National Information Assurance Partnership Common Criteria Evaluation and Validation Scheme Validation Report Hewlett-Packard Development Company, L.P., 11445 Compaq Center Drive West, Houston, Texas 77070 Hewlett-Packard Company A-Series Switches Report Number: CCEVS-VR-VID10469-2013 Dated: May 2013 Version: 1.0 National Institute of Standards and Technology National Security Agency Information Technology Laboratory Information Assurance Directorate 100 Bureau Drive 9800 Savage Road STE 6940 Gaithersburg, MD 20899 Fort George G. Meade, MD 20755-6940 ® TM Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 ii ACKNOWLEDGEMENTS Validation Team Ken Elliott The Aerospace Corporation, Columbia, MD Common Criteria Testing Laboratory Tammy Compton Chris Keenan Katie Sykes Quang Trinh Science Applications International Corporation Columbia, Maryland Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 iii Table of Contents 1 Executive Summary.................................................................................................... 1 2 Identification............................................................................................................... 2 3 Architectural Information ........................................................................................... 4 3.1 TOE Introduction................................................................................................ 4 3.2 TOE Architecture................................................................................................ 4 3.2.1 Intelligent Resilient Framework ..................................................................... 6 3.2.2 Physical Boundaries........................................................................................ 6 4 Security Policy............................................................................................................ 7 4.1 Security audit ...................................................................................................... 7 4.2 Cryptographic support ........................................................................................ 7 4.3 User data protection ............................................................................................ 7 4.4 Identification and authentication......................................................................... 7 4.5 Security management.......................................................................................... 8 4.6 Protection of the TSF.......................................................................................... 8 4.7 TOE access.......................................................................................................... 8 4.8 Trusted path/channels ......................................................................................... 8 5 Assumptions................................................................................................................ 9 6 Documentation............................................................................................................ 9 6.1 Design Documentation........................................................................................ 9 6.2 Guidance Documentation.................................................................................... 9 6.3 Life Cycle.......................................................................................................... 16 7 IT Product Testing .................................................................................................... 16 7.1 Developer Testing............................................................................................. 16 7.2 Evaluation Team Independent Testing ............................................................. 16 8 Evaluated Configuration ........................................................................................... 17 9 Results of the Evaluation .......................................................................................... 18 9.1 Evaluation of the Security Target (ASE).......................................................... 18 9.2 Evaluation of the Development (ADV) ............................................................ 19 9.3 Evaluation of the Guidance Documents (AGD) ............................................... 19 9.4 Evaluation of the Life Cycle Support Activities (ALC) ................................... 19 9.5 Evaluation of the Test Documentation and the Test Activity (ATE) ............... 20 9.6 Vulnerability Assessment Activity (VAN)....................................................... 20 9.7 Summary of Evaluation Results........................................................................ 20 10 Annexes..................................................................................................................... 20 11 Security Target.......................................................................................................... 20 12 Glossary .................................................................................................................... 20 13 Bibliography ............................................................................................................. 