National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report For Cisco Catalyst Switches (2960S, 2960C, 3560V2 and 3750V2) running IOS 15.0.(2)SE4 Report Number: CCEVS-VR-VID10588-2014 Dated: February 7, 2014 Version: 1.0 National Institute of Standards and Technology National Security Agency Information Technology Laboratory Information Assurance Directorate 100 Bureau Drive 9800 Savage Road STE 6940 Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6940 ® TM VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 ii Table of Contents 1.1 Executive Summary................................................................1 1.2 Evaluation Details...................................................................4 1.3 Identification...........................................................................5 1.4 TOE Threats, Assumptions, and Organizational Security Policies 6 1.5 Architectural Information .......................................................6 1.6 Physical Boundaries................................................................7 1.7 Documentation........................................................................7 1.8 Security Policy........................................................................8 1.9 Independent Testing..............................................................10 1.10 Evaluated Configuration.....................................................11 1.11 Results of the Evaluation ....................................................11 1.12 Validator Comments/Recommendations ............................12 1.13 Annexes...............................................................................12 1.14 Security Target....................................................................12 1.15 Acronym List ......................................................................12 1.16 Bibliography .......................................................................13 VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 1 List of Tables Table 1 ST and TOE identification........................................................................................ 5 VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 1 1.1 Executive Summary The evaluation of Cisco Catalyst Switches 2960S, 2960C, 3560V2 and 3750V2 running IOS 15.0.(2)SE4 (hereafter referenced as Cisco Cat 2k/3kV2 Switches) was performed by Leidos, in the United States and was completed in December 2013. The evaluation was carried out in accordance with the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The criteria against which the Cisco Cat 2k/3kV2 Switches TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1, revision 3. The evaluation methodology used by the evaluation team to conduct the evaluation was available in the Common Methodology for Information Technology Security Evaluation versions 3.1, revision 3. Leidos Common Criteria Testing Laboratory determined that the product satisfies the evaluation assurance level (EAL) 1 as defined within the Common Criteria (CC) and the NDPP. The product, when configured as specified in the installation guides and user guides, satisfies all of the security functional requirements stated in the Cisco Catalyst Switches (2960S, 2960C, 3560V2 and 3750V2) running IOS 15.0(2) SE4 Security Target, version 1.0, February 5, 2014. This Validation Report applies only to the specific version of the TOE as evaluated. In this case the TOE is Cisco Catalyst Switches (2960S, 2960C, 3560V2 and 3750V2) running Cisco IOS 15.(2)SE4 software. The TOE hardware includes the following appliances: 1. Cisco Catalyst 2960S Switches Figure 3: Cisco Catalyst 2960-S Series Switches Table 3: Configurations of Cisco Catalyst 2960-S Series Switches Switch Model Description Uplinks Catalyst 2960-S Switches with 1 Gigabit Uplinks and 10/100/1000 Ethernet Connectivity Cisco Catalyst 2960S- 48TS-S 48 Ethernet 10/100/1000 2 1GbE ports Cisco Catalyst 2960S- 24TS-S 24 Ethernet 10/100/1000 2 1GbE SFP ports VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 2 2. Cisco Catalyst 2960-C Switches Figure 4: The Cisco Catalyst 2960-C Series Configurations Table 4: Configurations of Cisco Catalyst 2960-C Series Switches Catalyst 2960- C Switch Model Description PoE Output Ports and available PoE Power Uplinks MACsec Cisco Catalyst 2960C-8TC-L 8 x 10/100 Fast Ethernet N/A 2 x 1G copper or 1G SFP N/A Cisco Catalyst 2960C-8TC-S 8 x 10/100 Fast Ethernet N/A 2 x 1G copper or 1G SFP N/A Cisco Catalyst 2960CPD-8TT- L 8 x 10/100 Fast Ethernet N/A 2 x 1G (PoE+ input) N/A Cisco Catalyst 2960C-8PC-L 8 x 10/100 Fast Ethernet 8 PoE, 124W 2 x 1G copper or 1G SFP N/A Cisco