security policies and
its secure usage.
Description of the TOE
The TOE is Juniper Networks, Inc. Junos OS 22.3R1 for ACX5448-M, EX4400-24T, EX4400-24P, EX4400-
24MP, EX4400-48T, EX4400-48P, EX4400-48F, EX4400-48MP and QFX5120-48YM Ethernet Switches
with MACsec. Each TOE model is a specific network appliance implementing the same functionality on
a different hardware platform.
The variants of the TOE share a common architecture and feature set. They implement a variety of
high-speed interfaces (only Ethernet is in the scope of the evaluation) for enterprise branch, campus,
and data center networks. They also share common Junos firmware, features, and technology for
compatibility across platforms.
The appliance variations constituting the TOE are secure network devices that protect themselves
largely by offering only a minimal logical interface to the network and attached nodes. They include
the Junos OS firmware, Junos OS 22.3R1, which is a special purpose OS offering no general-purpose
computing capabilities. Junos OS implements both management and control functions as well as all IP
routing.
The appliances primary function is to support the definition and enforcement of information flow
policies among network nodes. Each information flow from one network node to another passes
through an instance of the TOE. Information flow is controlled on the basis of network node addresses
and protocol. The TOE also ensures that security-relevant activity is audited and implements the
necessary tools to manage all security function.
The TOE implements MACsec between adjacent devices. All traffic communicated between the
devices including frames for LLDP, DHCP, ARP, STP, Ethernet Control frames, etc (the exceptions to
this protection are Destination MAC and Source MAC addresses in MACsec and MKA frames).
TOE Functionality
The TOE functionality that was evaluated is described in section 1.6 of the Security Target [7].
TOE physical boundary
The TOE is an appliance consisting of the Junos OS 22.3R1 for ACX5448-M, EX4400-24T, EX4400-24P,
EX4400-24MP, EX4400-48T, EX4400-48P, EX4400-48F, EX4400-48MP and QFX5120-YM appliance
chasses. Hence, the TOE is contained within the physical boundary of the specified appliance chassis,
as shown below. The physical boundary of the TOE is the entire chassis of the appliance.
The install image provided for the TOE is:
 For ACX5448-M: junos-vmhost-install-acx-x86-64-22.3R1.11.tgz
 For the EX4400 variants: junos-install-ex-x86-64-22.3R1.11.tgz
 For QFX5120-48YM: jinstall-host9-qfx-5e-ng-x86-64-22.3R1.11-secure-signed.tgz
The firmware version reflects the detail reported for the components of the Junos OS when the “show
version” command is executed on the device.
8
The TOE interfaces comprise the following:
 The TOE interfaces are comprised of the network interfaces which pass traffic
 management interface, which handles administrative actions.
Architecture
The TOE consists of the following major architectural components.
Switch fabric – the switch fabric boards/modules provide a highly scalable, non-blocking, centralized
switch fabric matrix through which all network data passes.
Routing Engine – the Routine Engine (RE) runs the Junos firmware and implements Layer 3 routing
services and Layer 2 switching services. The RE also implements the management functions for
configuration and operation of the TOE and controls the flow of information through the TOE,
including support for appliance interface control and control plane functions such as chassis
component, system management and user access to the appliance.
Packet Forwarding Engine (PFE) – The PFE implements all operations necessary for transit packet
forwarding. The PFE implements an extensive set of Layer 2 and Layer 3 services that can be deployed
in any combination of Layer 2 and Layer 3 applications.
Power – The ACX5448-M, EX4400-24T, EX4400-48T, EX4400-48F, and QFX5120-48YM variants of the
TOE include non-PoE ports. The EX4400-24P and EX4400-48P variants implement a Power over
Ethernet (PoE) interface for powering up the TOE. The EX4400-24MP and EX4400-48MP variants
support both options. Power supply bays allow flexibility for provisioning and redundancy. The power
supplies connect to the midplane, which distributes the different output voltages produced by the
power supplies to the appliance components, depending on their voltage requirements.
The RE and the PFE function independently while constantly communicating through a high-speed
internal link. This enables streamlined forwarding and routing control and the capability to run
Internet-scale networks at high speeds.