21 Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 1 1 Executive Summary This report documents the assessment of the National Information Assurance Partnership (NIAP) validation team of the evaluation of Hewlett-Packard Company A-Series Switches, provided by Hewlett-Packard Company. It presents the evaluation results, their justifications, and the conformance results. This Validation Report is not an endorsement of the Target of Evaluation by any agency of the U.S. government, and no warranty is either expressed or implied. The evaluation was performed by the Science Applications International Corporation (SAIC) Common Criteria Testing Laboratory (CCTL) in Columbia, Maryland, United States of America, and was completed in April 2013. The information in this report is largely derived from the Evaluation Technical Report (ETR) and associated test reports, all written by SAIC. The evaluation determined that the product is both Common Criteria Part 2 Extended and Part 3 Conformant, and meets the assurance requirements set forth in the Network Device Protection Profile (NDPP). The Target of Evaluation (TOE) is Hewlett-Packard A-Series Switches provided by Hewlett-Packard Development Company. Each of the A-Series Switch products is a stand- alone Gigabit Ethernet switch appliance designed to implement a wide range of network layers 2 and 3 switching, service and routing operations. The Target of Evaluation (TOE) identified in this Validation Report has been evaluated at a NIAP approved Common Criteria Testing Laboratory using the Common Methodology for IT Security Evaluation (Version 3.1, Rev 3) for conformance to the Common Criteria for IT Security Evaluation (Version 3.1, Rev 3), as interpreted by the assurance activities contained in the NDPP. This Validation Report applies only to the specific version of the TOE as evaluated. The evaluation has been conducted in accordance with the provisions of the NIAP Common Criteria Evaluation and Validation Scheme and the conclusions of the testing laboratory in the evaluation technical report and the assurance activities report are consistent with the evidence provided. The validation team provided guidance on technical issues and evaluation processes, and reviewed the individual work units of the ETR and the Assurance Activity reports for the NDPP assurance activities. The validation team found that the evaluation showed that the product satisfies all of the functional requirements and assurance requirements stated in the Security Target (ST). Therefore the validation team concludes that the testing laboratory’s findings are accurate, the conclusions justified, and the conformance results are correct. The conclusions of the testing laboratory in the evaluation technical report are consistent with the evidence produced. The technical information included in this report was obtained from the Hewlett-Packard Company A-Series Switches Security Target and analysis performed by the Validation Team. Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 2 2 Identification The CCEVS is a joint National Security Agency (NSA) and National Institute of Standards effort to establish commercial facilities to perform trusted product evaluations. Under this program, security evaluations are conducted by commercial testing laboratories called Common Criteria Testing Laboratories (CCTLs). CCTLs evaluate products against Protection Profile containing Assurance Activities, which are interpretation of CEM work units specific to the technology described by the PP. The NIAP Validation Body assigns Validators to monitor the CCTLs to ensure quality and consistency across evaluations. Developers of information technology products desiring a security evaluation contract with a CCTL and pay a fee for their product’s evaluation. Upon successful completion of the evaluation, the product is added to NIAP’s Validated Products List. Table 1 provides information needed to completely identify the product, including:  The Target of Evaluation (TOE): the fully qualified identifier of the product as evaluated.  The Security Target (ST), describing the security features, claims, and assurances of the product.  The conformance result of the evaluation.  The Protection Profile to which the product is conformant.  The organizations and individuals participating in the evaluation. Table 1: Evaluation Identifiers Item Identifier Evaluation Scheme United States NIAP Common Criteria Evaluation and Validation Scheme TOE: Hewlett-Packard Company A-Series Family with Comware version 5.2 Product Series Specific Devices HP A5120 Series Gigabit Ethernet Switches HP A5120‐24G EI 2‐slot Switch HP A5120‐48G EI 2‐slot Switch HP A5120‐24G‐PoE EI 2‐slot Switch HP A5120‐48G‐PoE EI 2‐slot Switch HP A5500 Series Gigabit Ethernet Switches HP A5500‐24G EI Switch HP A5500‐24G‐PoE EI Switch HP A5500‐24G‐SFP EI Switch HP A5500‐48G EI Switch Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 3 Item Identifier HP A5500‐48G‐PoE EI Switch HP A5800 Series Flex Chassis Switches HP A5800‐24G‐PoE Switch HP A5800‐24G Switch HP A5800‐48G Switch with 2 Slots HP A5800‐24G‐SFP Switch HP A5800‐48G‐PoE Switch HP A5800‐48G Switch HP A5820 Series 10- Gigabit Switche HP A5820‐24XG‐SFP+ Switch HP A5820‐14XG‐SFP+ 2‐slot Switch HP A7500 Series Modular Core Switches HP A7510 Switch Chassis HP A7506 Switch Chassis HP A7506‐V Switch Chassis HP A7503 Switch Chassis HP A7502 Switch Chassis HP A7503 1 Fabric Slot Switch Chassis HP A9500 Series Modular Core Switches HP A9505 Switch Chassis HP A9508‐V Switch Chassis HP A9512 Switch Chassis HP A12500 Series Data Center Switches HP A12518 Switch Chassis HP A12508 Switch Chassis Protection Profile Security Requirements for Network Devices, Version 1.1, 08 June 2012 (including the optional IPSEC and SSH requirements) ST: Hewlett-Packard Company A-Series Switches Security Target, Version 1.0, April 5, 2013 Evaluation Technical Report Evaluation Technical Report For the Hewlett-Packard Company A-Series Switches (Proprietary), Version 2.0, April 8, 2013 CC Version Common Criteria for Information Technology Security Evaluation, Version 3.1, rev 3 Conformance Result CC Part 2 extended, CC Part 3 conformant Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 4 Item Identifier Sponsor Hewlett-Packard Company Developer Hewlett-Packard Company Common Criteria Testing Lab (CCTL) SAIC, Columbia, MD CCEVS Validators Ken Elliott, The Aerospace Corporation 3 Architectural Information Note: The following architectural description is based on the description presented in the Security Target. 