Catalyst 2960CPD-8PT- L 8 x 10/100 Fast Ethernet 8 PoE, Upto 22.4W 2 x 1G (PoE+ input) N/A Cisco Catalyst 2960C-12PC-L 12 x 10/100 Fast Ethernet 12 PoE, 124W 2 x 1G copper or 1G SFP N/A Cisco Catalyst 8 x 10/100/1000 N/A 2 x 1G N/A VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 3 Catalyst 2960- C Switch Model Description PoE Output Ports and available PoE Power Uplinks MACsec 2960CG-8TC-L Gigabit Ethernet copper or 1G SFP 3. Cisco Catalyst 3560V2 and 3750V2 Switches Figure 5: The Cisco Catalyst 3560V2 and 3750V2 Series Configurations – Front and back view Table 5: The Cisco Catalyst 3560 and 3750 V2 Series Configurations Model Description 3560V2-24TS 24 Ethernet 10/100 ports and 2 Small Form-Factor Pluggable (SFP)-based Gigabit Ethernet ports; 1 rack unit (RU) 3560V2-48TS 48 Ethernet 10/100 ports and 4 SFP-based Gigabit Ethernet ports; 1RU 3560V2-24PS 24 Ethernet 10/100 ports with PoE and 2 SFP-based Gigabit Ethernet ports; 1 RU 3560V2-48PS 48 Ethernet 10/100 ports with PoE and 4 SFP-based Gigabit Ethernet ports; 1RU 3560V2-24TS- SD 24 Ethernet 10/100 ports and 2 SFP-based Gigabit Ethernet ports; 1RU, DC power supply 3750V2-24TS 24 Ethernet 10/100 ports and 2 Small Form-Factor Pluggable (SFP) Gigabit Ethernet ports; 1 rack unit (RU) 3750V2-48TS 48 Ethernet 10/100 ports and 4 SFP Gigabit Ethernet ports; 1RU 3750V2-24PS 24 Ethernet 10/100 ports with Power over Ethernet (PoE) and 2 SFP Gigabit Ethernet ports; 1 RU VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 4 Model Description 3750V2-48PS 48 Ethernet 10/100 ports with PoE and 4 SFP Gigabit Ethernet ports; 1RU 3750V2-24FS 24 Ethernet 100FX SFP ports and 2 SFP Gigabit Ethernet ports; 1 RU; Transceivers are optional and not included with the base switch The evaluation has been conducted in accordance with the provisions of the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) and the conclusions of the testing laboratory in the evaluation technical report are consistent with the evidence adduced. This Validation Report is not an endorsement of Cisco Catalyst Switches 2k/3kV2 by any agency of the US Government and no warranty of the product is either expressed or implied. The validation team monitored the activities of the evaluation team, examined evaluation evidence, provided guidance on technical issues and evaluation processes, and reviewed the individual work units and verdicts of the ETR. The validation team found that the evaluation showed that the product satisfies all of the security functional and assurance requirements stated in the Security Target (ST). The evaluation also showed that the product met all the security requirements and Assurance Activities contain in a Protection Profile. Therefore the validation team concludes that the testing laboratory’s findings are accurate, the conclusions justified, and the conformance results are correct. The conclusions of the testing laboratory in the evaluation technical report are consistent with the evidence produced. The technical information included in this report was obtained from the Final Evaluation Technical Report for Cisco Catalyst Switches 2k/3kV2 ETR parts 1 and 2 and the associated test report produced by Leidos. 1.2 Evaluation Details Item Identifier Evaluated Product Cisco Catalyst Switches (2960S, 2960C, 3560V2 and 3750V2) Sponsor & Developer Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 CCTL Leidos Common Criteria Testing Laboratory 6841 Benjamin Franklin Drive Columbia, MD 21046 Completion Date February 2014 CC Common Criteria for Information Technology Security Evaluation, Version 3.1, Revision 3, September 2009 Interpretations There were no applicable interpretations used for this evaluation. CEM Common Methodology for Information Technology Security VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 5 Evaluation: Version 3.1, Revision 3, September 2009 PP U.S. Government Security Requirements for Network Devices (pp_nd_v1.1) version 1.0, 8 June 2012 Evaluation Class Evaluation Assurance Level (EAL) 1 consistent with NDPP Assurance Requirements Disclaimer The information contained in this Validation Report is not an endorsement of the Cisco Catalyst Switches 2k/3kV2 by any agency of the U.S. Government and no warranty of Cisco Catalyst Switches 2k/3kV2 is either expressed or implied. Evaluation Personnel Kevin Micciche Christopher Keenan Tony Apted Validation Personnel Paul Bicknell Brad O’Neill 1.3 Identification The CCEVS is a joint National Security Agency (NSA) and National Institute of Standards and Technology (NIST) effort to establish commercial facilities to perform trusted product evaluations. Under this program, security