Juniper’s Virtual Chassis technology allows multiple interconnected switches to operate as a single,
logical unit, enabling users to manage all platforms as one virtual device. The functions of the
appliances can all be managed through the Junos firmware, either from a connected terminal console
or via a network connection. Network management is secured using the SSH protocol. All
management, whether from a user connecting to a terminal or from the network, requires successful
9
authentication. In the evaluated deployment the TOE is managed and configured via Command Line
Interface, either via a directly connected console or over the network secured using the SSH protocol
MACsec can be deployed in point-to-point mode or shared mode with multiple stations. In the
evaluated configuration MACsec must be configured individually on each point-to-point Ethernet link,
such that a pair of MACsec devices (connected by a physical medium) protect Ethernet frames
switched or routed from one device to the other. The two MACsec devices are provided with a
Connectivity Association Key (CAK) and utilize the MACsec Key Agreement (MKA) protocol to create a
secure tunnel. MKA is used by the two MACsec devices to agree upon MACsec keys. MACsec must be
configured to protect all traffic between the devices, with the exception of the MKA or Ethernet
control traffic such as EAP over LAN (EAPOL) frames. The devices will first exchange MKA frames,
which serve to determine the peer is an authorized peer, and agree upon a shared key and MACsec
cipher suite used to set up a transmit Security Association (SA) and a receive SA. Once the SAs are set
up, MACsec-protected frames traverse the unprotected link.
Clarification of scope
The evaluation was conducted in accordance with the Common Criteria and associated
methodologies. The scope of the evaluation was limited to those claims made in the Security Target
[7].
Evaluated functionality
Functional tests performed during the evaluation were taken from the Protection Profiles and
Supporting Document and sufficiently demonstrate the security functionality of the TOE. Some of the
tests were combined for ease of execution.
Non-TOE hardware/software/firmware
The TOE relies on the provision of the following items in the network environment:
 Syslog server supporting SSHv2 connections to send audit logs
 SSHv2 client for remote administration
 Serial connection client for local administration
Non-evaluated functionality and services
Potential users of the TOE are advised that some functions and services have not been evaluated as
part of the evaluation. Potential users of the TOE should carefully consider their requirements for
using functions and services outside of the evaluated configuration.
Australian Government users should refer to the Australian Government Information Security Manual
[5] for policy relating to using an evaluated product in an unevaluated configuration.
The following components are considered outside of the scope of the TOE:
 use of telnet, since it violates the Trusted Path requirement set
 use of File Transfer Protocol, since it violates the Trusted Path requirement set
 use of Simple Network Management Protocol, since it violates the Trusted Path requirement set
 use of Secure Sockets Layer, including management via J-Web, JUNOScript and JUNOScope,
since it violates the Trusted Path requirement set
 use of Command Line Interface account super-user and linux root account.
10
Security
The CCRA Security Function Policy is a set of rules that defines how information within the TOE is
managed and protected. The Security Target [7] contains a summary of the functionality that is
evaluated.
Usage
Evaluated configuration
The evaluated configuration is based on the default installation of the TOE with additional
configuration implemented from specific guidance instructions. The Common Criteria guidance
documents for this evaluation are [6]:
Junos® OS, Common Criteria Evaluated Configuration Guide for EX4650-48Y, QFX5120-32C, QFX5120-
48T, QFX5120-48Y, and QFX5120-48YM Devices Published 2023-02-23, Release 22.3R1;
Junos® OS, Common Criteria Evaluated Configuration Guide for ACX5448 Devices, Published 2023-02-
28, Release 22.3R1;
Junos® OS, Common Criteria Evaluated Configuration Guide for EX4400-24MP, EX4400-24P, EX4400-
24T, EX4400-48F, EX4400-48MP, EX4400-48P, and EX4400-48T Devices, Published 2023-02-23, Release
22.3R1.
Secure delivery
There are several mechanisms provided in the delivery process to ensure that a customer receives a
product that has not been tampered with. The customer should perform the following checks upon
receipt of a device to verify the integrity of the platform:
 shipping label - Ensure that the shipping label correctly identifies the correct customer name and
address as well as the device
 outside packaging - Inspect the outside shipping box and tape. Ensure that the shipping tape has
not been cut or otherwise compromised. Ensure that the box has not been cut or damaged to
allow access to the device
 inside packaging - Inspect the plastic bag and seal. Ensure that the bag is not cut or removed.
Ensure that the seal remains intact.