3.1 TOE Introduction The Target of Evaluation (TOE) is the Hewlett-Packard A-Series family of switches. The A-Series switches in the evaluated configuration include the A5120, A5500, A5800, A5820, A7500, A9500 and A12500 series. Each series of this family consists of a set of distinct devices (as identified in Section 2 of the Security Target) which vary primarily according to power delivery, performance, and port density. While most of the A-Series switches have fixed ports, they all support plug-in modules (or blades) that provide additional functionality (e.g., various numbers and types of network connection ports). With the exception of pluggable security blades, all of the available plug-in modules are included in the evaluated configuration (the Security Target has the explicit list of allowed blades). The security blades offer additional advanced (e.g., firewall) security functions and are intended to be addressed in an alternate evaluation. The TOE can be deployed as a single A-Series device or alternately as a group of A-Series devices connected using the HP Intelligent Resilient Framework (IRF) technology to effectively form a logical switch device. The IRF technology requires that A-Series device be directly connected to one another using an IRF stack utilizing one or more dedicated Ethernet connections that are used to coordinate the overall logical switch configuration and also to forward applicable network traffic as necessary between attached devices. 3.2 TOE Architecture The HP A-Series switches all share a common software code base, called Comware. Comware is special purpose appliance system software that implements a wide array of networking technology, including: IPv4/IPv6 dual-stacks, a data link layer, layer 2 and 3 routing, Ethernet switching, VLANs, Intelligent Resilient Framework (IRF), routing, Quality of Service (QoS), etc.. The evaluated version of Comware is 5.2. It should be noted that Comware runs on a variety of underlying architectures including VxWorks, Linux, pSOS and Windows; however, the only underlying architecture found in the evaluated configuration is Linux. Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 5 The Comware v5.2 architecture can be depicted as follows: Comware V5 Architechture SCP GCP DFP SSP SMP DRIVERS & BSP HARDWARE Figure 1 Comware v5.2 Architecture  General Control Plane (GCP) – The GCP fully supports the IPv4 and IPv6 protocol stacks and provides support to a variety of IPv4/IPv6 applications including routing protocols, voice, WAN link features, and QoS features.  Service Control Plane (SCP) – The SCP supports value-added services such as connection control, user policy management AAA, RADIUS, and TACACS+.  Data Forwarding Plane (DFP) – The DFP underpins all network data processing. The forwarding engine is the core of the DFP.  System Management Plane (SMP) – The SMP provides user interfaces for device management including implementations for the Command line - CLI (SSHv2).  System Service Plane (SSP) – The SSP provides a foundation layer that implements primitives on which the other planes rely, for example, memory management, task management, timer management, message queue management, semaphore management, time management, IPC, RPC, module loading management and component management. Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 6 Underlying the main Comware components are the hardware-specific Board Support Package (BSP) and device drivers to provide necessary abstractions of the hardware components for the higher-level software components. The Comware software components are composed of subsystems designed to implement applicable functions. For example there are subsystems dedicated to MIB, Web, and CLI management. There are also subsystems dedicated to the IPv4 and IPv6 network stacks as well as the applicable network protocols and forwarding, routing, etc. From a security perspective, the TOE includes a FIPS-certified cryptographic module that supports IPSec, SSH and digital signatures used to protect the available remote management and to enable secure update capabilities of the TOE. Otherwise, the TOE implements a wide range of network switching protocols and functions. The various TOE devices include the same security functions. The salient differences between the devices are the available ports and port adapters (supporting different pluggable modules), primarily representing differences in numbers, types, and speeds of available network connections. 3.2.1 Intelligent Resilient Framework As indicated above, multiple HP A-Series switch devices can be deployed as an IRF group. Each device in the IRF group is directly connected to the other IRF group members using an IRF stacdk utilizing dedicated network connections. One device in the group is designated as master and should that device fail a voting procedure ensues to elect a new master among the remaining IRF group members. All A-Series devices in the group share the same configuration, which is shared across the IRF connections when the group is formed and later when configuration changes occur. Management of the IRF group can occur via any of the IRF group members by an authorized administrator. Once configured the IRF group acts as a single, logical switch with a common configuration and will act to receive and forward network traffic in accordance with that common configuration. When necessary, network traffic is forward through the IRF connection in order to get the network traffic to and from the applicable physical network connections used to attach other network peers or clients. Note that the IRF connections are not secured (e.g., using encryption) by the TOE, so the IRF group members must necessarily be collocated and the IRF connections need to be as protected as the IRF group devices themselves. 