evaluations are conducted by commercial testing laboratories called Common Criteria Testing Laboratories (CCTLs) using the Common Evaluation Methodology (CEM) for Evaluation Assurance Level (EAL) 1 through EAL 4 in accordance with National Voluntary Laboratory Assessment Program (NVLAP) accreditation. Note that assurance requirements outside the scope of EAL 1 through EAL 4 are addressed at the discretion of the CCEVS. The NIAP Validation Body assigns Validators to monitor the CCTLs to ensure quality and consistency across evaluations. Developers of information technology products desiring a security evaluation contract with a CCTL and pay a fee for their product’s evaluation. Upon successful completion of the evaluation, the product is added to NIAP’s Validated Products List. The following table serves to identify the evaluated Security Target and TOE. Table 1 ST and TOE identification ST Title Cisco Catalyst Switches (2960S, 2960C, 3560V2 and 3750V2) Running IOS 15.0(2)SE4 Security Target, Revision 1.0, February 5, 2014 TOE Identification Cisco Catalyst Switches (2960S, 2960C, 3560V2 and 3750V2) TOE Hardware Cisco Catalyst Switches 2960S, 2960C, 3560V2 and 3750V2) TOE Software Cisco IOS 15.0(2)SE4 VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 6 1.4 TOE Threats, Assumptions, and Organizational Security Policies All Threats to the TOE, Assumptions, and Organization Security Polices are consistent with those contained in: [NDPPv1.1]. 1.5 Architectural Information The TOE consists of one or more physical devices; the Catalyst Switch with Cisco IOS software. All of the Catalyst Switches run the same version of the IOS 15.0(2)SE4 (FIPS Validated) software which enforces the security functions being claimed regardless of the model. The Catalyst Switch has two or more network interfaces and is connected to at least one internal and one external network. The Cisco IOS configuration determines how packets are handled to and from the switches’ network interfaces. The switch configuration will determine how traffic flows received on an interface will be handled. Typically, packet flows are passed through the internetworking device and forwarded to their configured destination. BGPv4, EIGRP, EIGRPv6 for IPv6, PIM- SMv2, and OSPFv2, OSPFv3 for IPv6 and RIPv2, Routing protocols are used on all of the Catalyst Switch models. The TOE can optionally connect to an NTP server on its internal network for time services. Also, if the Catalyst Switch is to be remotely administered, then the management station must be connected to an internal network, a secure IPsec tunnel must be used to connect to the switch. A syslog server can also be used to store audit records. A remote authentication server can also be used for centralized authentication. If these servers are used, they must be attached to the internal (trusted) network. The internal (trusted) network is meant to be separated effectively from unauthorized individuals and user traffic; one that is in a controlled environment where implementation of security policies can be enforced. The following figure provides a visual depiction of an example TOE deployment. Figure 1: TOE Deployment Example VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 7 1.6 Physical Boundaries The Target of Evaluation includes the following components: • Cisco Catalyst 2960S Switches • Cisco Catalyst 2960C Switches • Cisco Catalyst 3560V2 Switches • Cisco Catalyst 3750V2 Switches • All Switches run IOS 15.0.(2)SE4 • TOE Guidance 1.7 Documentation Cisco offers a number of guidance documents along with a CC-specific supplemental document describing the installation process for the TOE as well as guidance for subsequent use and administration of the applicable security features. Cisco ASR 1006 PWR STATUS ASR1000 SIP10 PWR STATUS ASR1000 SIP10 PWR STAT STBY ASR1000-ESP20 ACTV PWR STAT STBY ASR1000-ESP20 ACTV STAT ASR1000-RP1 STBY ACTV MIN MAJ CRIT A C 0 CM1 PWR HD USB BF DISK 1 0 CARRIER LINK BITS CON AUX MGMT ETHERNET CM1 STAT ASR1000-RP1 STBY ACTV MIN MAJ CRIT A C 0 CM1 PWR HD USB BF DISK 1 0 CARRIER LINK BITS CON AUX MGMT ETHERNET CM1 PWR STATUS ASR1000 SIP10 1 0 1 0 2 1 0 2 1 0 P P R R Cisco ETH ACT PWR SLOT 0 0 SLOT 1 0 SLOT 2 0 0K 1 1 1 1700 SERIES ROUTER COL Peer =TOE Boundary Mgt . Workstation IPSec Connecion Catalyst 2k/3kV2 Switch Cisco ETH ACT PWR SLOT 0 0 SLOT 1 0 SLOT 2 0 0K 1 1 1 1700 SERIES ROUTER COL Peer Syslog Server AAA Server NTP Server VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 8 The documentation for the TOE is: • Cisco Catalyst 2960S, 2960C, 3560C, 3560X, 3750X, 3560v2, and 3750v2 switches Common Criteria User Guidance and Preparative