If the customer identifies a problem during the inspection, they should immediately contact the
supplier providing the order number, tracking number and a description of the identified problem to
the supplier.
Additionally, there are several checks that can be performed to ensure that the customer has received
a box sent by Juniper Networks and not a different company masquerading as Juniper Networks. The
customer should perform the following checks upon receipt of a device to verify the authenticity of
the device:
 verify that the device was ordered using a purchase order. Juniper Networks devices are never
shipped without a purchase order
 when a device is shipped, a shipment notification is sent to the e-mail address provided by the
customer when the order is taken. Verify that this e-mail notification was received and contains
the following information:
 purchase order number
 Juniper Networks order number used to track the shipment
 carrier tracking number used to track the shipment
 list of items shipped including serial numbers
11
 address and contacts of both the supplier and the customer
 verify that the shipment was initiated by Juniper Network, performing the following tasks:
 compare the carrier tracking number of the Juniper Networks order number listed in the
Juniper Networks shipping notification with the tracking number on the package received
 log on to the Juniper Networks online customer support portal at
https://www.juniper.net/customers/csc/management to view the order status
 compare the carrier tracking number or the Juniper Networks order number listed in the
Juniper Networks shipment notification with the tracking number on the package received.
Installation of the TOE
The configuration guides [6] contain all relevant information for the secure configuration of the TOE.
Version verification
The verification of the TOE is largely automatic, including the verification using hashes. The TOE
cannot load a modified image. Valid software images can be downloaded from the
https://www.juniper.net support pages. In addition to the automated verification, the site includes
individual hashes for each image. The administrator should verify the hash of the software before
installing it into the hardware platform.
Security Administrators are able to query the current version of the TOE firmware using the CLI
command ‘show version’.
Documentation and guidance
It is important that the TOE is used in accordance with guidance documentation in order to ensure
secure usage. The following documentation is available to the consumer when the TOE is purchased.
The evaluated configuration guide (system admin guide) documents for the ACX5448-M device,
EX4400-24T, EX4400-24P, EX4400-24MP, EX4400-48T, EX4400-48P, EX4400-48F, EX4400-48MP
devices and QFX5120-48YM device running Junos OS 22.3R1 are available for download at
https://www.juniper.net/documentation. The documents are [6]:
Junos® OS, Common Criteria Evaluated Configuration Guide for EX4650-48Y, QFX5120-32C, QFX5120-
48T, QFX5120-48Y, and QFX5120-48YM Devices Published 2023-02-23, Release 22.3R1
Junos® OS, Common Criteria Evaluated Configuration Guide for ACX5448 Devices, Published 2023-02-
28, Release 22.3R1
Junos® OS, Common Criteria Evaluated Configuration Guide for EX4400-24MP, EX4400-24P, EX4400-
24T, EX4400-48F,EX4400-48MP, EX4400-48P, andEX4400-48T Devices, Published 2023-02-23, Release
22.3R1.
Common Criteria material is available at https://www.commoncriteriaportal.org.
The Australian Government Information Security Manual is available at https://www.cyber.gov.au/ism
[5].
Secure usage
The evaluation of the TOE took into account certain assumptions about its operational environment.
These assumptions must hold in order to ensure the security objectives of the TOE are met.
The network device is assumed to be physically protected in its operational environment and not
subject to physical attacks that compromise the security and/or interfere with the device’s physical
interconnections and correct operation. This protection is assumed to be sufficient to protect the
device and the data it contains.
12
The device is assumed to provide networking functionality as its core function and not provide
functionality/services that could be deemed as general purpose computing. For example, the device
should not provide a computing platform for general purpose applications (unrelated to networking
functionality).
The administrator(s) for the network device are assumed to be trusted and to act in the best interest
of security for the organisation. This includes being appropriately trained, following policy and
adhering to guidance documentation. Administrators are trusted to ensure passwords/credentials
have sufficient strength and entropy. The network device is not expected to be capable of defending
against a malicious administrator that actively works to bypass or compromise the security of the
device.
The network device firmware and software is assumed to be updated by an administrator on a regular
basis in response to the release of product updates due to known security vulnerabilities.
The administrator’s credentials (private key) used to access the network device are protected by the
platform on which they reside.
The administrator must ensure that there is no unauthorised access possible for sensitive residual
information (e.g. cryptographic keys, keying material, PINs, passwords etc.) on networking equipment
when the equipment is discarded or removed from its operational environment.