3.2.2 Physical Boundaries The TOE is a physical network rack-mountable appliance (or IRF connected group of appliances) that supports modules that serve to offer a wide range of network ports varying in number, form factor (copper or fiber), and performance (1 – 10 Gb). Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 7 The TOE can be configured to rely on and utilize a number of other components in its operational environment.  SYSLOG server – to receive audit records when the TOE is configured to deliver them to an external log server.  RADIUS and TACACS servers – The TOE can be configured to utilize external authentication servers.  Certificate Authority (CA) server – The TOE can be configured to utilize digital certificates.  Management Workstation – The TOE supports CLI access and as such an administrator would need a terminal emulator (supporting SSHv2) to utilize those administrative interfaces. 4 Security Policy This section summaries the security functionality of the TOE:  Security audit  Cryptographic support  User data protection  Identification and authentication  Security management  Protection of the TSF  TOE access  Trusted path/channels 4.1 Security audit The TOE is designed to be able to generate logs for a wide range of security relevant events. The TOE is configured in the evaluated configuration to send the logs to a designated log server. 4.2 Cryptographic support The TOE includes a FIPS-certified cryptographic module that provides key management, random bit generation, encryption/decryption, digital signature and secure hashing and key- hashing features in support of higher level cryptographic protocols including IPSec and SSH. 4.3 User data protection The TOE performs a wide variety of network switching and routing functions, passing network traffic among its various physical and logical (e.g., VLAN) network connections. While implementing applicable network protocols associated with network traffic forwarding, the TOE is carefully designed to ensure that it doesn’t inadvertently reuse data found in network traffic. 4.4 Identification and authentication Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 8 The TOE requires users (i.e., administrators) to be successfully identified and authenticated before they can access any security management functions available in the TOE. The TOE offers both a locally connected console as well as network accessible interfaces (SSHv2) for interactive administrator sessions. The TOE supports the local (i.e., on device) definition of administrators with usernames and passwords. Additionally, the TOE can be configured to utilize the services of trusted RADIUS and TACACS servers in the operational environment to support, for example, centralized user administration. 4.5 Security management The TOE provides Command Line (CLI) commands to access the wide range of security management functions. Security management commands are limited to administrators only after they have provided acceptable user identification and authentication data to the TOE. 4.6 Protection of the TSF The TOE implements a number of features design to protect itself to ensure the reliability and integrity of its security features. It protects particularly sensitive data such as stored passwords and cryptographic keys so that they are not accessible even by an administrator. It also provides its own timing mechanism to ensure that reliable time information is available (e.g., for log accountability). From a communication perspective it employs both dedicated communication channels (based on physically separate networks and VLAN technology) and also cryptographic means (e.g., to prevent replays) to protect communication between distributed TOE components as well as between TOE and other components in the operation environment (e.g., administrator workstations). Note that IRF communication is not considered communication between distributed TOE components, but rather is communication among collocated components that logically form an instance of the TOE. As such, since the IRF communication channels are not protected using mechanisms such as encryption, they need to be as protected as the TOE devices themselves. The TOE includes functions to perform self-tests so that it might detect when it is failing. It also includes mechanisms so that the TOE itself can be updated while ensuring that the updates will not introduce malicious or other unexpected changes in the TOE. 4.7 TOE access The TOE can be configured to display an informative banner when an administrator establishes an interactive session and subsequently will enforce an administrator-defined inactivity timeout value after which the inactive session will be terminated. 4.8 Trusted path/channels The TOE protects interactive communication with administrators using SSHv2 for CLI access. Both integrity and disclosure protection is ensured. The TOE protects communication with network peers, such as a log server, using IPSec connections and optionally using a dedicated VLAN to prevent unintended disclosure or modification of logs. Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 9 5 Assumptions The following assumptions were made during the evaluation of the Hewlett-Packard Company A-Series Switches:  It is assumed that there are no general-purpose computing capabilities (e.g., compilers or user applications) available on the TOE, other than those services necessary for the operation, administration and support of the TOE.  Physical security, commensurate with the value of the TOE and the data it contains, is assumed to be provided by the environment.  TOE Administrators are trusted to follow and apply all administrator guidance in a trusted manner. 