Guidance, version 1.5, 31 January 2014 • Cisco IOS Command Reference • Cisco IOS configuration Fundamentals • Cisco IOS configuration Guide The security target used is:  Cisco Catalyst Switches (2960S, 2960C, 3560V2 and 3750V2) Running IOS 15.0(2)SE4 Security Target, version 1.0, February 5, 2014 1.8 Security Policy Security audit The TOE generates a comprehensive set of audit logs that identify specific TOE operations. Auditable events include; modifications to the group of users that are part of the authorized administrator roles, all use of the user identification mechanism, any use of the authentication mechanism, any change in the configuration of the TOE, any matching of packets to access control entries in ACLs when traversing the TOE; and any failure of a packet to match an access control list (ACL) rule allowing traversal of the TOE. The TOE is configured to store the audit logs on an external syslog server. Communication with the syslog server is protected using IPsec and the TOE can determine when communication with the syslog server fails. If that should occur, the TOE can be configured to block new permit actions. The logs can be viewed on the TOE using the appropriate IOS commands. The records include the date/time the event occurred, the event/type of event, the user associated with the event, and additional information of the event and its success and/or failure. Cryptographic support The TOE provides cryptography support for secure communications and protection of information when configured in FIPS mode. The crypto module is FIPS 140-2 SL2 validated (certificate number 1940). The cryptographic services provided by the TOE include: symmetric encryption and decryption using AES; digital signature using RSA; cryptographic hashing using SHA1; keyed- hash message authentication using HMAC-SHA1, and IPsec for authentication and encryption services to prevent unauthorized viewing or modification of data as it travels over the external network. The TOE also implements IPsec secure protocol for secure remote administration. In the evaluated configuration, the TOE must be operated in FIPS mode of operation per the FIPS Security Policy (certificate 1940). User Data Protection The TOE ensures that packets transmitted from the TOE do not contain residual information from previous packets. Packets that are not the required length use zeros for padding so that residual data VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 9 from previous traffic is never transmitted from the TOE. Identification and authentication The TOE performs authentication, using Cisco IOS platform authentication mechanisms, to authenticate access to user and privileged command modes. All users wanting to use TOE services are identified and authenticated prior to being allowed access to any of the services. Once a user attempts to access the management functionality of the TOE the TOE prompts the user for a user name and password. Only after the administrative user presents the correct identification and authentication credentials will access to the TOE functionality be granted. The TOE can be configured to display an advisory banner when administrators log in and also to terminate administrator sessions after a configured period of inactivity. The TOE also supports authentication of other routers using router authentication supported by BGPv4, EIGRP, EIGRPv6 for IPv6, PIM-SMv2, and OSPFv2, OSPFv3 for IPv6 and RIPv2. Each of these protocols supports authentication by transmission of MD5-hashed password strings, which each neighbor router uses to authenticate others. It is noted that per the FIPS Security Policy, that MD5 is not a validated algorithm during FIPS mode of operation. For additional security, it is recommended router protocol traffic also be isolated to separate VLANs. Security management The TOE provides secure administrative services for management of general TOE configuration and the security functionality provided by the TOE. All TOE administration occurs either through a secure session via IPsec, a terminal server directly connected to the Catalysis Switch (RJ45), or a local console connection (serial port). The TOE provides the ability to perform the following actions: • allows authorized administrators to add new administrators, • start-up and shutdown the device, • create, modify, or delete configuration items, • create, modify, or delete information flow policies, • create, modify, or delete routing tables, • modify and set session inactivity thresholds, • modify and set the time and date, • and create, delete, empty, and review the audit trail All of these management functions