This assumption is only applicable to interfaces in the TOE that are defined by the Network Device
collaborative Protection Profile. For these interfaces, the TOE does not provide any assurance
regarding the protection of traffic that traverses it.
13
Evaluation
Overview
This chapter contains information about the procedures used in conducting the evaluation, the testing
conducted as part of the evaluation and the certification result.
Evaluation procedures
The criteria against which the Target of Evaluation (TOE) has been evaluated are contained in the
relevant Protection Profiles [4] and Common Criteria for Information Technology Security Evaluation
Version 3.1 Revision 5, Parts 2 and 3 [1, 2].
Testing methodology was drawn from Common Methodology for Information Technology Security,
April 2017 Version 3.1 Revision 5 [3] and the relevant Supporting Documents [12].
The evaluation was carried out in accordance with the operational procedures of the Australian
Information Security Evaluation Program [10].
In addition, the conditions outlined in the Arrangement on the Recognition of Common Criteria
Certificates in the field of Information Technology Security [9] and the document CC and CEM
addenda, Exact Conformance, Selection-Based SFRs, Optional SFRs [13] were also upheld.
Functional testing
All functional tests performed by the evaluators were taken from the Supporting Documents [12]. The
tests were designed to provide the required testing coverage for the security functions claimed by the
TOE.
Entropy testing
The entropy design description, justification, operation and health tests are assessed and documented
in a separate report [11].
Penetration testing
The evaluators performed the evaluation activities for vulnerability assessment specified by the
collaborative Protection Profile for Network Devices and Network Device collaborative Protection
Profile (NDcPP) Extended Package MACsec Ethernet Encryption Supporting Documents [12] which
follow a flaw hypothesis methodology. Accordingly, four types of flaw hypotheses have been
considered:
 public vulnerabilities
 ND iTC (Network Device international Technical Community) sourced
 evaluation team generated
 tool generated.
Based on the results of this testing, the evaluators determined that the TOE is resistant to an attacker
possessing a basic attack potential.
14
Certification
Overview
This chapter contains information about the result of the certification, an overview of the assurance
provided and recommendations made by the certifiers.
Assurance
This certification is focused on the evaluation of product compliance with Protection Profiles that
cover the technology area of network devices. Organisations can have confidence that the scope of an
evaluation against an ASD-approved Protection Profile covers the necessary security functionality
expected of the evaluated product and known threats will have been addressed.
The analysis is supported by testing as outlined in the Protection Profile Supporting Documents and a
vulnerability survey demonstrating resistance to penetration attackers with a basic attack potential.
Compliance also provides assurance through evidence of secure delivery procedures. Certification is
not a guarantee of freedom from security vulnerabilities.
The effectiveness and integrity of cryptographic functions are also within the scope of product
evaluations performed in line with the Protection Profiles (PPs). PPs provide assurance by providing a
full Security Target, and an analysis of the Security Functional Requirements in that Security Target,
guidance documentation, and a basic description of the architecture of the TOE.
Certification result
Teron Labs has determined that the TOE upholds the claims made in the Security Target [7] and has
met the requirements of the collaborative Protection Profile for Network Devices (CPP_ND) and
Network Device collaborative Protection Profile (NDcPP) Extended Package MACsec Ethernet
Encryption (MACSECEP) [4].
After due consideration of the conduct of the evaluation as reported to the certifiers, and of the
Evaluation Technical Report [8], the Australian Certification Authority certifies the evaluation of
Juniper Junos OS 22.3R1 for ACX5448-M, EX4400-24T, EX4400-24P, EX4400-24MP, EX4400-48T,
EX4400-48P, EX4400-48F, EX4400-48MP and QFX5120-48YM devices performed by the Australian
Information Security Evaluation Facility, Teron Labs.
Recommendations
Not all of the evaluated functionality present in the TOE may be suitable for Australian Government
users. For further guidance, Australian Government users should refer to the Australian Government
Information Security Manual [5].
In addition to ensuring that the assumptions concerning the operational environment are fulfilled, and
the guidance document is followed, the Australian Certification Authority also recommends that users
and administrators:
 ensure that the TOE is operated in the evaluated configuration and that assumptions concerning
the TOE security environment are understood
 configure and operate the TOE according to the vendor’s product administrator guidance and
pay attention to all security warnings
15
 maintain the underlying environment in a secure manner so that the integrity of the TOE
Security Function is preserved
 verify the hash of any downloaded software, as present on the https://www.juniper.net website
 have a system auditor review the audit trail generated and exported by the TOE periodically.