6 Documentation The following documentation was used as evidence for the evaluation of the Hewlett- Packard Company A-Series Switches: 6.1 Design Documentation  Hewlett-Packard Company A-Series Switches Security Target, Version 1.0, April 5, 2013 6.2 Guidance Documentation There are three Common Criteria specific guides:  Preparative Procedures for CC NDPP Evaluated Hewlett-Packard A-Series Family, Revision 1.00, 03/18/2013  Configuration Guide for CC Supplement, Revision 1.0, 03/18/2013  Command Reference for CC Supplement, Revision 1.0, 03/18/2013 These guides reference the security-related guidance material and are applicable for all series. The links below for each series can be used to find the full set of documentation for each of the evaluated switch series and the following documents (available for each series) were specifically examined during the evaluation.  Security Configuration Guide  Security Command Reference  Fundamentals Configuration Guide  Fundamentals Command Reference  Network Management and Monitoring Configuration Guide  Network Management and Monitoring Command Reference Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 10  ACL and QoS Configuration Guide  ACL and QoS Command Reference  Layer-3 IP Services Configuration Guide  Layer-3 IP Services Command Reference  Installation Manual On-line documentation can be found for the applicable TOE models and devices via the following URLs: 5120 EI Switch Series The following documents for the 5120 EI Switch series can be found under the General Reference section of the 5120 EI Switch Series documentation page on the HP Web site. The link is provided below.  HP A5120-EI Series Ethernet Switches 51200-EI Security Command Reference, 23 Sep 2011  HP A5120-EI Series Ethernet Switches Fundamentals Command Reference, 23 Sep 2011  HP A5120-EI Series Ethernet Switches Network Management and Monitoring Command Reference, 23 Sep 2011  HP A5120-EI Series Ethernet Switches ACL and QoS Command Reference, 23 Sep 2011  HP A5120-EI Series Ethernet Switches Layer-3 IP Services Command Reference, 23 Sep 2011 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4174705#0 The following documents for the 5120 EI Switch series can be found under the Setup and Install section of the 5120 EI Switch Series documentation page on the HP Web site. The link is provided below.  HP A5120-EI Series Ethernet Switches Security Configuration Guide, 23 Sep 2011  HP A5120-EI Series Ethernet Switches Fundamentals Configuration Guide, 23 Sep 2011  HP 5120 EI Network Management and Monitoring Configuration Guide, 23 Sep 2011  HP A5120-EI Series Ethernet Switches ACL and QoS Configuration Guide, 23 Sep 2011  HP A5120-EI Series Ethernet Switches Layer-3 IP Services Configuration Guide, 23 Sep 2011  HP 5120 EI Switch Series Installation Manual, 24 Sep 2011 Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 11 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4174705#2 5500 EI Switch Series The following documents for the 5500 EI Switch series can be found under the General Reference section of the 5500 EI Switch Series documentation page on the HP Web site. The link is provided below.  HP A5500-EI & A5500-SI Series Ethernet Switches Security Command Reference, 22 Sep 2011  HP A5500-EI & A5500-SI Series Ethernet Switches Fundamentals Command Reference, 22 Sep 2011  HP A5500-EI & A5500-SI Series Ethernet Switches Network Management and Monitoring Command Reference, 22 Sep 2011  HP A5500-EI & A5500-SI Series Ethernet Switches ACL and QoS Command Reference, 22 Sep 2011  HP A5500-EI & A5500-SI Series Ethernet Switches Layer-3 IP Services Command Reference, 22 Sep 2011 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4174795#0 The following documents for the 5500 EI Switch series can be found under the Setup and Install section of the 5500 EI Switch Series documentation page on the HP Web site. The link is provided below.  HP A5500-EI & A5500-SI Series Ethernet Switches Security Configuration Guide, 22 Sep 2011  HP A5500-EI & A5500-SI Series Ethernet Switches Fundamentals Configuration Guide, 22 Sep 2011  HP 5500 EI Network Management and Monitoring Configuration Guide, 22 Sep 2011  HP A5500-EI & A5500-SI Series Ethernet Switches ACL and QoS Configuration Guide, 22 Sep 2011  HP A5500-EI & A5500-SI Series Ethernet Switches Layer-3 IP Services Configuration Guide, 22 Sep 2011  HP A5500-EI & A5500-SI Series Ethernet Switches Installation Manual, 22 Sep 2011 Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 12 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4174795#2 5800 Switch Series The following documents for the 5800 Switch series can be found under the General Reference section of the 5800 Switch Series documentation page on the HP Web site. The link is provided below.  R1211-HP 5820X & 5800 Switch Series Security Command Reference, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series Fundamentals Command Reference, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series Network Management and Monitoring Command Reference, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series ACL and QoS Command Reference, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series Layer-3 IP Services Command Reference, 8 Jan 2013 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4177501#0 The following documents for the 5800 Switch series can be found under the Setup and Install section of the 5800 Switch Series documentation page on the HP Web site. The link is provided below.  