are restricted to the authorized administrator of the TOE. The TOE switch platform maintains administrative privilege level and non-administrative access. Non- administrative access is granted to authenticated neighbor routers for the ability to receive updated routing tables per the information flow rules. There is no other access or functions associated with non-administrative access. The administrative privilege levels include: • Administrators are assigned to privilege levels 0 and 1. Privilege levels 0 and 1 are defined by default and are customizable. These levels have a very limited scope and access to CLI commands that include basic functions such as login, show running system information, turn on/off privileged commands, logout. VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 10 • Semi-privileged administrators equate to any privilege level that has a subset of the privileges assigned to level 15; levels 2-14. These levels are undefined by default and are customizable. • Privileged administrators are equivalent to full administrative access to the CLI, which is the default access for IOS privilege level 15. Protection of the TSF The TOE protects against interference and tampering by untrusted subjects by implementing identification, authentication and access controls to limit configuration to authorized administrators. The TOE provides secure transmission when TSF data is transmitted between the TOE and other IT entities, such as remote administration and secure transmission of the audit logs via IPsec. The TOE is also able to detect replay of information and/or operations. The detection applied to network packets that are terminated at the TOE, such as trusted communications between the administrators to TOE, IT entity (e.g., authentication server) to TOE. If replay is detected, the packets are discarded. In addition, the TOE internally maintains the date and time. This date and time is used as the time stamp that is applied to TOE generated audit records. Alternatively, an NTP server can be used to synchronize the date-timestamp. Finally, the TOE performs testing to verify correct operation of the switch itself and that of the cryptographic module. Resource utilization The TOE provides the capability of controlling and managing resources so that a denial of service will not occur. The resource allocations are configured to limit the number of concurrent administrator sessions. TOE Access The TOE can terminate inactive sessions after an authorized administrator configurable time- period. Once a session has been terminated, the TOE requires the user to re-authenticate to establish a new session. The TOE also provides the administrator with the ability to display a notification of use banner on the CLI management interface prior to allowing any administrative access to the TOE. Trusted Path/Channels The TOE establishes a trusted path between the appliance and the CLI, syslog server, NTP server and if configured, an external authentication server using IPsec. 1.9 Independent Testing The purpose of this activity was to determine whether the TOE behaves as specified in the design documentation and in accordance with the TOE security functional requirements specified in the ST for an NDPPv1.1 EAL1 evaluation. VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 11 Independent testing took place at the CCTL location in Columbia, Maryland from March 2013 and again in January 2014. The evaluators received the TOE in the form that normal customers would receive it, installed and configured the TOE (in three distinct but representative configurations) in accordance with the provided guidance, and exercised the Team Test Plan on equipment configured in the testing laboratory. This effort involved installing and configuring the Cisco Catalyst Switches 2k/3kV2 components in their respective tiers on a representative subset of the supported operating systems. Subsequently, the evaluators exercised all the tests cases. The tests were selected in order to ensure that each of the test assertions defined by the NDPPv1.1 was covered. Also, the evaluators devised independent tests to ensure that start-up and shutdown operations were audited, to verify the claimed methods of audit storage, to verify that administrator actions were audited, to verify that users are identified and authenticated, to verify use and restrictions of the management functions, to verify protected communication between the TOE and the trusted components of the operational environment, to verify trusted path and to verify protected update of the TOE software. Given the complete set of test results from the test procedures exercised by the evaluators, the testing requirements for NDPPv1.1 are fulfilled. 