16
Annex A – References and abbreviations
References
1. Common Criteria for Information Technology Security Evaluation Part 2: Security functional
components April 2017, Version 3.1 Revision 5
2. Common Criteria for Information Technology Security Evaluation Part 3: Security assurance
components April 2017, Version 3.1 Revision 5
3. Common Methodology for Information Technology Security Evaluation, Evaluation
Methodology, April 2017, Version 3.1 Revision 5
4. Protection Profiles:
a) collaborative Protection Profile for Network Devices, version 2.2e, 23 March 2020
(NDcPP)
b) Network Device collaborative Protection Profile (NDcPP) Extended Package MACsec
Ethernet Encryption (MACSECEP), Version 1.2, 10 May 2016
5. Australian Government Information Security Manual: https://www.cyber.gov.au/ism
6. Common Criteria Evaluated Configuration Guides:
a) Junos® OS, Common Criteria Evaluated Configuration Guide for EX4650-48Y,
QFX5120-32C, QFX5120-48T, QFX5120-48Y, and QFX5120-48YM Devices Published
2023-02-23, Release 22.3R1;
b) Junos® OS, Common Criteria Evaluated Configuration Guide for ACX5448 Devices,
Published 2023-02-28, Release 22.3R1;
c) Junos® OS, Common Criteria Evaluated Configuration Guide for EX4400-24MP,
EX4400-24P, EX4400-24T, EX4400-48F,EX4400-48MP, EX4400-48P, and EX4400-48T
Devices, Published 2023-02-23, Release 22.3R1
7. Security Target Junos OS 22.3R1 for ACX5448-M, EX4400-24T, EX4400-24P, EX4400-24MP,
EX4400-48T, EX4400-48P, EX4400-48F, EX4400-48MP and QFX5120-48YM, Version 1.0, 29
February 2024
8. Evaluation Technical Report - Junos OS 22.3R1 for ACX5448-M, EX4400-24T, EX4400-24P,
EX4400-24MP, EX4400-48T, EX4400-48P, EX4400-48F, EX4400-48MP and QFX5120-48YM,
dated 15 March 2024 (Document reference EFT-T032-ETR 1.0)
9. Arrangement on the Recognition of Common Criteria Certificates in the field of Information
Technology Security, 2 July 2014
10. AISEP Policy Manual (APM): https://www.cyber.gov.au/sites/default/files/2023-
03/2022_AUG_REL_AISEP_Policy_Manual_6.3.pdf
11. Entropy Reports:
a) Junos OS Entropy Source version 22.3 Entropy Assessment and SP 800-90B
Compliance Report, Version 1.5, 30 August 2023, EX4400 (Intel®Atom™ CPU
C3558R), QFX5120-48YM (Intel Xeon D-1627), ACX5448 (Intel Xeon D1528)
b) Junos OS Entropy Source Entropy Assessment and SP 800-90B Compliance Report,
Version 1.0, 25 January 2023
12. Supporting Documents:
a) Supporting Document, Evaluation Activities for Network Device cPP, Version 2.2,
December-2019 (CPP_ND_SD)
17
13. CC and CEM addenda, Exact Conformance, Selection-Based SFRs, Optional SFRs 30 September
2021, Version 2.0 CCDB-013-v2.0
Abbreviations
AISEP Australian Information Security Evaluation Program
ARP Address Resolution Protocol
ASD Australian Signals Directorate
CAK Connectivity Association Key
CCRA Common Criteria Recognition Arrangement
CLI Command Line Interface
DHCP Dynamic Host Configuration Protocol
EAPOL Extensible Authentication Protocol Over Local Area Network
LAN Local Area Network
LLDP Link Layer Discovery Protocol
MACsec Media Access Control Security
MKA MACsec Key Agreement
NDcPP CCRA-approved collaborative Protection Profile for Network Devices
ND iTC Network Device international Technical Community
PFE Packet Forwarding Engine
PHY Physical Layer
PP Protection Profile
RE Routing Engine
SSH Secure Shell
STP Spanning Tree Protocol
TOE Target of Evaluation