R1211-HP 5820X & 5800 Switch Series Security Configuration Guide, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series Fundamentals Configuration Guide, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series Network Management and Monitoring Configuration Guide, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series ACL and QoS Configuration Guide, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series Layer-3 IP Services Configuration Guide, 8 Jan 2013  HP A5800 Series Ethernet Switches Installation Manual, 30 May 2012 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4177501#2 Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 13 5820 Switch Series The following documents for the 5820 Switch series can be found under the General Reference section of the 5820 Switch Series documentation page on the HP Web site. The link is provided below.  R1211-HP 5820X & 5800 Switch Series Security Command Reference, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series Fundamentals Command Reference, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series Network Management and Monitoring Command Reference, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series ACL and QoS Command Reference, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series Layer-3 IP Services Command Reference, 8 Jan 2013 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4218345#0 The following documents for the 5820 Switch series can be found under the Setup and Install section of the 5820 Switch Series documentation page on the HP Web site. The link is provided below.  R1211-HP 5820X & 5800 Switch Series Security Configuration Guide, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series Fundamentals Configuration Guide, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series Network Management and Monitoring Configuration Guide, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series ACL and QoS Configuration Guide, 8 Jan 2013  R1211-HP 5820X & 5800 Switch Series Layer-3 IP Services Configuration Guide, 8 Jan 2013  HP A5800 Series Ethernet Switches Installation Manual, 30 May 2012 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4218345#2 7500 Switch Series Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 14 The following documents for the 7500 Switch series can be found under the General Reference section of the 7500 Switch Series documentation page on the HP Web site. The link is provided below.  R6626 - HP 7500 Switch Series Security Command Reference, 18 Jan 2012  R6626 - HP 7500 Switch Series Fundamentals Command Reference, 18 Jan 2012  R6626 - HP 7500 Switch Series Network Management and Monitoring Command Reference, 18 Jan 2012  R6626 - HP 7500 Switch Series ACL and QoS Command Reference, 18 Jan 2012  R6626 - HP 7500 Switch Series Layer-3 IP Services Command Reference, 18 Jan 2012 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4177519#0 The following documents for the 7500 Switch series can be found under the Setup and Install section of the 7500 Switch Series documentation page on the HP Web site. The link is provided below.  R6626 - HP 7500 Switch Series Security Configuration Guide, 18 Jan 2012  R6626 - HP 7500 Switch Series Fundamentals Configuration Guide, 18 Jan 2012  R6626 - HP 7500 Switch Series Network Management and Monitoring Configuration Guide, 18 Jan 2012  R6626 - HP 7500 Switch Series ACL and QoS Configuration Guide, 18 Jan 2012  R6626 - HP 7500 Switch Series Layer-3 IP Services Configuration Guide, 18 Jan 2012  HP 7500 Switch Series Installation Manual, 28 Feb 2012 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4177519#2 9500 Switch Series The following documents for the 9500 Switch series can be found under the General Reference section of the 9500 Switch Series documentation page on the HP Web site. The link is provided below.  H3C S9500E Series Routing Switches Security Command Reference, 1 Dec 2010  H3C S9500E Series Routing Switches Fundamentals Command Reference, 1 Dec 2010 Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 15  H3C S9500E Series Routing Switches Network Management and Monitoring Command Reference, 1 Dec 2010  H3C S9500E Series Routing Switches ACL and QoS Command Reference, 1 Dec 2010  H3C S9500E Series Routing Switches Layer-3 IP Services Command Reference, 1 Dec 2010 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4177590#0 The following documents for the 9500 Switch series can be found under the Setup and Install section of the 9500 Switch Series documentation page on the HP Web site. The link is provided below.  H3C S9500E Series Routing Switches Security Configuration Guide, 1 Dec 2010  H3C S9500E Series Routing Switches Fundamentals Configuration Guide, 1 Dec 2010  H3C S9500E Series Routing Switches Network Management and Monitoring Configuration Guide, 1 Dec 2010  H3C S9500E Series Routing Switches ACL and QoS Configuration Guide, 3 Feb 2011  H3C S9500E Series Routing Switches Layer-3 IP Services Configuration Guide, 1 Dec 2010  H3C S9500E Series Routing Switches Installation Manual, 1 Dec 2010 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4177590#2 12500 Switch Series The following documents for the 12500 Switch series can be found under the General Reference section of the 12500 Switch Series documentation page on the HP Web site. The link is provided below.  R7128-HP 12500 Security Command Reference, 30 Nov 2012  R7128-HP 12500 Fundamentals Command Reference, 30 Nov 2012  R7128-HP 12500 Network Management and Monitoring Command Reference, 30 Nov 2012  R7128-HP 12500 ACL and QoS Command Reference, 30 Nov 2012 Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 16  R7128-HP 12500 Layer-3 IP Services Command Reference, 30 Nov 2012 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4177453#0 The following documents for the 12500 Switch series can be found under the Setup and Install section of the 12500 Switch Series documentation page on the HP Web site. The link is provided below.  