1.10Evaluated Configuration The TOE is Cisco Catalyst Switches 2k/3kV2 installed and configured according to the Cisco Cat 2k/3kV2 Common Criteria Preparative and Operational Guide as well as the Installation Guide for the respective Cisco Catalyst Switches models included in the TOE. 1.11Results of the Evaluation The Evaluation Team conducted the evaluation in accordance with the CC, the CEM, the NDPPv1.1 and the CCEVS. The results of the assurance requirements are summarized in this section. The details of the evaluation results are recorded in the Evaluation Technical Report (proprietary) and Test Summary Report provided by the CCTL. A verdict for an assurance component is determined by the resulting verdicts assigned to the corresponding evaluator action elements. The evaluation was conducted based upon version 3.1 R3 of the CC and the CEM. Additionally the evaluators performed the assurance activities specified in the Network Devices Protection Profile (NDPP). The evaluation determined the Cisco Catalyst Switches 2k/3kV2 TOE to be Part 2 extended, and meets the SARs contained the PP. Below lists the assurance requirements the TOE was required to be evaluated at Evaluation Assurance Level 1. All assurance activities and work units received a passing verdict. The following components are taken from CC part 3: VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 12 • ADV_FSP.1 Basic functional specification • AGD_OPE.1 Operational user guidance • AGD_PRE.1 Preparative user guidance • ALC_CMC.1 Labeling of the TOE • ALC_CMS.1 TOE CM coverage • ASE_CCL.1 Conformance claims • ASE_ECD.1 Extended components definition • ASE_INT.1 ST Introduction • ASE_OBJ.1 Security objectives for the operational environment • ASE_REQ.1 Stated security requirements • ASE_TSS.1 TOE summary specification • ATE_IND.1 Independent testing – conformance • AVA_VAN.1 Vulnerability analysis 1.12Validator Comments/Recommendations The validators note that the TOE utilizes a non-FIPS approved algorithm (MD5) in the meeting of the Trusted Update SFR (i.e., FPT_TUD_EXT.1.3) that does not meet the intent of the ND PP as expressed in an Application note. However, NIAP management has decided to accept this implementation for this evaluation and plans to clarify the intent of the SFR in future versions of the ND PP. The validators also note that the vendor has indicated that future version of the product will not be relying on MD5 to meet the SFR. 1.13Annexes Not applicable. 1.14 Security Target Cisco Catalyst Switches (2960S, 2960C, 3560V2 and 3750V2) Running IOS 15.0(2)SE4 Security Target, version 1.0, February 5, 2014 1.15Acronym List CC Common Criteria CCTL CC Testing Laboratory CI Configuration Item CM Configuration Management CMP Configuration Management Plan CVE Common Vulnerabilities and Exposures CVS Concurrent Versioning System DoD Department of Defense EAL Evaluation Assurance Level FSP Functional Specification GUI Graphical User Interface HLD High-level Design VALIDATION REPORT Cisco Catalyst Switches 2k/3KV2 13 ID Identity/Identification IP Internet Protocol IT Information Technology NIAP National Information Assurance Partnership NIST National Institute of Standards and Technology NSA National Security Agency OS Operating System PP Protection Profile SAR Security Assurance Requirement SFR Security Functional Requirement ST Security Target TOE Target of Evaluation TSF TOE Security Functions TSS TOE Summary Specification 1.16Bibliography The Validation Team used the following documents to produce this Validation Report: [1] Common Criteria for Information Technology Security Evaluation Part 1: Introduction, Version 3.1, Revision 3, July 2009. [2] Common Criteria for Information Technology Security Evaluation Part 2: Security Functional Requirements, Version 3.1 Revision 3, July 2009. [3] Common Criteria for Information Technology Security Evaluation Part 3: Security assurance components, Version 3.1 Revision 3, July 2009. [4] Common Methodology for Information Technology Security Evaluation, Evaluation Methodology, Version 3.1, Revision 3, July 2009. [5] Cisco Catalyst Switches (2960S, 2960C, 3560V2 and 3750V2) Running IOS 15.0(2)SE4 Security Target, version 1.0, February 5, 2014 [6] Common Criteria Evaluation and Validation Scheme - Guidance to CCEVS Approved Common Criteria Testing Laboratories, Version 2.0, 8 Sep 2008. [7] Evaluation Technical Report For Cisco Catalyst Switches (2960S, 2960C, 3560V2 and 3750V2) Running IOS 15.0(2)SE4, parts 1 and 2 (and associated AAR and test report), version 1.0, January 2014.