R7128-HP 12500 Security Configuration Guide, 30 Nov 2012  R7128-HP 12500 Fundamentals Configuration Guide, 20 Dec 2012  R7128-HP 12500 Network Management and Monitoring Configuration Guide, 30 Nov 2012  R7128-HP 12500 ACL and QoS Configuration Guide, 30 Nov 2012  R7128-HP 12500 Layer-3 IP Services Configuration Guide, 30 Nov 2012  R1726 and R7128-HP 12500 Routing Switch Series Installation Manual, 6 Dec 2012 http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=Su pportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&pro dSeriesId=4177453#2 6.3 Life Cycle  Hewlett-Packard Company A-Series Switches Security Target, Version 1.0, April 5, 2013 7 IT Product Testing This section describes the testing efforts of the developer and the Evaluation Team. It is derived from information contained in the Assurance Activities Report for the Hewlett- Packard Company A-Series Switches, Version 0.3, April 8, 2013 7.1 Developer Testing No evidence of developer testing is required in the assurance activities for this product. 7.2 Evaluation Team Independent Testing The evaluation team verified the product according the Preparative Procedures for CC NDPP Evaluated Hewlett-Packard A-Series Family, Revision 1.00, 03/18/2013 document and ran the tests specified in the NDPP. Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 17 8 Evaluated Configuration The evaluated configuration, as defined in the Security Target, is Hewlett-Packard Company A-Series Switches including:  Hewlett-Packard Company A-Series Family with Comware version 5.2 Product Series Specific Devices HP A5120 Series Gigabit Ethernet Switches HP A5120‐24G EI 2‐slot Switch HP A5120‐48G EI 2‐slot Switch HP A5120‐24G‐PoE EI 2‐slot Switch HP A5120‐48G‐PoE EI 2‐slot Switch HP A5500 Series Gigabit Ethernet Switches HP A5500‐24G EI Switch HP A5500‐24G‐PoE EI Switch HP A5500‐24G‐SFP EI Switch HP A5500‐48G EI Switch HP A5500‐48G‐PoE EI Switch HP A5800 Series Flex Chassis Switches HP A5800‐24G‐PoE Switch HP A5800‐24G Switch HP A5800‐48G Switch with 2 Slots HP A5800‐24G‐SFP Switch HP A5800‐48G‐PoE Switch HP A5800‐48G Switch HP A5820 Series 10-Gigabit Switches HP A5820‐24XG‐SFP+ Switch HP A5820‐14XG‐SFP+ 2‐slot Switch HP A7500 Series Modular Core Switches HP A7510 Switch Chassis HP A7506 Switch Chassis HP A7506‐V Switch Chassis Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 18 Product Series Specific Devices HP A7503 Switch Chassis HP A7502 Switch Chassis HP A7503 1 Fabric Slot Switch Chassis HP A9500 Series Modular Core Switches HP A9505 Switch Chassis HP A9508‐V Switch Chassis HP A9512 Switch Chassis HP A12500 Series Data Center Switches HP A12518 Switch Chassis HP A12508 Switch Chassis To use the product in the evaluated configuration, the product must be configured as specified in the Preparative Procedures for CC NDPP Evaluated Hewlett-Packard A- Series Family, Revision 1.00, 03/18/2013 document. 9 Results of the Evaluation The results of the assurance requirements are generally described in this section and are presented in detail in the proprietary ETR and the Assurance Activities Report. The reader of this document can assume that all assurance activities and work units received a passing verdict. A verdict for an assurance component is determined by the resulting verdicts assigned to the corresponding evaluator action elements. The evaluation was conducted based upon CC version 3.1 rev 3 and CEM version 3.1 rev 3. The evaluation determined the Hewlett- Packard Company A-Series Switches TOE to be Part 2 extended, and meets the SARs contained the PP. The following evaluation results are extracted from the non-proprietary Evaluation Technical Report and Assurance Activities Report provided by the CCTL, and are augmented with the validator’s observations thereof. 9.1 Evaluation of the Security Target (ASE) The evaluation team applied each ASE CEM work unit. The ST evaluation ensured the ST contains a description of the environment in terms of policies and assumptions, a statement of security requirements claimed to be met by the Hewlett-Packard Company A-Series Switches product that are consistent with the Common Criteria, and product security function descriptions that support the requirements. Additionally the evaluator performed Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 19 an assessment of the assurance activities specified in the Security Requirements for Network Devices Protection Profile (NDPP). The validator reviewed the work of the evaluation team, and found that sufficient evidence and justification was provided by the evaluation team to confirm that the evaluation was conducted in accordance with the requirements of the CEM, and that the conclusion reached by the evaluation team was justified. 9.2 Evaluation of the Development (ADV) The evaluation team applied each EAL 1 ADV CEM work unit. The evaluation team assessed the design documentation and found it adequate to aid in understanding how the TSF provides the security functions. The design documentation consists of a functional specification contained in the Security target and Guidance documents. Additionally the evaluator performed the assurance activities specified in the NDPP related to the examination of the information contained in the TSS. The validator reviewed the work of the evaluation team, and found that sufficient evidence and justification was provided by the evaluation team to confirm that the evaluation was conducted in accordance with the assurance activities, and that the conclusion reached by the evaluation team was justified. 9.3 Evaluation of the Guidance Documents (AGD) The evaluation team applied each EAL 1 AGD CEM work unit. The evaluation team ensured the adequacy of the user guidance in describing how to use the operational TOE. Additionally, the evaluation team ensured the adequacy of the administrator guidance in describing how to securely administer the TOE. The guides were assessed during the design and testing phases of the evaluation to ensure they were complete. Additionally the evaluator performed the assurance activities specified in the NDPP related to the examination of the information contained in the operational guidance documents. The validator reviewed the work of the evaluation team, and found that sufficient evidence and justification was provided by the evaluation team to confirm that the evaluation was conducted in accordance with the assurance activities, and that the conclusion reached by the evaluation team was justified. 9.4 Evaluation of the Life Cycle Support Activities (ALC) The evaluation team applied each EAL 1 ALC CEM work unit. The evaluation team found that the TOE was identified. The validator reviewed the work of the evaluation team, and found that sufficient evidence and justification was provided by the evaluation team to confirm that the evaluation was conducted in accordance with the requirements of the CEM, and that the conclusion reached by the evaluation team was justified. Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 20 9.5 Evaluation of the Test Documentation and the Test Activity (ATE) The evaluation team applied each EAL 1 ATE CEM work unit. The evaluation team ran the set of tests specified by the assurance activities in the NDPP and recorded the results in a Test Report, summarized in the Assurance Activities Report. The validator reviewed the work of the evaluation team, and found that sufficient evidence was provided by the evaluation team to show that the evaluation activities addressed the test activities in the NDPP, and that the conclusion reached by the evaluation team was justified. 9.6 Vulnerability Assessment Activity (VAN) The evaluation team applied each EAL 1 AVA CEM work unit. The evaluation team performed a public search for vulnerabilities and did not discover any public issues with the TOE. The validator reviewed the work of the evaluation team, and found that sufficient evidence and justification was provided by the evaluation team to confirm that the evaluation addressed the vulnerability analysis assurance activities in the NDPP, and that the conclusion reached by the evaluation team was justified. 9.7 Summary of Evaluation Results The evaluation team’s assessment of the evaluation evidence demonstrates that the claims in the ST are met. Additionally, the evaluation team’s test activities also demonstrated the accuracy of the claims in the ST. The validation team’s assessment of the evidence provided by the evaluation team is that it demonstrates that the evaluation team performed the assurance activities in the NDPP, and correctly verified that the product meets the claims in the ST. 10 Annexes Not applicable. 11 Security Target The Security Target is identified as Hewlett-Packard Company A-Series Switches Security Target Security Target, Version 1.0, April 5, 2013. 12 Glossary The following definitions are used throughout this document:  Common Criteria Testing Laboratory (CCTL). An IT security evaluation facility accredited by the National Voluntary Laboratory Accreditation Program (NVLAP) and Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 21 approved by the CCEVS Validation Body to conduct Common Criteria-based evaluations.  Conformance. The ability to demonstrate in an unambiguous way that a given implementation is correct with respect to the formal model.  Evaluation. The assessment of an IT product against the Common Criteria using the Common Criteria Evaluation Methodology as interpreted by the supplemental guidance in the NDPP Assurance Activities to determine whether or not the claims made are justified.  Evaluation Evidence. Any tangible resource (information) required from the sponsor or developer by the evaluator to perform one or more evaluation activities.  Feature. Part of a product that is either included with the product or can be ordered separately.  Target of Evaluation (TOE). A group of IT products configured as an IT system, or an IT product, and associated documentation that is the subject of a security evaluation under the CC.  Validation. The process carried out by the CCEVS Validation Body leading to the issue of a Common Criteria certificate.  Validation Body. A governmental organization responsible for carrying out validation and for overseeing the day-to-day operation of the NIAP Common Criteria Evaluation and Validation Scheme. 13 Bibliography The Validation Team used the following documents to produce this Validation Report: [1] Common Criteria Project Sponsoring Organisations. Common Criteria for Information Technology Security Evaluation: Part 1: Introduction and General Model, Version 3.1, Revision 2, dated: September 2007. [2] Common Criteria Project Sponsoring Organisations. Common Criteria for Information Technology Security Evaluation: Part 2: Security Functional Requirements, Version 3.1, Revision 2, dated: September 2007. [3] Common Criteria Project Sponsoring Organisations. Common Criteria for Information Technology Security Evaluation: Part 3: Security Assurance Requirements, Version 3.1, Revision 2, dated: September 2007 [4] Common Criteria Project Sponsoring Organisations. Common Evaluation Methodology for Information Technology Security – Part 2: Evaluation Methodology, Version 3.1, Revision 2, dated: September 2007. [5] Common Criteria, Evaluation and Validation Scheme for Information Technology Security, Guidance to Validators of IT Security Evaluations, Scheme Publication #3, Version 1.0, January 2002. Hewlett-Packard Company A-Series Switches, Validation Report, Version 1.0 May 2013 22 [6] Science Applications International Corporation. Evaluation Technical Report for the Hewlett-Packard Company A-Series Switches Part 2 (Proprietary), Version 2.0. April 8, 2013. [7] Science Applications International Corporation. Assurance Activities Report for the Hewlett-Packard Company A-Series Switches v0.3, April 8, 2013. [10] Hewlett-Packard Company A-Series Switches Security Target, Version 1.0, April 5, 2013